WIRED Threat Level

MAY 22, 2019

Facial recognition technology has proliferated unchecked in the US so far. Congress finally seems ready to do something about it.

IT 184

IT Privacy Security 184

Data Breach Today

MAY 21, 2019

Email Addresses, Phone Numbers Potentially Exposed There's been a potential leak of personally identifiable information from Instagram, but it's not clear yet whether the data on 49 million users came directly from the social media company. A database that was left online without password protection has since been taken down.

Passwords 243

Passwords IT 243

Krebs on Security

MAY 22, 2019

Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Such scams typically notify the recipient that he/she is being sued, and instruct them to review the attached file and respond within a few days — or else. Here’s a look at a recent spam campaign that peppered more than 100,000 business email addresses with fake legal threats harboring malware.

Phishing 279

Phishing Encryption Passwords Ransomware 279

Security Affairs

MAY 20, 2019

Experts discovered a privilege escalation vulnerability in the Linux Kernel, tracked as CVE-2019-11815, that affects the implementation of RDS over TCP. Experts discovered a memory corruption vulnerability in Linux Kernel that resides in the implementation of the Reliable Datagram Sockets (RDS) over TCP. The vulnerability tracked as CVE-2019-11815 could lead to privilege escalation, it received a CVSS base score of 8.1.

Cleanup 279

Cleanup Security Cybersecurity Access 279

Advertiser: ZoomInfo

AI adoption is reshaping sales and marketing. But is it delivering real results? We surveyed 1,000+ GTM professionals to find out. The data is clear: AI users report 47% higher productivity and an average of 12 hours saved per week. But leaders say mainstream AI tools still fall short on accuracy and business impact. Download the full report today to see how AI is being used — and where go-to-market professionals think there are gaps and opportunities.

Sales

WIRED Threat Level

MAY 21, 2019

On the heels of embarrassing disclosures from Facebook and Twitter, Google reveals its own password bugs—one of which lasted 14 years.

Passwords 256

Passwords IT Security 256

Krebs on Security

MAY 24, 2019

The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. [ NYSE:FAF ] leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images — were available without authentication to anyone with a Web browser.

Insurance 279

Insurance Authentication Mining Sales 279

Security Affairs

MAY 20, 2019

Security researchers from Chronicle, Alphabet’s cyber-security division, have spotted a Linux variant of the Winnti backdoor. Security experts from Chronicle, the Alphabet’s cyber-security division, have discovered a Linux variant of the Winnti backdoor. It is the first time that researchers found a Linux version of the backdoor user by China-linked APT groups tacked as Winnti.

Healthcare 279

Healthcare Communications Libraries Access 279

WIRED Threat Level

MAY 19, 2019

Bluetooth and Bluetooth Low Energy are incredibly convenient—but increasingly at the center of a lot of security lapses.

Risk 214

Risk Security 214

Data Breach Today

MAY 20, 2019

Drones May Be Sending Data Back to China, According to News Reports The Department of Homeland Security is warning that Chinese-made drones could be sending sensitive data back to their manufacturers, where it can be accessed by the government, according to news reports.

Manufacturing 262

Manufacturing Government Access Security 262

Speaker: Ben Epstein, Stealth Founder & CTO | Tony Karrer, Founder & CTO, Aggregage

When tasked with building a fundamentally new product line with deeper insights than previously achievable for a high-value client, Ben Epstein and his team faced a significant challenge: how to harness LLMs to produce consistent, high-accuracy outputs at scale. In this new session, Ben will share how he and his team engineered a system (based on proven software engineering approaches) that employs reproducible test variations (via temperature 0 and fixed seeds), and enables non-LLM evaluation m

Krebs on Security

MAY 18, 2019

Ogusers[.]com — a forum popular among people involved in hijacking online accounts and conducting SIM swapping attacks to seize control over victims’ phone numbers — has itself been hacked, exposing the email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 forum users. On May 12, the administrator of OGusers explained an outage to forum members by saying a hard drive failure had erased several months’ worth of private messages, forum post

Passwords 266

Passwords Phishing Access Security 266

Security Affairs

MAY 19, 2019

Security researchers from SRLabs have published a report that analyzed the risks for Ethereum network caused by unpatched Ethereum clients. Researchers at SRLabs published a report based on ethernodes.org data, that revealed that a large number of nodes using the popular clients Parity and Geth is still unpatched. The expert discovered that the Ethereum clients and its users remained exposed for “extended periods of time” after security patches have been released. “SRLabs research suggests

Risk 278

Risk Blockchain Security Cybersecurity 278

The Last Watchdog

MAY 22, 2019

Social media consumers are getting wise to the joke that when the product is free, they’re the ones being sold. But despite the growing threat of consumer exploitation, Washington still shrinks from confronting our social media giants. Why? Because the social giants have convinced the chattering class that America simply can’t do without them. Confront the industry, we’re told, and you might accidentally kill it ?

Personal data 202

Personal data Privacy IT 202

Data Breach Today

MAY 22, 2019

Passwords Remained Encrypted for Enterprise Users Google is notifying administrators and users of its business-oriented G Suite product that the company had been storing unhashed passwords for years because of a flaw in the platform. The company believes no customer data was leaked and that all passwords remained encrypted.

Passwords 252

Passwords Encryption IT 252

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

WIRED Threat Level

MAY 20, 2019

It's time to assert our sovereignty over our own stuff.

IT 188

IT Privacy Security 188

Security Affairs

MAY 23, 2019

Several security experts have developed PoC exploits for wormable Windows RDS flaw tracked as CVE-2019-0708 and dubbed BlueKeep. Experts have developed several proof-of-concept (PoC) exploits for the recently patched Windows Remote Desktop Services (RDS) vulnerability tracked as CVE-2019-0708 and dubbed BlueKeep. CVE-2019-0708 #BlueKeep – After many hours @ValthekOn was able to get a working PoC for this.

Authentication 278

Authentication Risk Security Marketing 278

The Last Watchdog

MAY 20, 2019

Even if your company issues you a locked-down smartphone, embracing best security practices remains vital Our smartphones. Where would we be without them? Related Q&A: Diligence required of Android users If you’re anything like me, making a phone call is the fifth or sixth reason to reach for your Android or iPhone. Whichever OS you favor, a good portion of the key components that make up your digital life — email, texting, social media, shopping, banking, hobbies, and work duties — now rout

Manufacturing 138

Manufacturing Security Authentication Marketing 138

Data Breach Today

MAY 24, 2019

McKinsey CISO Dan Fitzgerald on DevSecOps and the Future of Cloud Security Migrating from on-premises data security to the cloud and then embedding security in the application development process are common challenges for enterprises. Dan Fitzgerald, a CISO at the consultancy McKinsey & Co., shares insights on how to make these transitions.

Cloud 225

Cloud Security 225

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

WIRED Threat Level

MAY 23, 2019

By invoking the Espionage Act against Julian Assange, the Justice Department will effectively put national security journalism on trial.

Security 163

Security 163

Security Affairs

MAY 20, 2019

A recent MuddyWater campaign tracked as BlackWater shows that the APT group added new anti-detection techniques to its arsenal. Security experts at Cisco Talos attributed the recently spotted campaign tracked as “BlackWater” to the MuddyWater APT group (aka SeedWorm and TEMP.Zagros ). . The researchers also pointed out that the cyber espionage group has been updating its tactics, techniques, and procedures (TTPs) by adding three distinct steps to their operations to avoid the detec

Phishing 278

Phishing Passwords Communications Security 278

Schneier on Security

MAY 24, 2019

Der Spiegel is reporting that the German Ministry for Internal Affairs is planning to require all Internet message services to provide plaintext messages on demand, basically outlawing strong end-to-end encryption. Anyone not complying will be blocked, although the article doesn't say how. (Cory Doctorow has previously explained why this would be impossible.).

Encryption 111

Encryption 111

Data Breach Today

MAY 22, 2019

Did Company Also Bungle Notification for Some Victims Impacted? A misconfigured IT setting has landed a Puerto Rico-based clearinghouse and cloud software services vendor at the top of federal regulators' list of largest health data breaches so far this year. Why do these types of mistakes keep happening?

Data breaches 221

Data breaches IT Cloud 221

Advertiser: ZoomInfo

ZoomInfo customers aren’t just selling — they’re winning. Revenue teams using our Go-To-Market Intelligence platform grew pipeline by 32%, increased deal sizes by 40%, and booked 55% more meetings. Download this report to see what 11,000+ customers say about our Go-To-Market Intelligence platform and how it impacts their bottom line. The data speaks for itself!

Marketing

WIRED Threat Level

MAY 20, 2019

Three years after the DNC hack, a new report finds that political parties around the world have ongoing security flaws that leave them vulnerable to attack.

Cybersecurity 152

Cybersecurity Security 152

Security Affairs

MAY 20, 2019

A new data leak made the headlines, a database containing the contact information of millions of Instagram influencers , celebrities and brand accounts has been found online. The news was first reported by the TechCrunch website, a database was left unprotected on an AWS bucket, anyone was able to access it without authentication. The unprotected database was discovered by the security researcher Anurag Sen that immediately reported its discovery to TechCrunch in an effort to find the owner.

Archiving 278

Archiving Authentication Marketing Access 278

Schneier on Security

MAY 22, 2019

This clever attack allows someone to uniquely identify a phone when you visit a website, based on data from the accelerometer, gyroscope, and magnetometer sensors. We have developed a new type of fingerprinting attack, the calibration fingerprinting attack. Our attack uses data gathered from the accelerometer, gyroscope and magnetometer sensors found in smartphones to construct a globally unique fingerprint.

Paper 111

Paper 111

Data Breach Today

MAY 20, 2019

In Wake of Recent Incidents, Experts Offer Insights on Critical Steps to Take As phishing attacks continue to menace healthcare and other business sectors, security experts say organizations must take critical steps to prevent falling victim and help limit the potential damage.

Phishing 217

Phishing Risk Security 217

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

WIRED Threat Level

MAY 24, 2019

Real estate giant First American left Social Security numbers, tax documents, and more publicly available.

Security 145

Security 145

Security Affairs

MAY 18, 2019

Dozens of Linksys router models are affected by a flaw that causes the leak of data that can be used by attackers … and the company won’t fix it. Security researcher Troy Mursch , Chief Research Officer of Bad Packets , discovered that over 20,000 Linksys wireless routers are leaking full historical records of every device ever connected to them.

IoT 277

IoT Passwords Cybersecurity Security 277

AIIM

MAY 22, 2019

Good news - we’ve updated Certified Information Professional (CIP) exam! For the last six months, a group of very experienced subject matter experts has been revising the CIP exam, program, and training. With any change comes questions, so I thought I would take some time to answer some of the ones I’m sure you’re asking. Why did you update the CIP?

ECM 109

ECM Content services Compliance Analytics 109