IT Governance

SEPTEMBER 26, 2018

Two thirds of UK organisations are uninsured against the financial impact of a data breach, a survey has revealed. The Risk:Value 2018 Report by NTT Security discovered that only 29% of organisations have dedicated cyber insurance in place, despite 81% of senior executives touting insurance against data breaches as “vital”. According to the report, which examines business attitudes to risk and the value of information security, UK businesses would have to spend £1 million, on average, to rec

Data breaches 87

Data breaches Insurance Information Security Compliance 87

Data Breach Today

SEPTEMBER 25, 2018

Fraudsters Hijack Mobile Numbers to Crack Open Bank Accounts In Australia, it can take as few as 15 minutes to steal someone's phone number, a type of attack known as SIM hijacking. Such attacks are rising, but mobile operators have no plans to change the authentication required around number porting, which can be set in motion online with minimal personal information.

Authentication 260

Authentication IT 260

Thales Cloud Protection & Licensing

SEPTEMBER 25, 2018

My last blog about Vormetric Application Encryption covered new RESTful APIs and it revealed that those APIs provide quite a bit of granular control in the use of encryption keys. This enhances security by reducing the “attack surface” in an IT environment while maintaining IT efficiency with centralized access control policies. Combining RESTful flexibility with granular controls gives you the best of both worlds.

Security 73

Security Encryption Paper Access 73

Krebs on Security

SEPTEMBER 28, 2018

Facebook said today some 90 million of its users may get forcibly logged out of their accounts after the company fixed a rather glaring security vulnerability in its Web site that may have let attackers hijack user profiles. In a short blog post published this afternoon, Facebook said hackers have been exploiting a vulnerability in Facebook’s site code that impacted a feature called “View As,” which lets users see how their profile appears to other people. “This allowed t

Security 265

Security Passwords Access IT 265

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Last Watchdog

SEPTEMBER 24, 2018

The recent hack of social media giant Reddit underscores the reality that all too many organizations — even high-visibility ones that ought to know better — are failing to adequately lock down their privileged accounts. Related: 6 best practices for cloud computing. An excerpt from Reddit’s mea culpa says it all: “On June 19, we learned that between June 14 and June 18, an attacker compromised a few of our employees’ accounts with our cloud and source code hosting providers.

Access 159

Access Authentication Retail Cloud 159

WIRED Threat Level

SEPTEMBER 28, 2018

The social networking giant confirmed Friday that sites you use Facebook to login to could have been accessed as a result of its massive breach.

Security 112

Security Access IT 112

Krebs on Security

SEPTEMBER 27, 2018

The U.S. Secret Service is warning financial institutions about a recent uptick in a form of ATM skimming that involves cutting cupcake-sized holes in a cash machine and then using a combination of magnets and medical devices to siphon customer account data directly from the card reader inside the ATM. According to a non-public alert distributed to banks this week and shared with KrebsOnSecurity by a financial industry source, the Secret Service has received multiple reports about a complex form

Communications 256

Communications Security IT 256

Security Affairs

SEPTEMBER 28, 2018

Facebook hacked – Attackers exploited a vulnerability in the “View As” feature that allowed them to steal Facebook access tokens of 50 Million Users. Facebook hacked, this is news that is rapidly spreading across the Internet. A few hours ago, Facebook announced that an attack on its computer network exposed the personal information of roughly 50 million users.

Security 111

Security Access Data breaches IT 111

Data Breach Today

SEPTEMBER 25, 2018

Organizations Need to Avoid Mishaps That Can Make Matters Worse Recent additions to the federal health data breach tally shine a light on the mistakes that contribute to breaches - and in some cases, make situations far worse.

Data breaches 236

Data breaches 236

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

WIRED Threat Level

SEPTEMBER 28, 2018

Up to 50 million Facebook users were affected—and possibly 40 million more—when hackers compromised the social network's systems.

Security 111

Security 111

Krebs on Security

SEPTEMBER 24, 2018

If you’re thinking of donating money to help victims of Hurricane Florence , please do your research on the charitable entity before giving: A slew of new domains apparently related to Hurricane Florence relief efforts are now accepting donations on behalf of victims without much accountability for how the money will be spent. For the past two weeks, KrebsOnSecurity has been monitoring dozens of new domain name registrations that include the terms “hurricane” and/or “flor

IT 234

IT 234

Security Affairs

SEPTEMBER 28, 2018

Google Project Zero disclosed details for a high severity Linux kernel a use-after-free vulnerability tracked as CVE-2018-1718. The vulnerability is a use-after-free tracked as CVE-2018-17182, it was discovered by Google Project Zero’s Jann Horn. The vulnerability was introduced in August 2014 with the release of version 3.16 of the Linux kernel. The issue could be exploited by an attacker trigger a DoS condition or to execute arbitrary code with root privileges on the vulnerable system.

Security 111

Security IT 111

Data Breach Today

SEPTEMBER 24, 2018

Massive Credit Bureau Stored Users' Plaintext Passwords in Testing Environment Massive, well-resourced companies are still using live customer data - including their plaintext passwords - in testing environments, violating not just good development practices but also privacy laws. That's yet another security failure takeaway from last year's massive Equifax breach.

Passwords 214

Passwords Privacy Security 214

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

IT Governance

SEPTEMBER 27, 2018

It’s time for the month’s list of breaches and cyber attacks, and it’s a big one. Almost 1 billion records were leaked this month – 925,633,824 to be exact. There were also a few more reported ransomware incidents than normal, some of which saw the victims paying the fine – something most security professionals advise against. The list tells me one thing: organisations need to get themselves ready for a data breach.

Data breaches 111

Data breaches Passwords Ransomware Phishing 111

WIRED Threat Level

SEPTEMBER 27, 2018

For the first time, a so-called UEFI rootkit has been spotted in the wild. And it appears to come from Russia.

IT 111

IT Security 111

Security Affairs

SEPTEMBER 27, 2018

Security experts from ESET have spotted the first UEFI rootkit of ever, the code tracked as LoJax was used in attacks in the wild. Security researchers from ESET have discovered a new piece of a sophisticated malware used by the Russia-linked Sednit group (aka Fancy Bear , APT28 , Pawn Storm , Sofacy Group , and STRONTIUM ) in targeted attacks aimed at government entities in the Balkans as well as in Central and Eastern Europe.

Military 111

Military Manufacturing Government Security 111

Data Breach Today

SEPTEMBER 28, 2018

Vulnerability in 'View As' Feature Exploited Facebook revealed Friday that it had discovered a breach that affected almost 50 million user accounts. Attackers exploited a vulnerability that enabled them to steal "access tokens," digital keys that keep users logged in so they don't need to re-enter their password.

Passwords 213

Passwords Access IT 213

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

AIIM

SEPTEMBER 27, 2018

With a little more than 3 months left of 2018, many businesses are focusing on what goals they want to achieve in the New Year. While some have talked of digital transformation, there are still an alarming number of workplaces that have yet to fully embrace digitizing paper documents and processing digital documents. Make no mistake- if you want to achieve digital transformation and you've yet to take the leap into capturing documents, the time is now and we're here to help.

Digital transformation 110

Digital transformation Paper IT Information capture 110

WIRED Threat Level

SEPTEMBER 26, 2018

Apps need your explicit permission to access your smartphone's motion and light sensors. Mobile websites? Not so much.

Access 111

Access Security 111

Security Affairs

SEPTEMBER 26, 2018

The latest samples of the HNS bot were designed to target Android devices having the wireless debugging feature ADB enabled. The Hide and Seek (HNS) IoT botnet was first spotted early this year, since its discovery the authors continuously evolved its code. The IoT botnet appeared in the threat landscape in January, when it was first discovered on January 10th by malware researchers from Bitdefender, then it disappeared for a few days, and appeared again a few weeks later infecting in a few

IoT 111

IoT Mining Access Security 111

Data Breach Today

SEPTEMBER 28, 2018

Hacker Who Kept 'Hacky Hack Hack Methods' Folder on His Computer Gets Probation An Australian man who as a teenager managed to infiltrate Apple's networks and do it again after the company expelled him - aided by a folder on his laptop storing his "Hacky Hack Hack Methods" - has been sentenced to serve eight months of probation, according to news reports.

IT 189

IT 189

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Troy Hunt

SEPTEMBER 26, 2018

I have a love-hate relationship with ad blockers. On the one hand, I despise the obnoxious ads that are forced down our throats at what seems like every turn. On the other hand, I appreciate the need for publishers to earn a living so that I can consume their hard-earned work for free. Somewhere in the middle is a responsible approach, for example the sponsorship banner you see at the top of this blog.

Analytics 109

Analytics Risk IT Security 109

WIRED Threat Level

SEPTEMBER 24, 2018

The latest update to Google's browser has riled privacy advocates by appearing to log people in without their explicit permission.

Privacy 110

Privacy Security 110

Security Affairs

SEPTEMBER 26, 2018

Uber agrees to $148 million settlement with US States and the District of Columbia over the massive 2016 data breach that exposed personal data of 57 million of its users. In November 2017, the Uber CEO Dara Khosrowshahi announced that hackers broke into the company database and accessed the personal data (names, email addresses and cellphone numbers) of 57 million of its users, the disconcerting revelation was that the company covered up the hack for more than a year.

Data breaches 111

Data breaches Personal data Privacy Security 111

Data Breach Today

SEPTEMBER 27, 2018

Cybersecurity Unit Would Be Part of a Center of Excellence for Digital Health The Food and Drug Administration plans to launch a new digital health "center of excellence" that includes a cybersecurity unit. The new unit would not only deal with cyber issues pertaining to new health technologies, but also challenges facing older medical devices.

IT 189

IT Cybersecurity 189

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Dark Reading

SEPTEMBER 28, 2018

A vulnerability in Facebook's "View As" feature let attackers steal security tokens linked to 50 million accounts, the company confirms.

Security 107

Security 107

WIRED Threat Level

SEPTEMBER 28, 2018

A new report details dozens of vulnerabilities across seven models of voting machines—all of which are currently in use.

Risk 109

Risk Security 109

Security Affairs

SEPTEMBER 23, 2018

The Port of Barcelona was hit by a cyber attack, fortunately, maritime operations had not affected. On September 20, 2018 morning, the Port of Barcelona was hit by a cyber attack that forced the operators of the infrastructure to launch the procedure to respond to the emergency. At the time of writing, there are no technical details about the cyber attack, the attackers hit several servers at the infrastructure, but maritime operations had not affected.

Cybersecurity 111

Cybersecurity Risk Security IT 111