Troy Hunt

NOVEMBER 7, 2018

It's just another day on the internet when the news is full of headlines about accounts being hacked. Yesterday was a perfect example of that with 2 separate noteworthy stories adorning my early morning Twitter feed. The first one was about HSBC disclosing a "security incident" which, upon closer inspection, boiled down to this: The security incident that HSBC described in its letter seems to fit the characteristics of brute-force password-guessing attempts, also known as a credentials stuffing

Passwords 93

Passwords Education Data breaches Security 93

The Last Watchdog

NOVEMBER 5, 2018

Now more than ever before, “big data” is a term that is widely used by businesses and consumers alike. Consumers have begun to better understand how their data is being used, but many fail to realize the hidden privacy pitfalls in every day technology. Related: Europe tightens privacy rules. From smart phones, to smart TVs, location services, and speech capabilities, often times user data is stored without your knowledge.

Privacy 174

Privacy Sales Access Big data 174

Data Breach Today

NOVEMBER 5, 2018

SamSam, Dharma, GandCrab and Global Imposter Make for Ongoing Bitcoin Paydays Criminals wielding crypto-locking ransomware - especially Dharma/CrySiS, GandCrab and Global Imposter, but also SamSam - continue to attack. Insurance firm Beazley says cyber claims for ransomware have increased in recent months, with the healthcare sector hardest hit.

Ransomware 245

Ransomware Insurance 245

Krebs on Security

NOVEMBER 7, 2018

A year ago, KrebsOnSecurity warned that “Informed Delivery,” a new offering from the U.S. Postal Service (USPS) that lets residents view scanned images of all incoming mail, was likely to be abused by identity thieves and other fraudsters unless the USPS beefed up security around the program and made it easier for people to opt out. This week, the U.S.

Authentication 279

Authentication Communications IT Security 279

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Weissman's World

NOVEMBER 7, 2018

I’ve just come out of a series of discussions on the issue of records preservation, and one of my take-aways is how similar at least one current approach to the issue is to what we nominally call “search.” And the more I think about it, the more I wonder whether search is on its way […]. The post Search is Becoming Everything, And Vice Versa appeared first on Holly Group.

IT 120

IT Records Management Information governance Government 120

Data Breach Today

NOVEMBER 7, 2018

Privacy Breach Claims Are Rising, Says Thomas Clayton of Zurich Insurance Although the EU's General Data Protection Regulation only went into full effect on May 25, its mandatory privacy breach notifications are already having an effect on the cyber insurance marketplace, says Thomas Clayton of Zurich Insurance.

Insurance 266

Insurance GDPR Privacy IT 266

Krebs on Security

NOVEMBER 6, 2018

KrebsOnSecurity recently had a chance to interview members of the REACT Task Force , a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims.

Passwords 243

Passwords Authentication Access IT 243

WIRED Threat Level

NOVEMBER 4, 2018

If you're not careful, websites can grab all kinds of permissions you don't realize or intend. Take back control in your browser.

Security 111

Security 111

Security Affairs

NOVEMBER 9, 2018

According to the head of the Federal Investigation Agency’s (FIA) cybercrime wing.almost all Pakistani banks were affected by a recent security breach. Almost all Pakistani banks were affected by a recent security breach, the shocking news was confirmed by the head of the Federal Investigation Agency’s (FIA) cybercrime wing. “According to a recent report we have received, data from almost all Pakistani banks has been reportedly hacked,” FIA Cybercrimes Director retired Capt Mohammad

Sales 111

Sales Security Access IT 111

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Data Breach Today

NOVEMBER 7, 2018

'Unauthorized Entry' to Some Accounts Exposes Account Details and Statements HSBC bank is warning some of its U.S. customers that their personal data was compromised in a breach, although it says it's detected no signs of fraud following the "unauthorized entry." Security experts say the heist has all the hallmarks of a credential-stuffing attack campaign.

Data breaches 237

Data breaches Personal data Security IT 237

Krebs on Security

NOVEMBER 4, 2018

Crooks who hack online merchants to steal payment card data are constantly coming up with crafty ways to hide their malicious code on Web sites. In Internet ages past, this often meant obfuscating it as giant blobs of gibberish text that was obvious even to the untrained eye. These days, a compromised e-commerce site is more likely to be seeded with a tiny snippet of code that invokes a hostile domain which appears harmless or that is virtually indistinguishable from the hacked site’s own

e-Delivery 241

e-Delivery IT Security Privacy 241

eSecurity Planet

NOVEMBER 6, 2018

We review and compare 10 SIEM products that can help you manage your overall IT security from a single tool.

Security 111

Security IT 111

Security Affairs

NOVEMBER 9, 2018

Guy Fawkes Day, November 5th 2018 – LulzSec Italy announced credit a string of hacks and leaks targeting numerous systems and websites across Italy. In celebration of Guy Fawkes Day, November 5th 2018, LulzSec Italy announced credit for a massive string of hacks and leaks targeting numerous systems and websites across Italy. Included in the breaches were Italy’s National Research Center , The Institute for Education Technologies , the ILIESI Institute for the European Intellectual Le

Passwords 111

Passwords Archiving Mining Education 111

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Data Breach Today

NOVEMBER 8, 2018

Company Says Medicare Supplemental Plan Policyholders Among Those Impacted Bankers Life is notifying more than 566,000 individuals, including Medicare supplemental insurance policyholders, that their personal information was exposed in a hacking incident. Employee credentials were compromised, enabling unauthorized access to certain company websites containing personal data.

Insurance 208

Insurance Personal data Access 208

Krebs on Security

NOVEMBER 9, 2018

A Connecticut man who’s earned bug bounty rewards and public recognition from top telecom companies for finding and reporting security holes in their Web sites secretly operated a service that leveraged these same flaws to sell their customers’ personal data, KrebsOnSecurity has learned. In May 2018, ZDNet ran a story about the discovery of a glaring vulnerability in the Web site for wireless provider T-Mobile that let anyone look up customer home addresses and account PINs.

Sales 210

Sales Personal data Access IT 210

Dark Reading

NOVEMBER 7, 2018

A look at some of the more interesting investments, acquisitions, and strategic moves in the security sector over the past year.

Cybersecurity 102

Cybersecurity Security 102

Security Affairs

NOVEMBER 7, 2018

Security expert disclosed the details of a zero-day flaw affecting Oracle’s VirtualBox virtualization software without waiting for a patch from Oracle. The security expert Sergey Zelenyuk has disclosed the details of a zero-day vulnerability affecting Oracle’s VirtualBox virtualization software that could be exploited by an attacker to make a guest-to-host escape.

IT 111

IT Security Access 111

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Data Breach Today

NOVEMBER 8, 2018

Another Secure Service - As Allegedly Marketed to Criminals - Fails to Deliver Once again, a supposedly secure service allegedly marketed to criminals has proven to have limits. Dutch police have busted a "cryptophone" operation, allowing them to decrypt more than 258,000 encrypted chat messages, leading to a drug lab bust, 14 arrests and the seizure of cash, drugs and weapons.

Encryption 200

Encryption Marketing Security 200

WIRED Threat Level

NOVEMBER 6, 2018

WIRED is looking out for the biggest stories, the most common hoaxes, and the likeliest sources of confusion as they emerge throughout the day.

Security 102

Security 102

AIIM

NOVEMBER 8, 2018

Once you stop learning, you start dying. -- Albert Einstein. By now, you’ve probably heard all the statistics on how much information we create, how much faster we create it, and how much harder it is to manage. While these statistics are all true, there’s an opportunity for information professionals in all this chaos. Organizations desperately need someone to help them clean up their digital landfills.

Marketing 100

Marketing Libraries Paper Information governance 100

Security Affairs

NOVEMBER 6, 2018

Apache Struts Users have to update the Commons FileUpload library in Struts 2 that is affected by two vulnerabilities. Apache Struts developers have addressed two vulnerabilities in the Commons FileUpload library in Struts 2, the flaws can be exploited for remote code execution and denial-of-service (DoS) attacks. “Apache today released an advisory, urging users who run Apache Struts 2.3.x to update the commons-fileupload component [1].

Libraries 111

Libraries Access Security IT 111

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Data Breach Today

NOVEMBER 7, 2018

Card Details From 22 Banks Appeared On Underground Market Pakistan says the nation's banks have not been hacked, but are taking defensive steps after nearly 20,000 payment card details appeared for sale online. The State Bank of Pakistan says banks are implementing restrictions on international transactions.

Sales 189

Sales Marketing 189

Schneier on Security

NOVEMBER 9, 2018

This is a new thing : The Pentagon has suddenly started uploading malware samples from APTs and other nation-state sources to the website VirusTotal, which is essentially a malware zoo that's used by security pros and antivirus/malware detection engines to gain a better understanding of the threat landscape. This feels like an example of the US's new strategy of actively harassing foreign government actors.

Government 99

Government Security 99

WIRED Threat Level

NOVEMBER 9, 2018

In an expansive on-the-record interview with WIRED, the principal deputy director of national intelligence made her pitch for public-private partnerships.

Government 95

Government Security 95

Security Affairs

NOVEMBER 6, 2018

The encryption system implemented by popular solid-state drives (SSDs) is affected by critical vulnerabilities that could be exploited by a local attacker to decrypt data. The flaws were discovered by researchers Carlo Meijer and Bernard van Gastel at Radboud University in the Netherlands, the duo discovered that it is possible to bypass password-based authentication to access to encrypted data stored on the drives.

Encryption 111

Encryption Passwords Paper Access 111

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Data Breach Today

NOVEMBER 6, 2018

Separately, Thoma Bravo Moves to Acquire Veracode Software From Broadcom Symantec has announced not one but two acquisitions of private cybersecurity firms: Javelin Networks and Appthority. Meanwhile, a private equity firm announced that it will acquire application security testing firm Veracode from Broadcom for $950 million in cash.

Cybersecurity 189

Cybersecurity Security IT 189

Schneier on Security

NOVEMBER 8, 2018

This is really just to point out that computer security is really hard : Almost as soon as Apple released iOS 12.1 on Tuesday, a Spanish security researcher discovered a bug that exploits group Facetime calls to give anyone access to an iPhone users' contact information with no need for a passcode. [.]. A bad actor would need physical access to the phone that they are targeting and has a few options for viewing the victim's contact information.

Access 98

Access Security 98

WIRED Threat Level

NOVEMBER 8, 2018

Researchers found that they could compromise DJI's single sign-on tokens, similar to the issue behind Facebook's massive breach this September.

Security 95

Security 95