Sat.Sep 15, 2018 - Fri.Sep 21, 2018

article thumbnail

What to do when you suffer a data breach

IT Governance

If you’re among the seemingly small number of organisations that hasn’t yet suffered a data breach, you should be preparing for the inevitable. You can’t count on your cyber security defences to continue repelling attacks, because even the most secure systems contain vulnerabilities. Criminals are constantly looking for new opportunities, and it’s only a matter of time before they exploit even the smallest crack in your organisation.

article thumbnail

Multi-cloud use, regulatory compliance and information protection drive new era of encryption and key management in France

Thales Cloud Protection & Licensing

Now in its 13 th year, our Global Encryption Trends Study that is performed by the Ponemon Institute reveals interesting findings that span a dozen different geographies. This year, we found that multi-cloud use as well as compliance requirements have encouraged organizations around the globe to embrace a more extensive encryption strategy. Our study also found that these two key drivers along with protection of information against specific, identified threats are ushering in a new era of encryp

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

MY TAKE: The no. 1 reason ransomware attacks persist: companies overlook ‘unstructured data’

The Last Watchdog

All too many companies lack a full appreciation of how vital it has become to proactively manage and keep secure “unstructured data.”. One reason for the enduring waves of ransomware is that unstructured data is easy for hackers to locate and simple for them to encrypt. Related video: Why it’s high time to protect unstructured data. Ironically, many victimized companies are paying hefty ransoms to decrypt unstructured data that may not be all that sensitive or mission critical.

article thumbnail

Credit Freezes are Free: Let the Ice Age Begin

Krebs on Security

It is now free in every U.S. state to freeze and unfreeze your credit file and that of your dependents, a process that blocks identity thieves and others from looking at private details in your consumer credit history. If you’ve been holding out because you’re not particularly worried about ID theft, here’s another reason to reconsider: The credit bureaus profit from selling copies of your file to others, so freezing your file also lets you deny these dinosaurs a valuable reven

Insurance 279
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Equifax Hit With Maximum UK Privacy Fine After Mega-Breach

Data Breach Today

'Multiple Failures' Cited as Watchdog Levies Maximum Possible Pre-GDPR Fine Credit bureau Equifax has been hit with the maximum possible fine under U.K. law for "multiple failures" that contributed to its massive 2017 data breach, including its failure to act on a critical vulnerability alert issued by the U.S. Department of Homeland Security.

Privacy 262

More Trending

article thumbnail

MY TAKE: Here’s why we need ‘SecOps’ to help secure ‘Cloud Native’ companiess

The Last Watchdog

For many start-ups, DevOps has proven to be a magical formula for increasing business velocity. Speed and agility is the name of the game — especially for Software as a Service (SaaS) companies. Related: How DevOps enabled the hacking of Uber. DevOps is a process designed to foster intensive collaboration between software developers and the IT operations team, two disciplines that traditionally have functioned as isolated silos with the technology department.

Cloud 203
article thumbnail

GovPayNow.com Leaks 14M+ Records

Krebs on Security

Government Payment Service Inc. — a company used by thousands of U.S. state and local governments to accept online payments for everything from traffic citations and licensing fees to bail payments and court-ordered fines — has leaked more than 14 million customer records dating back at least six years, including names, addresses, phone numbers and the last four digits of the payer’s credit card.

article thumbnail

Wielding EternalBlue, Hackers Hit Major US Business

Data Breach Today

Luckily, Firm Was Only Infected With Cryptocurrency-Mining Malware Attack code known as EternalBlue, designed to exploit a Windows SMB flaw, continues to work for attackers despite Microsoft having issued patches more than a year ago. One major U.S. business was reportedly a recent victim, as part of a cryptocurrency-mining malware campaign.

Mining 232
article thumbnail

John Deere Just Cost Farmers Their Right to Repair

WIRED Threat Level

The California Farm Bureau has given away the right of farmers to fix their equipment without going through a dealer.

Security 112
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Cracked Windows installations are serially infected with EternalBlue exploit code

Security Affairs

According to Avira, hundreds of thousands of unpatched Windows systems are serially infected with EternalBlue exploit code. The EternalBlue , is the alleged NSA exploit that made the headlines with DOUBLEPULSAR in the WannaCry attack. The malicious code was leaked online by the Shadow Brokers hacking group that stole it from the arsenal of the NSA-linked Equation Group.

article thumbnail

Mirai Botnet Authors Avoid Jail Time

Krebs on Security

Citing “extraordinary cooperation” with the government, a court in Alaska on Tuesday sentenced three men to probation, community service and fines for their admitted roles in authoring and using “ Mirai ,” a potent malware strain used in countless attacks designed to knock Web sites offline — including an enormously powerful attack in 2016 that sidelined this Web site for nearly four days.

IoT 209
article thumbnail

'Magecart' Card-Sniffing Gang Cracks Newegg

Data Breach Today

E-Commerce Site Investigates Malware Attack and Payment Card Data Theft Online retailer Newegg is investigating a malware attack that may have stolen customers' payment card details for more than a month. Security firms have traced the heist to Magecart, a loose affiliation of cybercrime gangs also tied to payment card data breaches at British Airways and Ticketmaster.

Retail 232
article thumbnail

How the HTC Exodus Blockchain Phone Plans to Secure Your Cryptocurrency

WIRED Threat Level

HTC starts filling in the details of its so-called blockchain smartphone, expected to launch later this year.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Sustes Malware: CPU for Monero

Security Affairs

Sustes Malware doesn’t infect victims by itself, but it is spread via brute-force activities with special focus on IoT and Linux servers. Today I’d like to share a simple analysis based on a fascinating threat that I like to call Sustes (you will see name genesis in a bit). Everybody knows Monero cryptocurrency and probably everybody knows that it has built upon privacy, by meaning It’s not that simple to figure out Monero wallet balance.

article thumbnail

Extended Validation Certificates are Dead

Troy Hunt

That's it - I'm calling it - extended validation certificates are dead. Sure, you can still buy them (and there are companies out there that would just love to sell them to you!), but their usefulness has now descended from "barely there" to "as good as non-existent" This change has come via a combination of factors including increasing use of mobile devices, removal of the EV visual indicator by browser vendors and as of today, removal from Safari on iOS (it'll also be gone in M

Marketing 109
article thumbnail

Police in Europe Tie Card Fraud to People-Smuggling Gang

Data Breach Today

Two Syrians Accused of Buying Stolen Corporate Card Data to Mask Activities Coordinated police raids in Germany and Sweden have resulted in the arrest of two Syrian nationals suspected of running a cyber fraud operation that purchased stolen card data to book hundreds of airline and train tickets to help smuggle people from the Middle East into Europe.

223
223
article thumbnail

Edward Snowden on Protecting Activists Against Surveillance

WIRED Threat Level

“Turnkey tyranny” has never been closer. For some communities, it feels like it’s already here.

IT 111
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Cyber attack took offline flight display screens at the Bristol Airport

Security Affairs

The Bristol Airport was hit by a cyber attack that caused problems with operations, flight display screens were taken offline for two days. The Bristol Airport was hit by a ransomware-based attack that caused problems to the flight display screens for two entire days. The news reported by the BBC and was confirmed by an airport spokesman that explained that the information screens were taken offline early on Friday in response to a “ransomware” based attack. “Bristol Airport ha

article thumbnail

Turn the NIST Cybersecurity Framework into Reality: 5 Steps

Dark Reading

Actionable advice for tailoring the National Institute of Standards and Technology's security road map to your company's business needs.

article thumbnail

Cybercrime Markets Sell Access to Hacked Sites, Databases

Data Breach Today

Payment Card Theft, Ransomware Facilitated by Cybercrime-as-a-Service Offerings One mystery with the recently discovered payment card sniffing attacks against such organizations as British Airways and Newegg has been how attackers might have first gained access to the victims' networks. But a number of cybercrime markets sell such access, in some cases for as little as 50 cents.

Marketing 222
article thumbnail

AES Resulted in a $250 Billion Economic Benefit

Schneier on Security

NIST has released a new study concluding that the AES encryption standard has resulted in a $250 billion world-wide economic benefit over the past twenty years. I have no idea how to even begin to assess the quality of the study and its conclusions -- it's all in the 150-page report, though -- but I do like the pretty block diagram of AES on the report's cover.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

Security Affairs

Palo Alto Network researchers discovered a new malware, tracked as XBash, that combines features from ransomware, cryptocurrency miners, botnets, and worms. Security researchers at Palo Alto Networks have discovered a new piece of malware, dubbed XBash piece that is targeting both Linux and Microsoft Windows servers. Xbash was developed using Python, then the authors converted into self-contained Linux ELF executables by abusing the legitimate tool PyInstaller for distribution.

article thumbnail

The 7 Habits of Highly Effective Security Teams

Dark Reading

Security requires smart people, processes, and technology. Too often, the "people" portion of the PPT equation is neglected.

article thumbnail

Why Cybercrime Remains Impossible to Eradicate

Data Breach Today

Kelihos Bot Herder Offered Bargain Spam Campaign Pricing More evidence that running cybercrime schemes remains inexpensive and accessible to anyone with criminal intent: To send spam emails, admitted botnet herder Peter Levashov quoted customers $500 for 1 million emails. And that was just his 2016 pricing.

Access 220
article thumbnail

Security Vulnerability in ESS ExpressVote Touchscreen Voting Computer

Schneier on Security

Of course the ESS ExpressVote voting computer will have lots of security vulnerabilities. It's a computer, and computers have lots of vulnerabilities. This particular vulnerability is particularly interesting because it's the result of a security mistake in the design process. Someone didn't think the security through, and the result is a voter-verifiable paper audit trail that doesn't provide the security it promises.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Access to over 3,000 compromised sites sold on Russian black marketplace MagBo

Security Affairs

Security experts at Flashpoint discovered the availability of the access to over 3,000 compromised sites sold on Russian black marketplace MagBo. A new report published by researchers at Flashpoint revealed the availability on an underground hacking forum for Russian-speaking users of access to over 3,000 breached websites. “Access to approximately 3,000 breached websites has been discovered for sale on a Russian-speaking underground marketplace called MagBo.

Access 111
article thumbnail

Turn the NIST Cybersecurity Framework into Reality: 4 Steps

Dark Reading

Actionable advice for tailoring the National Institute of Standards and Technology's security road map to your company's business needs.

article thumbnail

Scotland's Arran Brewery Slammed by Dharma Bip Ransomware

Data Breach Today

Ransomware Crypto-Locked via Domain Controller, Complicating Restoration Scotland's Arran Brewery fell victim to a Dharma Bip ransomware attack that infected its Windows domain controller and crypto-locked files and local backups, leading to the loss of three months' worth of sales data. The brewery refused to pay the attackers' two bitcoin ransom demand.