Data Breach Today
NOVEMBER 19, 2018
Database Blunder Left Two-Step Codes, Account Reset Links Exposed A database security blunder revealed on Friday serves as a reminder that the days of SMS-based authentication should be over. The exposed database, which wasn't protected by a password, contained 26 million text messages, many of which were two-step verification codes and account-reset links.
Krebs on Security
NOVEMBER 23, 2018
‘Tis the season when even those who know a thing or two about Internet scams tend to let down their guard in the face of an eye-popping discount or the stress of last-minute holiday shopping. So here’s a quick refresher course on how to make it through the next few weeks without getting snookered online. Adopting a shopping strategy of simply buying from the online merchant with the lowest advertised prices can be a bit like playing Russian Roulette with your wallet, for the simple r
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
NOVEMBER 19, 2018
Tech advances are accelerating the use of facial recognition as a reliable and ubiquitous mass surveillance tool, privacy advocates warn. A string of advances in biometric authentication systems has brought facial recognition systems, in particular, to the brink of wide commercial use. Related: Drivers behind facial recognition boom. Adoption of facial recognition technology is fast gaining momentum, with law enforcement and security use cases leading the way.
Security Affairs
NOVEMBER 18, 2018
Instagram has suffered a serious security leak that might have exposed user’s passwords, revealed The Information website. Instagram notified some of its users that it might have accidentally exposed their password due to a security glitch. According to a company spokesperson, the bug was “discovered internally and affected a very small number of people.”.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Data Breach Today
NOVEMBER 21, 2018
One Answer Is Clear: Network Re-Routing Raises Suspicions For nearly 30 months, internet traffic going to Australian Department of Defense websites flowed through China Telecom data centers, an odd and suspicious path. Why the strange routing occurred is known. But the reasons why it persisted for so long aren't.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
The Last Watchdog
NOVEMBER 21, 2018
Privacy regulations and legislation are topics that continue to be of concern for consumers and businesses alike. News of data breaches, data vulnerabilities and compromised private information is released almost daily from businesses both small and large. Related: Europe’s GDPR ushers in new privacy era. Legislation has recently been proposed for individual states, addressing data privacy regulations head-on.
Security Affairs
NOVEMBER 18, 2018
On Thursday, November 15, hackers compromised Daniel’s Hosting, one of the largest Dark Web hosting provider, and deleted 6,500+ sites. On Thursday, November 15, hackers compromised Daniel’s Hosting, one of the largest Dark Web hosting provider. The news was confirmed by Daniel Winzen, the software developer behind the hosting service. Daniel’s Hosting became the largest Dark Web hosting provider earlier 2017 when Anonymous members breached and took down Freedom Hosting II.
Data Breach Today
NOVEMBER 19, 2018
Card-Sniffing JavaScript Posed as Google Analytics Script on Retailer's Sites Online contact lens retailer Vision Direct says it suffered a data breach that exposed customers' names and complete payment card details. Researchers say fake Google Analytics JavaScript designed to capture card details appears to have been planted by the prolific cybercrime gangs known as Magecart.
WIRED Threat Level
NOVEMBER 17, 2018
Safer browsing, more bitcoin scams, and the rest of the week's top security news.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
NOVEMBER 21, 2018
Democracy is an information system. That's the starting place of our new paper: " Common-Knowledge Attacks on Democracy." In it, we look at democracy through the lens of information security, trying to understand the current waves of Internet disinformation attacks. Specifically, we wanted to explain why the same disinformation campaigns that act as a stabilizing influence in Russia are destabilizing in the United States.
Security Affairs
NOVEMBER 22, 2018
The authentication process via German eID cards with RFID chips is flawed, an attacker could impersonate any other citizen. The nightmare comes true, the authentication process via German eID cards with RFID chips is flawed and a flaw could allow an attacker to allow identity spoofing and changing the date of birth. The situation is very serious, the new cards are accepted as an ID document in most countries in Europe and allow the German citizens to access online government services (i.e. tax s
Data Breach Today
NOVEMBER 21, 2018
Cisco's Paul Singleton on Why It's Important to Know Your Adversary How have cyberattacks evolved in 2018? Cisco's Paul Singleton describes the common threats and vectors, as well as why it's important to know exactly who your attacker is - and how they are exploiting your defenses.
WIRED Threat Level
NOVEMBER 17, 2018
Researchers have refined a technique to create so-called DeepMasterPrints, fake fingerprints designed to get past security.
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
Schneier on Security
NOVEMBER 23, 2018
Researchers are able to create fake fingerprints that result in a 20% false-positive rate. The problem is that these sensors obtain only partial images of users' fingerprints -- at the points where they make contact with the scanner. The paper noted that since partial prints are not as distinctive as complete prints, the chances of one partial print getting matched with another is high.
Security Affairs
NOVEMBER 17, 2018
A hacker going online by the moniker AmFearLiathMor is claiming to have hacked the most popular end-to-end encrypted email service ProtonMail. At the time it is not clear if the hacker belongs to a cyber crime gang, it claims to have stolen a “significant” amounts of data from the company. The ransom demand ( archive.is link ) was posted on Pastebin , the hacker claims to have compromised user’s email and also accused ProtonMail of sending user’s decrypted data to America
Data Breach Today
NOVEMBER 23, 2018
Scant Detail on Incident and Unusual Email Notification Raises Eyebrows Amazon has blamed a technical error for its inadvertent exposure of some customers' names and email addresses online. The online retailing giant maintains that its systems were not breached, says it has sent an email notification to all affected customers, and that the problem has been fixed.
WIRED Threat Level
NOVEMBER 18, 2018
You were right not to trust hotel and airport Wi-Fi a few years ago. But these days, it's (probably) fine.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
IT Governance
NOVEMBER 19, 2018
Preparing your organisation for cyber attacks and data breaches is complicated, and you should look for advice wherever you can get it. One of the most trusted resources is the NCSC’s (National Cyber Security Centre) ten-step guide. In this blog we summarise its guidance and recommend tools and resources to help you along the way. Create a risk management regime.
Security Affairs
NOVEMBER 23, 2018
VMware released security updates to address a vulnerability (CVE-2018-6983) that was recently discovered at the Tianfu Cup PWN competition. VMware released security updates to address a vulnerability ( CVE-2018-6983 ) that was recently discovered by Tianwen Tang of Qihoo 360’s Vulcan Team at the Tianfu Cup PWN competition. White hat hackers earned more than $1 million for zero-day exploits disclosed at the hacking contest that took place on November 16-17 in Chengdu.
Data Breach Today
NOVEMBER 20, 2018
Telecom Company Says Total Losses Due to Data Breach Stand at $99 Million Two men who pleaded guilty to participating in the massive 2015 hack of London-based telecom company TalkTalk have been sentenced to serve time in jail. Police say they recovered data from a suspect's wiped and encrypted systems as well as chat messages that incriminated the pair of friends.
WIRED Threat Level
NOVEMBER 21, 2018
Researchers have discovered that the so-called Rowhammer technique works on "error-correcting code" memory, in what amounts to a serious escalation.
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
DLA Piper Privacy Matters
NOVEMBER 22, 2018
The State Commissioner for Data Protection and Freedom of Information Baden-Wuerttemberg (LfDI) was the first German data protection authority to impose a fine under the GDPR. The fine of € 20,000 sanctions the violation by a social media company of its obligation to ensure data security of processing of personal data pursuant to Art. 32 (1) (a) GDPR (obligation to pseudonymise and encrypt personal data).
Security Affairs
NOVEMBER 17, 2018
According to the head of the Federal Investigation Agency’s (FIA) cybercrime wing.almost all Pakistani banks were affected by a recent security breach. Group-IB experts discovered another large set of compromised payment cards details that was put on sale on Joker’s Stash, one of the most popular underground hubs of stolen card data, on Nov. 13. The new set of dumps, unauthorized digital copies of the information contained in magnetic stripe of a bank card, came with the payment details of 177,
Data Breach Today
NOVEMBER 23, 2018
In the latest edition of the ISMG Security Report, Asaf Ashkenazi of the mobile security firm Inside Secure discusses new threats to car security posed by certain smartphone apps. Plus, updates on behavioral authentication and protecting "very attackable people" from hackers.
WIRED Threat Level
NOVEMBER 20, 2018
Two new reports show an uptick in sophisticated phishing attacks originating from—where else—Russia.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
IT Governance
NOVEMBER 23, 2018
You often hear the term ‘cyber security incident’ when an organisation’s systems are compromised rather than ‘breach’ or ‘hack’. What is the difference between those terms? The word ‘incident’ sounds relatively harmless, but have you ever heard someone say, “there was an incident” when referring to something good? ‘Incident’ is a troublesome word, and one almost always used as a euphemism for something so disastrous or embarrassing that you need to be braced for what’s coming.
Security Affairs
NOVEMBER 22, 2018
Dropbox team disclosed three critical zero-day vulnerabilities in Apple macOS, chaining them it is possible to take over a Mac computer. Dropbox team disclosed three critical zero-day vulnerabilities (CVE-2017-13890, CVE-2018-4176, CVE-2018-4175) affecting the Apple macOS operating system, an attacker could chain them to remotely execute arbitrary code on a targeted Mac computer.
Data Breach Today
NOVEMBER 20, 2018
IRISSCERT to Focus on Crime Trends, Incident Response, Spam Fighting and Cybersecurity for Kids The 10th annual IRISSCERT Cyber Crime Conference, to be held Thursday in Dublin, promises to round up crime trends and also offer updates on incident response lessons learned, spam fighting and even cybersecurity essentials for children.
Expert insights. Personalized for you.
215 
Let's personalize your content