Data Breach Today
FEBRUARY 21, 2020
Defense Information Systems Agency Has a Security Mission A U.S. Defense Department agency that's responsible for providing secure communications and IT equipment for the president and other top government officials says a data breach of one of its systems may have exposed personal data, including Social Security numbers.
The Last Watchdog
FEBRUARY 18, 2020
It was just a few short years ago that the tech sector, led by Google, Mozilla and Microsoft, commenced a big push to increase the use of HTTPS – and its underlying TLS authentication and encryption protocol. Related: Why Google’s HTTPS push is a good thing At the time, just 50 % of Internet traffic used encryption. Today the volume of encrypted network traffic is well over 80% , trending strongly toward 100%, according to Google.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Dark Reading
FEBRUARY 19, 2020
Amazon Web Services is a top source of cyberattacks, responsible for 94% of all Web attacks originating in the public cloud.
WIRED Threat Level
FEBRUARY 21, 2020
The point of Kremlin interference has always been to find democracy’s loose seams, and pull.
Advertiser: ZoomInfo
AI adoption is reshaping sales and marketing. But is it delivering real results? We surveyed 1,000+ GTM professionals to find out. The data is clear: AI users report 47% higher productivity and an average of 12 hours saved per week. But leaders say mainstream AI tools still fall short on accuracy and business impact. Download the full report today to see how AI is being used — and where go-to-market professionals think there are gaps and opportunities.
Krebs on Security
FEBRUARY 19, 2020
Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. The disclosure comes almost a year after Citrix acknowledged that digital intruders had broken in by probing its employee accounts for weak passwords.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Data Breach Today
FEBRUARY 17, 2020
Researchers Say Attackers Stole Browser Data and Redirected Users to Malicious Sites Google has removed 500 Chrome extensions from its online store after researchers found that attackers were using them to steal browser data, according to a new report from security firm Duo Security. The thefts were part of a malvertising campaign that had been active for at least a year, the researchers say.
WIRED Threat Level
FEBRUARY 16, 2020
A researcher discovered that hundreds of extensions in the Web Store were part of a long-running malvertising and ad-fraud scheme.
Krebs on Security
FEBRUARY 17, 2020
A new email-based extortion scheme apparently is making the rounds, targeting Web site owners serving banner ads through Google’s AdSense program. In this scam, the fraudsters demand bitcoin in exchange for a promise not to flood the publisher’s ads with so much bot and junk traffic that Google’s automated anti-fraud systems suspend the user’s AdSense account for suspicious traffic.
Security Affairs
FEBRUARY 16, 2020
Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world. Iran-linked attackers targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies as part of the Fox Kitten Campaign. During the last quarter of 2019, experts from security firm ClearSky uncovered a hacking campaign tracked as Fox Kitten Campaign that is being conducted in the last three years.
Speaker: Ben Epstein, Stealth Founder & CTO | Tony Karrer, Founder & CTO, Aggregage
When tasked with building a fundamentally new product line with deeper insights than previously achievable for a high-value client, Ben Epstein and his team faced a significant challenge: how to harness LLMs to produce consistent, high-accuracy outputs at scale. In this new session, Ben will share how he and his team engineered a system (based on proven software engineering approaches) that employs reproducible test variations (via temperature 0 and fixed seeds), and enables non-LLM evaluation m
Data Breach Today
FEBRUARY 19, 2020
UN's World Health Organization Warns of Fraud Attempts As the coronavirus generates headlines around the world, cybercriminals are continuing to use this public health crisis to spread phishing emails and create malicious domains for a variety of fraud. Here's an update on the latest developments.
WIRED Threat Level
FEBRUARY 15, 2020
Mac malware, a Bitcoin mixer, and more of the week's top security news.
Krebs on Security
FEBRUARY 18, 2020
Crooks are constantly dreaming up new ways to use and conceal stolen credit card data. According to the U.S. Secret Service , the latest scheme involves stolen card information embedded in barcodes affixed to phony money network rewards cards. The scammers then pay for merchandise by instructing a cashier to scan the barcode and enter the expiration date and card security code.
Security Affairs
FEBRUARY 18, 2020
Peripheral devices with unsigned firmware can expose Windows and Linux machines to hack, warn experts from firmware security firm Eclypsium. Experts at firmware security firm Eclypsium have discovered that many peripheral device manufacturers have not implemented security checks to prevent the installation of firmware from an untrusted source. An attacker could exploit the lack of checks to execute malicious firmware and perform malicious actions on both Windows and Linux systems, such as the in
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Data Breach Today
FEBRUARY 20, 2020
Breached Cloud Server Contained Data on 10 Million Guests Hackers have posted on an underground forum the personal information of 10.6 million MGM Resorts guests, ZDNet reports. The hotel chain confirms it was breached last year.
WIRED Threat Level
FEBRUARY 20, 2020
By calling out Russia for digital assaults on its neighboring country, the US hopes to head off similar efforts at home.
The Last Watchdog
FEBRUARY 17, 2020
When it comes to defending their networks, most companies have had it drilled into them, by now, that it’s essential to erect layered defenses. Related :Promise vs. pitfalls of IoT For small- and mid-sized businesses, firewalls, antivirus suites and access management systems represent the entry stakes for participating in today’s digital economy. Security-mature SMBs go the next step and embrace incidence response and disaster recovery planning, as well Meanwhile, large enterprises pour tens of
Security Affairs
FEBRUARY 18, 2020
A security expert found a flaw in SharePoint that could be exploited to remotely execute arbitrary code by sending a specially crafted SharePoint application package. Summary: A few days ago I saw a post from Alienvault which says attackers are still exploiting SharePoint vulnerability to attack Middle East government organization. Having said that I found Income Tax Department India and MIT Sloan was also vulnerable to CVE-2019-0604 a remote code execution vulnerability which exists in Micros
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Data Breach Today
FEBRUARY 19, 2020
CISA Alert: Incident Led to Two-Day Shutdown A ransomware attack on a U.S. natural gas compression facility led to a two-day shutdown of operations, according to an alert from the Cybersecurity and Infrastructure Security Agency.
WIRED Threat Level
FEBRUARY 18, 2020
The lax security of supply chain firmware has been a known concern for years—with precious little progress being made.
AIIM
FEBRUARY 20, 2020
Enacting change is easier when you don’t have to go at it alone. In fact, a major factor in the success of organizational change comes down to internal buy-in with your co-workers. The more internal advocates you have on your side, the easier that positive change can spread quickly and efficiently. The old adage about there being ‘strength in numbers’ holds true when it comes to change management.
Security Affairs
FEBRUARY 21, 2020
The Defense Information Systems Agency (DISA) US agency in charge of secure IT and communication for the White House has disclosed a data breach. The Defense Information Systems Agency (DISA), the DoD agency that is in charge of the security of IT and telecommunications for the White House and military troops has suffered a cyber attack. The agency sent a data breach notification to its employees last week informing them of a security breach that took place last year between May and July.
Advertiser: ZoomInfo
ZoomInfo customers aren’t just selling — they’re winning. Revenue teams using our Go-To-Market Intelligence platform grew pipeline by 32%, increased deal sizes by 40%, and booked 55% more meetings. Download this report to see what 11,000+ customers say about our Go-To-Market Intelligence platform and how it impacts their bottom line. The data speaks for itself!
Data Breach Today
FEBRUARY 18, 2020
Researchers Say Attackers Targeted American and Canadian Banking Customers Cybercriminals targeted mobile banking users by sending malicious SMS messages to their smartphones as part of a phishing campaign to steal account holders' information, including usernames and passwords, according to the cybersecurity firm Lookout.
WIRED Threat Level
FEBRUARY 20, 2020
Hundreds of smart devices—including pacemakers—are exposed thanks to a series of vulnerabilities in the Bluetooth Low Energy protocol. .
The Last Watchdog
FEBRUARY 21, 2020
Just five years ago, the Public Key Infrastructure, or PKI , was seriously fraying at the edges and appeared to be tilting toward obsolescence. Things have since taken a turn for the better. Related: Why PKI is well-suited to secure the Internet of Things PKI is the authentication and encryption framework on which the Internet is built. The buckling of PKI a few years back was a very serious matter, especially since there was nothing waiting in the wings to replace PKI.
Security Affairs
FEBRUARY 21, 2020
VMware has addressed serious vulnerabilities in vRealize Operations for Horizon Adapter, including remote code execution and authentication bypass flaws. VMware vRealize Operations is a software product that provides operations management across physical, virtual and cloud environments, it supports environments based on vSpher e, Hype r-V or Amazon Web Services.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Data Breach Today
FEBRUARY 17, 2020
CISA Describes Its Role as Security Facilitator The U.S. Cybersecurity Infrastructure and Security Agency has released its cybersecurity plan for the run-up to the 2020 presidential election, outlining the agency's role as a facilitator that will assist federal, state and local agencies in protecting critical election infrastructure.
WIRED Threat Level
FEBRUARY 18, 2020
YouTube is littered with bot-driven videos promising big in-game riches—that also try to steal your personal information.
AIIM
FEBRUARY 18, 2020
The success of any project relies on involving stakeholders early on and keeping them properly informed throughout. A systems development project is no different. If you want the systems that you build, buy, and develop to properly manage information assets across the life cycle, then you have to leverage the knowledge of your RIM team. This was the subject of Kevin Craine's recent interview with Tod Chernikoff, ISD RIM Analyst for the Navy Federal Credit Union.
Expert insights. Personalized for you.
351 
Let's personalize your content