WIRED Threat Level

OCTOBER 5, 2020

Seven distinct factors between now and the election threaten to combine, compound, and reinforce each other in unpredictable ways.

IT 145

IT Security 145

IT Governance

OCTOBER 5, 2020

Are you trying to figure out the best way to protect your organisation from cyber attacks and data breaches? It can be tricky to know where to begin, which is why our Cyber Security Risk Scorecard contains a simple guide to help you secure your systems. We’ve run through some of the essential steps in this blog, or download the full, free checklist from our website.

Risk 111

Risk Security Encryption Information Security 111

Dark Reading

OCTOBER 5, 2020

A new initiative will run throughout the month of October, invites the general public to play cybersecurity games (and win fabulous prizes).

Cybersecurity 108

Cybersecurity 108

Data Breach Today

OCTOBER 5, 2020

Employee Surveillance Violations Trigger Germany's Biggest Privacy Fine to Date Privacy regulators in Germany have slammed clothing retailer H&M with a $41 million fine for collecting and retaining private employee data in violation of the EU's General Data Protection Regulation. H&M has apologized, instituted changes and promised to financially compensate employees.

Retail 345

Retail GDPR Privacy 345

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

OCTOBER 9, 2020

A week ago, KrebsOnSecurity broke the news that someone was attempting to disrupt the Trickbot botnet , a malware crime machine that has infected millions of computers and is often used to spread ransomware. A new report Friday says the coordinated attack was part of an operation carried out by the U.S. military’s Cyber Command. Image: Shuttstock.

Ransomware 342

Ransomware Military Passwords Access 342

Data Protector

OCTOBER 4, 2020

We are what we are We don't want praise, we don't want pity We bang our own drum Some think it's noise, we think it's pretty We promise that your human rights we will not mangle We're the ones that try to see things from a different angle Join us we’re going far Join us and shout out Revise the GDPR We are what we are And what we are needs no excuses We’ll find a new way To cut out spam, stop data abuses Our private lives, there's no consent you get no look in Our private lives, you can't tell a

GDPR 156

GDPR IT 156

Data Breach Today

OCTOBER 5, 2020

In an exclusive interview, Roger Severino, director of the HHS Office for Civil Rights, which enforces HIPAA, spells out critical steps healthcare organizations must take to safeguard patient information and ensure patient safety in light of the surge in ransomware and other hacking incidents.

Ransomware 328

Ransomware 328

Krebs on Security

OCTOBER 8, 2020

There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in. But judging from the proliferation of help-wanted ads for offensive pentesters in the cybercrime underground, today’s attackers have exactly zero trouble gaining that in

Ransomware 338

Ransomware Access Marketing Cloud 338

erwin

OCTOBER 8, 2020

More and more companies are looking at cloud migration. Migrating legacy data to public, private or hybrid clouds provide creative and sustainable ways for organizations to increase their speed to insights for digital transformation, modernize and scale their processing and storage capabilities, better manage and reduce costs, encourage remote collaboration, and enhance security, support and disaster recovery.

Cloud 145

Cloud Government Metadata Data structuring 145

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Security Affairs

OCTOBER 8, 2020

Cybersecurity researchers from Cyble have spotted a threat actor sharing leaked data of Airlink International UAE for free on two different platforms. Cybersecurity researchers from Cyble have found a threat actor sharing leaked data of Airlink International UAE for free on two platforms on the dark web. The availability of the data on the dark web could pose organizations to serious risk, threat actors could use this data to carry out multiple malicious attacks.

Insurance 145

Insurance Cybersecurity Communications Risk 145

Data Breach Today

OCTOBER 3, 2020

Researchers Note Similarities to Sekhmet Crypto-Locking Malware Security researchers with Appgate are warning about a recently uncovered ransomware variant called Egregor that appears to have infected about a dozen organizations worldwide over the past several months. The gang behind this crypto-locking malware is threatening to release data if victims don't pay.

Ransomware 321

Ransomware Security 321

Krebs on Security

OCTOBER 7, 2020

September featured two stories on a phony tech investor named John Bernard , a pseudonym used by a convicted thief named John Clifton Davies who’s fleeced dozens of technology companies out of an estimated $30 million with the promise of lucrative investments. Those stories prompted a flood of tips from Davies’ victims that paint a much clearer picture of this serial con man and his cohorts, including allegations of hacking, smuggling, bank fraud and murder.

Communications 281

Communications Military Security Government 281

WIRED Threat Level

OCTOBER 6, 2020

The Checkm8 vulnerability that exposed years of iPhones to jailbreaking has finally been exploited in Macs as well.

Security 145

Security 145

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Security Affairs

OCTOBER 5, 2020

Threat actors have hacked at least three Swiss universities, including the University of Basel and managed to drain employee salary transfers. Threat actors have managed to steal employee salary payments at several Swiss universities, including the University of Basel. “According to our information, several universities in Switzerland have been affected,” explained Martina Weiss, Secretary General of the Rectors’ Conference of the Swiss Universities.

Phishing 145

Phishing Access IT Security 145

Data Breach Today

OCTOBER 7, 2020

Yet Another Report Warns of Nation-State Influence Operations In the latest in a series of election security reports from government agencies, the U.S. Department of Homeland Security says Russia poses the most serious nation-state disruption threat to the U.S. presidential election, with China and Iran also posing threats.

Government 312

Government Security 312

Schneier on Security

OCTOBER 7, 2020

A good rundown.

Privacy 144

Privacy Security 144

WIRED Threat Level

OCTOBER 5, 2020

The tool attacks a device’s UEFI firmware—which makes it especially hard to detect and destroy.

IT 145

IT Security 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Security Affairs

OCTOBER 5, 2020

A China-linked threat actor used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea. Researchers from Kaspersky have spotted a UEFI malware that was involved in attacks on organizations with an interest in North Korea. The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware.

Archiving 145

Archiving Authentication Security IT 145

Data Breach Today

OCTOBER 5, 2020

Proofpoint and KnowBe4 Spot Malicious Messages Disguised as Political Announcements Security researchers are warning of a fresh wave of phishing emails with election-related lures that are designed to get users to click, opening the door to spreading the Emotet botnet or harvesting users' credentials.

Phishing 297

Phishing Security 297

Schneier on Security

OCTOBER 5, 2020

Interesting usability study: “ More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication “: Abstract : Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication. RBA monitors additional features during login, and when observed feature values differ significantly from previously seen ones, users have to provide additional authentication factors such as a verification code.

Authentication 143

Authentication Risk Passwords Paper 143

WIRED Threat Level

OCTOBER 3, 2020

Plus: A Grindr bug, a Joker explosion, and more of the week's top security news.

Ransomware 138

Ransomware Security 138

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Security Affairs

OCTOBER 5, 2020

Security researchers provided technical details about an IoT botnet dubbed Ttint that has been exploiting two zero-days in Tenda routers. Security researchers at Netlab, the network security division Qihoo 360, have published a report that details an IoT botnet dubbed Ttint. The experts are monitoring the Mirai-based botnet since November 2019 and observed it exploiting two Tenda router 0-day vulnerabilities to spread a Remote Access Trojan (RAT).

IoT 145

IoT Encryption Communications Access 145

Data Breach Today

OCTOBER 9, 2020

The latest edition of the ISMG Security Report analyzes why clothing retailer H&M was hit with a hefty fine for violating the EU's General Data Protection Rule. Also featured: The coming of age of digital identities; deputy CSO at Mastercard on top priorities for 2021.

Retail 279

Retail Security 279

Schneier on Security

OCTOBER 6, 2020

Previously I have written about the Swedish-owned Swiss-based cryptographic hardware company: Crypto AG. It was a CIA-owned Cold War operation for decades. Today it is called Crypto International , still based in Switzerland but owned by a Swedish company. It’s back in the news : Late last week, Swedish Foreign Minister Ann Linde said she had canceled a meeting with her Swiss counterpart Ignazio Cassis slated for this month after Switzerland placed an export ban on Crypto International , a

Cybersecurity 141

Cybersecurity IT 141

National Archives Records Express

OCTOBER 5, 2020

Last week, our office released two NARA Bulletins for Federal agencies. The first, NARA Bulletin 2020-01 , is the guidance answering common questions and providing clarifications to the OMB/NARA Memorandum M-19-21 : Transition to Electronic Records. This Bulletin is the additional guidance required by the Memorandum. . We have received many questions from agencies, including general questions, exception process questions, records storage facility questions, and scheduling and transfer questions

Records Management 137

Records Management Government 137

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Security Affairs

OCTOBER 4, 2020

Visa revealed that two unnamed North American hospitality merchants have been infected with some strains of point-of-sale (POS) malware. US payments processor Visa revealed that two North American hospitality merchants have been hacked, threat actors infected the systems of the two unnamed organizations with some strains of point-of-sale (POS) malware.

Sales 145

Sales Access Phishing Security 145

Data Breach Today

OCTOBER 7, 2020

Botnet Called 'One of the Most Prevalent Ongoing Threats' The U.S. Cybersecurity and Infrastructure Security Agency is warning about a recent spike in Emotet botnet attacks - designed to spread other malware - that are targeting state and local government agencies.

Government 278

Government Cybersecurity Security 278

WIRED Threat Level

OCTOBER 8, 2020

While it's still far more common on PCs, mobile ransomware has undergone a worrying evolution, new research shows.

Ransomware 136

Ransomware IT Security 136