Security Affairs

OCTOBER 10, 2018

Hackers can compromise your WhatsApp account by tricking you into answering a video call, the company fixed the flaw in September. WhatsApp has addressed a vulnerability in the mobile applications that could have been exploited by attackers to crash victims instant messaging app simply by placing a call. The vulnerability is a memory heap overflow issue that was discovered by Google Project Zero white hat hacker Natalie Silvanovich in August.

Security 110

Security IT Privacy 110

The Last Watchdog

OCTOBER 8, 2018

“May you live in interesting times.” The old Chinese proverb–some consider it a blessing and others a curse–certainly describes the modern-day cyber landscape. Related: 7 attacks that put us at the brink of cyber war. In today’s geopolitical terrain, nation-state backed cyber criminals are widening their targets and starting to zero in on their adversaries’ business and industrial sectors, using more and more sophisticated weaponry to do so.

Military 147

Military Healthcare Phishing Security 147

Adam Levin

OCTOBER 8, 2018

Amazon revealed a breach of customer data last week, but it wasn’t a data breach of the usual variety. Rather than falling prey to a cyberattack or having hackers exploit unsecured code, customer emailed addresses were leaked by an employee to an online reseller in exchange for money. What you need to know: 1.) A crime was committed, and 2.) It still counts as a data compromise.

Sales 83

Sales Data breaches Access IT 83

Adam Levin

OCTOBER 10, 2018

High-profile Instagram accounts are being targeted by ransomware attacks and phishing schemes, with evidence suggesting that many account holders are paying the attackers. According to a Motherboard report, hackers are infiltrating and gaining access to Instagram accounts by posing as representatives from branding giants to purport a proposed partnership with the victim.

Ransomware 78

Ransomware Phishing Authentication Access 78

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Data Breach Today

OCTOBER 12, 2018

30 Million Affected; 14 Million Had Extensive Information Exposed Facebook now says that 20 million fewer accounts were breached than it originally believed, but the attackers accessed extensive sensitive personal information on nearly half of those affected.

Data breaches 230

Data breaches Access IT 230

WIRED Threat Level

OCTOBER 11, 2018

For years, China has systematically looted American trade secrets. Here's the messy inside story of how DC got Beijing to clean up its act for a while.

IT 111

IT Security 111

Security Affairs

OCTOBER 10, 2018

A Windows zero-day flaw addressed by Microsoft with its latest Patch Tuesday updates is exploited by an APT group in attacks aimed at entities in the Middle East. The Windows zero-day vulnerability tracked as CVE-2018-8453 is a privilege escalation flaw that was exploited by an APT group in attacks against entities in the Middle East. The flaw, tracked as CVE-2018-8453, affects the Win32k component of Windows handles objects in memory.

Authentication 111

Authentication Government Security Access 111

Data Breach Today

OCTOBER 11, 2018

Gang's Cult Status and Marketing Savvy Belies Shoddy Attack Code, McAfee Says The notorious GandCrab ransomware-as-a-service gang has released the latest version of its crypto-locking malware, backed by crypter service and exploit toolkit partnerships. But the gang's marketing savvy belies shoddy code-development practices, security firm McAfee finds.

Ransomware 229

Ransomware Marketing Security IT 229

Krebs on Security

OCTOBER 12, 2018

Earlier this month I spoke at a cybersecurity conference in Albany, N.Y. alongside Tony Sager , senior vice president and chief evangelist at the Center for Internet Security and a former bug hunter at the U.S. National Security Agency. We talked at length about many issues, including supply chain security, and I asked Sager whether he’d heard anything about rumors that Supermicro — a high tech firm in San Jose, Calif. — had allegedly inserted hardware backdoors in technology s

Security 211

Security Computer and Electronics IoT Cloud 211

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

WIRED Threat Level

OCTOBER 12, 2018

Facebook Friday offered more details about its recent breach. Here's how to see if you were affected.

IT 111

IT Security 111

Security Affairs

OCTOBER 9, 2018

Security researchers who devised last year the Key Reinstallation Attack, aka KRACK attack, have disclosed new variants of the attack. Security researchers Mathy Vanhoef and Frank Piessens who devised last year the Key Reinstallation Attack against WPA, aka KRACK attack, have disclosed new variants of the attack. Last year, boffins discovered several key management flaws in the core of Wi-Fi Protected Access II (WPA2) protocol that could be exploited by an attacker to hack into Wi-Fi network

Paper 111

Paper Passwords Communications Encryption 111

Data Breach Today

OCTOBER 9, 2018

Consumer Google+ Set For Shutdown; Google Hid the Data-Exposing Bug Google blames a bug in an API for its Google+ social networking service for exposing personal details for about 500,000 users' accounts, but says it doesn't believe the information was misused. The company was forced to acknowledge the March incident after it was reported by The Wall Street Journal.

IT 219

IT 219

Krebs on Security

OCTOBER 11, 2018

Microsoft this week released software updates to fix roughly 50 security problems with various versions of its Windows operating system and related software, including one flaw that is already being exploited and another for which exploit code is publicly available. The zero-day bug — CVE-2018-8453 — affects Windows versions 7, 8.1, 10 and Server 2008, 2012, 2016 and 2019.

Security 207

Security Access IT 207

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

WIRED Threat Level

OCTOBER 10, 2018

A new report says the Department of Defense "likely has an entire generation of systems that were designed and built without adequately considering cybersecurity.".

Cybersecurity 110

Cybersecurity Security 110

Security Affairs

OCTOBER 7, 2018

The Git Project released a new version of the Git client, Github Desktop, or Atom. that addressed a critical remote code execution vulnerability in the Git. The Git Project addressed a critical remote code execution vulnerability in the Git command line client, Git Desktop, and Atom. The flaw tracked as CVE-2018-17456 could be exploited by malicious repositories to remotely execute commands on a vulnerable system.

Security 111

Security IT 111

Data Breach Today

OCTOBER 8, 2018

Government Agencies Have 'No Reason to Doubt' Supply Chain Tampering Refutation U.S. and U.K. government agencies have said they have "no reason to doubt" strong denials issued by Amazon and Apple that hardware hackers had successfully implanted tiny chips in their servers that provided a backdoor for Chinese spies.

Government 203

Government 203

IT Governance

OCTOBER 8, 2018

There are few things organisations fear more than data breaches. They cause immediate delays, cost money to put right and could lead to long-term reputational damage. The stakes were raised with the introduction of the EU GDPR (General Data Protection Regulation) in May 2018. It outlines the best practices for preventing a data breach and has been widely publicised – as has the potential to levy large fines against non-compliant organisations.

Data breaches 106

Data breaches GDPR Information Security Risk 106

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

WIRED Threat Level

OCTOBER 12, 2018

Facebook has revealed more details about the unprecedented breach of its platform—including how hackers got away with the access tokens of 30 million users.

Access 107

Access IT Security 107

Security Affairs

OCTOBER 6, 2018

Experts at FortiGuard Labs team discovered three vulnerabilities in eight Sony Bravia smart TVs, one of them rated as critical. Patch management is a crucial aspect for IoT devices, smart objects are surrounding us and represent a privileged target for hackers. Experts at FortiGuard Labs team discovered three vulnerabilities (a stack buffer overflow, a directory traversal, and a command-injection issue) in eight Sony Bravia smart TVs, one of them rated as critical.

File names 111

File names IoT Security IT 111

Data Breach Today

OCTOBER 12, 2018

FDA Announces 'Voluntary Recall' Related to Vulnerabilities The FDA has announced a "voluntary recall" by Medtronic of certain internet-connected programmers for implantable cardiac devices due to cybersecurity vulnerabilities. Some security experts are hopeful that this will serve as a wake-up call for more manufacturers to take action on addressing cybersecurity issues.

Manufacturing 202

Manufacturing Cybersecurity Security 202

Dark Reading

OCTOBER 10, 2018

Profiles of some of the women currently leading Microsoft security operations - and their efforts to drive inclusivity.

Security 103

Security 103

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

WIRED Threat Level

OCTOBER 12, 2018

A clever new cryptomining scheme downloads the latest version of Adobe for you, but adds malware to the bargain.

Security 101

Security 101

Security Affairs

OCTOBER 12, 2018

A group of hackers is targeting Drupal vulnerabilities, including Drupalgeddon2, patched earlier this year to install a backdoor on compromised servers. Security experts from IBM are targeting Drupal vulnerabilities, including the CVE-2018-7600 and CVE-2018-7602 flaws, aka Drupalgeddon2 and Drupalgeddon3 , to install a backdoor on the infected systems and tack full control of the hosted platforms.

Mining 111

Mining Security IT 111

Data Breach Today

OCTOBER 12, 2018

Consulting Firm Alleges Security Not A Priority for Vendor Millions of internet-of-things devices made by the Chinese company Xiongmai and sold in stores such as Home Depot and Wal-Mart still have glaring security problems, a security consultancy warns. The findings come two years after the Mirai botnet targeted Xiongmai devices.

IoT 200

IoT Security 200

AIIM

OCTOBER 9, 2018

The venerable template allows structured form data to be accurately extracted. In the document capture industry , the concept of templates where you specify the location of each data element is a tried-and-true strategy for structured forms. If the form is standardized, giving the software the precise place to look for data will almost always result in better performance over alternatives such as rules-based approaches using keywords or patterns.

Unstructured data 100

Unstructured data Marketing Digital transformation IT 100

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

WIRED Threat Level

OCTOBER 8, 2018

Google got caught hiding a privacy issue affecting 500,000 users on the same day it rolled out privacy protections.

Privacy 101

Privacy IT Security 101

Security Affairs

OCTOBER 11, 2018

ESET researchers have spotted a new strain of malware tracked as Exaramel that links the dreaded not Petya wiper to the Industroyer ICS malware. A few months ago, researchers from ESET discovered a new piece of malware that further demonstrates the existence of a link between Industroyer and the NotPetya wiper. In June 2017, researchers at antivirus firm ESET discovered a new strain of malware, dubbed Industroyer, that was designed to target power grids.

Passwords 111

Passwords Communications Ransomware Security 111

Data Breach Today

OCTOBER 10, 2018

Suspect Allegedly Led Team of Self-Styled 'Master Italian Hackers' Memo to hackers: Boasting about your exploits on social media channels is a good way to get caught. Indeed, Italian police say they busted a suspected hacker after he bragged not only about defacing the NASA homepage but also about being part of a group calling itself "Master Italian Hackers Team.

190

190