Tuesday, May 21, 2019

Think Data Security, Not Endpoint Security

A strong data protection strategy is essential to protect information as it moves across endpoints and in the cloud.

TeamViewer Admits Breach from 2016

The company says it stopped the attack launched by a Chinese hacking group.

DHS Warns of Data Theft via Chinese-Made Drones

The drones are reportedly built with parts that can compromise organizations' data and share it on a server accessible to the Chinese government.

New Trickbot Variant Uses URL Redirection to Spread

Switch in tactic is the latest attempt by operators of the prolific banking Trojan to slip past detection mechanisms.

97% of Americans Can’t Ace a Basic Security Test

Still, a new Google study uncovers a bit of good news, too.

Killer SecOps Skills: Soft Is the New Hard

The sooner we give mindsets and tool sets equal bearing, the better. We must put SOC team members through rigorous training for emergency situations.

Financial Sector Under Siege

The old take-the-money-and-run approach has been replaced by siege tactics such as DDOS attacks and land-and-expand campaigns with multiple points of persistence and increased dwell time.

7 Signs of the Rising Threat of Magecart Attacks in 2019

Magecart attacks continue to grow in momentum. Here are the stats and stories that show what's behind the mayhem.

How a Manufacturing Firm Recovered from a Devastating Ransomware Attack

The infamous Ryuk ransomware slammed a small company that makes heavy-duty vehicle alternators for government and emergency fleet. Here's what happened.

Black Hat Q&A: Bruce Schneier Calls For Public-Interest Technologists

Ahead of his 2019 Black Hat USA talk, cybersecurity luminary Bruce Schneier explains why it's so important for tech experts to be actively involved in setting public policy.

Artist Uses Malware in Installation

A piece of 'art' currently up for auction features six separate types of malware running on a vulnerable computer.

Q1 2019 Smashes Record For Most Reported Vulnerabilities in a Quarter

Once again, a high-proportion of the reported flaws have no current fix, according to Risk Based Security.

DevOps Repository Firms Establish Shared Analysis Capability

Following an attack on their users, and their shared response, Atlassian, GitHub, and GitLab decide to make the sharing of attack information a permanent facet of their operations.

When Older Windows Systems Won’t Die

Microsoft's decision to patch unsupported machines for the critical CVE-2019-0708 flaw a reminder that XP, 2003, and other older versions of Windows still run in some enterprises.

Exposed Elasticsearch Database Compromises Data on 8M People

Personal data exposed includes full names, physical and email addresses, birthdates, phone numbers, and IP addresses.

A Trustworthy Digital Foundation Is Essential to Digital Government

Agencies must take steps to ensure that citizens trust in the security of government's digital channels.

Google to Replace Titan Security Keys Affected by Bluetooth Bug

A misconfiguration in Bluetooth Titan Security Keys' pairing protocols could compromise users under specific circumstances.

Executive Order Limits Certain Tech Sales, Hits Huawei Hard

The executive order signed by President Trump bars the sale or installation of equipment seen to be controlled by hostile foreign governments and a threat to national security.

US Charges Members of GozNym Cybercrime Gang

The FBI and counterparts from other nations say group infected over 41,000 computers with malware that steals banking credentials.

The Data Problem in Security

CISOs must consider reputation, resiliency, and regulatory impact to establish their organization's guidelines around what data matters most.
Tripwire

HawkEye Attack Wave Sends Stolen Data to Another Keylogger Provider

A recent attack wave involving HawkEye malware sends data stolen from its victims to another keylogger provider’s website. On 21 May, My Online Security came across a new sample of HawkEye. The actual delivery mechanism itself wasn’t unique compared...

Washington Issues Temporary License to Huawei

Washington Issues Temporary License to Huawei The US government has issued a temporary license to Huawei and its affiliates, allowing American companies to supply the telecoms and handset giant until August. Despite reports emerging over the weekend of various chipmakers...
isBuzz

GDPR: The Best Strategy For International Businesses

The EU’s General Data Protection Regulation (GDPR) was created with the aim of homogenising data privacy laws across the EU. GDPR also applies to organisations outside the EU, if they monitor EU data subjects, or offer goods and services...
IBM Security

How Cyber-Secure Are Business Travelers? New Report Says Not Very

I travel frequently for business — to industry conferences such as RSA Conference and Black Hat and meeting with clients. Whenever I travel, I bring my work laptop, my personal cellphone enabled with work email and calendar, and, of...

Haas F1 team leans on service providers as security force multipliers

If today’s cars are smartphones on wheels, then race cars are supercomputers with engines attached. As the fastest racing sport in the world, Formula One cars come laden with over 100 sensors measuring every aspect of a car’s internal...