Dark Reading

OCTOBER 16, 2019

In part one of this two-part series, we start with the basics - getting everyone to understand what's at stake - and then look at lessons from the trenches.

Cybersecurity 60

Cybersecurity 60

Data Breach Today

OCTOBER 17, 2019

With 18 Vendors on Board, Experts Assess New Group's Chances for Success Eighteen technology companies have formed the Open Cybersecurity Alliance to foster the development of open source tools to improve interoperability and data sharing between cybersecurity applications. But some observers say getting all players to agree on a common platform will be challenging.

Cybersecurity 124

Cybersecurity 124

erwin

OCTOBER 17, 2019

Architect Everything: New use cases for enterprise architecture are increasing enterprise architect’s stock in data-driven business. As enterprise architecture has evolved, so to have the use cases for enterprise architecture. Analyst firm Ovum recently released a new report titled Ovum Market Radar: Enterprise Architecture. In it, they make the case that enterprise architecture (EA) is becoming AE – or “architect everything” The transition highlights enterprise architect

Digital transformation 106

Digital transformation Compliance Government Risk 106

The Last Watchdog

OCTOBER 16, 2019

A pair of malicious activities have become a stunning example of digital transformation – unfortunately on the darknet. Related: Cyber risks spinning out of IoT Credential stuffing and account takeovers – which take full advantage of Big Data, high-velocity software, and automation – inundated the internet in massive surges in 2018 and the first half of 2019, according to multiple reports.

Big data 164

Big data Passwords Digital transformation Data breaches 164

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

OCTOBER 15, 2019

“ BriansClub ,” one of the largest underground stores for buying stolen credit card data, has itself been hacked. The data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records uploaded to the shop in 2019 alone.

Sales 232

Sales Marketing Retail Government 232

Thales Cloud Protection & Licensing

OCTOBER 15, 2019

It is the year 2030, and you have had another busy day. As you finish what you thought would be your last espresso and grab your laptop to leave work, your colleague tells you that you need to stay late for an urgent meeting. Panic sets in, but you push past it and put a plan into motion. To pick your daughter up from school, you call a driverless car.

Security 113

Security Encryption Systems administration Access 113

The Last Watchdog

OCTOBER 16, 2019

Digital commerce has come to revolve around two types of identities: human and machine. Great effort has gone into protecting the former, and yet human identities continue to get widely abused by cyber criminals. By comparison, scant effort has gone into securing the latter. This is so in spite of the fact that machine identities are exploding in numbers and have come to saturate digital transformation.

Digital transformation 195

Digital transformation Authentication IoT Cloud 195

Krebs on Security

OCTOBER 16, 2019

Cybercrime forums have been abuzz this week over news that BriansClub — one of the underground’s largest shops for stolen credit and debit cards — has been hacked, and its inventory of 26 million cards shared with security contacts in the banking industry. Now it appears this brazen heist may have been the result of one of BriansClub’s longtime competitors trying to knock out a rival.

Sales 120

Sales Marketing IT Security 120

Data Breach Today

OCTOBER 14, 2019

Officials Attempt to Clarify Complex California Law's Requirements Gov. Gavin Newsom has signed into law six amendments to the California Consumer Privacy Act as well as another bill updating the state's long-standing data breach law. Meanwhile, draft CCPA implementation regulations have been unveiled.

Data breaches 187

Data breaches Privacy 187

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Security Affairs

OCTOBER 15, 2019

Experts discovered a security policy bypass issue in the Sudo utility that is installed as a command on almost every Linux and Unix system. The Sudo utility that is installed as a command on almost every Linux and Unix system is affected by a security policy bypass issue tracked as CVE-2019-14287. The vulnerability could be exploited by an ill-intentioned user or a malicious program to execute arbitrary commands as root on a targeted Linux system, even if the “ sudoers configuration”

Passwords 111

Passwords Authentication Access Security 111

The Last Watchdog

OCTOBER 15, 2019

If there ever was such a thing as a cybersecurity silver bullet it would do one thing really well: eliminate passwords. Threat actors have proven to be endlessly clever at abusing and misusing passwords. Compromised logins continue to facilitate cyber attacks at all levels, from phishing ruses to credential stuffing to enabling hackers to probe deep inside of a breached network.

Passwords 164

Passwords Authentication Data breaches B2B 164

John Battelle's Searchblog

OCTOBER 14, 2019

Something’s been bugging me about Tik Tok. I’ve almost downloaded it about a dozen times over the past few months. But I always stop short. I don’t have a ton of time ( here’s why ) so forgive me as I resort to some short form tricks here. To wit: China employs a breathtaking model of state-driven surveillance. The US employs a breathtaking model of capitalist surveillance.

Artificial Intelligence 105

Artificial Intelligence Privacy File names Government 105

Data Breach Today

OCTOBER 14, 2019

Sophos Board Will 'Unanimously Recommend' Deal to Shareholders Private-equity firm Thoma Bravo, which already has stakes in several cybersecurity companies, plans to buy U.K.-based security company Sophos in a $3.9 billion deal, the two companies announced Monday. The Sophos board will "unanimously recommend" the sale to shareholders, the company says.

Sales 183

Sales Cybersecurity Security 183

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Security Affairs

OCTOBER 16, 2019

Security expert Pasquale Fiorillo demonstrates how to hack n RFID/NFC Vending Machine. The affected vendor did not answer to my responsible disclosure request, so I’m here to disclose this “hack” without revealing the name of the vendor itself. The target vending machine uses an insecure NFC Card, MIFARE Classic 1k , that has been affected by multiple vulnerabilities so should not be used in important application.

Manufacturing 110

Manufacturing Encryption Access Security 110

The Last Watchdog

OCTOBER 14, 2019

The digital footprints of U.S. consumers’ have long been up for grabs. No one stops the tech giants, media conglomerates and online advertisers from intensively monetizing consumers’ online behaviors, largely without meaningful disclosure. Related: The state of ransomware Who knew that much the same thing routinely happens to enterprises? A recent report by network detection and response vendor ExtraHop details how third-party security and analytics tools routinely “ phone home ” in order to exf

Cloud 133

Cloud Analytics Cybersecurity Digital transformation 133

WIRED Threat Level

OCTOBER 13, 2019

The latest macOS update is chock-full of ways to better safeguard your data.

Privacy 104

Privacy Security 104

Data Breach Today

OCTOBER 16, 2019

GlobeImposter 2.0 and Sodinokibi Strikes Also Common, Researchers Find Ransomware is once again the most common illicit profit-making tool in online attackers' arsenal, police warn. Security firm Emsisoft says the most-seen strains in recent months include STOP, Dharma.cezar, Phobos, GlobeImposter 2.0 and Sodinokibi. Less widely seen Ryuk also continues to generate big profits.

Ransomware 178

Ransomware Security 178

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Security Affairs

OCTOBER 14, 2019

Cybercrime gang behind the Emotet malware is targeting organization with external SOC with emails claiming to deliver a SOC “weekly report.”. Introduction. The group behind Emotet malware is getting smarter and smarter in the way the y deliver such a Malware. While the infection schema looks alike from years; the way the group tries to infect victims improves from day to day.

Computer and Electronics 108

Computer and Electronics Security Encryption IT 108

Schneier on Security

OCTOBER 14, 2019

This theoretical paper shows how to factor 2048-bit RSA moduli with a 20-million qubit quantum computer in eight hours. It's interesting work, but I don't want overstate the risk. We know from Shor's Algorithm that both factoring and discrete logs are easy to solve on a large, working quantum computer. Both of those are currently beyond our technological abilities.

Paper 94

Paper Risk IT 94

WIRED Threat Level

OCTOBER 17, 2019

The untold story of how digital detectives unraveled the mystery of Olympic Destroyer—and why the next big cyberattack will be even harder to crack.

Security 94

Security 94

Data Breach Today

OCTOBER 16, 2019

Iranian-Backed Hacking Group Targeting Research Universities "Silent Librarian," a hacking group with apparent ties to the Iranian government, is continuing to revamp and refine its phishing techniques as it targets research universities in the U.S. and Europe in an attempt to steal intellectual property, according to the security firm Proofpoint.

Phishing 174

Phishing Government Security IT 174

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Security Affairs

OCTOBER 14, 2019

Winnti Group is back with a new modular Win backdoor that was used to infect the servers of a high-profile Asian mobile hardware and software manufacturer. Security experts at ESET revealed that Winnti Group continues to update its arsenal, they observed that the China-linked APT group using a new modular Windows backdoor that they used to infect the servers of a high-profile Asian mobile hardware and software manufacturer.

Manufacturing 108

Manufacturing Paper Communications IT 108

Schneier on Security

OCTOBER 15, 2019

Lots of them weren't very good : BSD co-inventor Dennis Ritchie, for instance, used "dmac" (his middle name was MacAlistair); Stephen R. Bourne, creator of the Bourne shell command line interpreter, chose "bourne"; Eric Schmidt, an early developer of Unix software and now the executive chairman of Google parent company Alphabet, relied on "wendy!!!" (the name of his wife); and Stuart Feldman, author of Unix automation tool make and the first Fortran compiler, used "axolotl" (the name of a Mexica

Passwords 91

Passwords 91

WIRED Threat Level

OCTOBER 12, 2019

FBI overreach, hacker payback, and more of the week's top security news.

Ransomware 90

Ransomware Security 90

Data Breach Today

OCTOBER 17, 2019

What Steps Should Entities Take to Battle Back? Data breaches involving phishing and related email compromises persist as a top challenge for healthcare providers. So, what are some of the top trends emerging from these incidents?

Data breaches 170

Data breaches Phishing 170

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Security Affairs

OCTOBER 16, 2019

Symantec rolled out an intrusion prevention signature update for its Endpoint Protection product that has caused many devices to crash and display a so-called blue screen of death (BSOD). An intrusion prevention signature update for the Endpoint Protection product had a bad impact on the devices, in many cases it caused the devices to crash and display the blue screen of death (BSOD).

Security 106

Security IT Information Security 106

Threatpost

OCTOBER 15, 2019

The bug allows users to bypass privilege restrictions to execute commands as root.

Access 89

Access 89

Dark Reading

OCTOBER 18, 2019

Glitching (or fault-injection) attacks aren't easy (yet). But get ready, because as the IoT grows, these attacks will be a big reason that hardware security should be part of your cybersecurity planning.

IoT 87

IoT Security Cybersecurity 87