10 Information Security Blogs You Should Be Reading

10 Information Security Blogs You Should Be Reading.
This is our collection of important and informative InfoSec blogs from the industry’s top leaders.
With hundreds of informative security blogs on the internet, it’s hard to sort through the respectful thought leaders, the opinion makers and the highly reckonable blogs.
These blogs provide a respectable plunge into the industry’s leading information security topics.
DARKReading is an informative community that asks important security questions, has detailed tech debates and presents comprehensive insights into leading topics.
Dan Kaminsky’s Blog Are you interested in a thought-driven security information blog?
Read informative insights from one of the industry’s leading experts.
Three posts we like from Dan Kaminsky’s Blog: 4.
Graham Cluley With a career starting in the early 1990s, Graham Cluley is an industry thought leader in the computer security industry.
Three posts we like from Isaac Kohen’s blog: If you’re looking to dive deep into the information security realm, these ten blogs will give you effective insight into becoming an industry expert.

How to stop ransomware: It’s really not that complicated

Ransomware.
[Also: WannaCry was not so shocking for nearly half of cybersecurity pros] Lee Kim, HIMSS’ director of privacy and security said the real problem is that hospitals are often stuck running outdated, legacy systems.
Register here.​ “If an organization needs to run these systems, shelter the technology from the outside world and segment it from the network,” Lee said.
“It’s always best practice to segment the network and not make it possible for one hacker to get in and pivot around your system.” After patching, segmenting and software needs, Kim said that hospitals can increase defenses with pen testing, which actively scans the system or network for exploitable vulnerabilities.
Hospitals should authorize the testing with a vendor or security employee with experience to ensure there are no disruptions due to high traffic.
Not surprisingly, the crux of the ransomware issue boils down to the biggest weakness to all networks: the user.
“For an attack to be successful,” Kim said, “they just need a door or one hole to squeeze through.” Some organizations are also labeling email as external, which can help employees determine the validity of an email sent supposedly from a member within the company.
Anti-phishing, user education and clearly marking emails as external or internal are basic blocking and tackling that can go a long way to thwarting attacks.
[Also: 5 cybersecurity threats to know about right now] “Study up or hire someone experienced in cybersecurity,” Kim said.
“That’s the unfortunate reality: the dragon is at the door.” Lee Kim and Engin Kirda will speak more on ransomware and the threat horizon at the Healthcare Security Forum, in Boston on Sept. 11-13, 2017.

Trump Hotels Hit With Data Breach

Trump Hotels Hit With Data Breach.
News The hits just keep on coming for our new president—he’s only been on the job around six months now—and the newest one focuses on his line of hotels.
Data exposed, according to reports, included credit card numbers with expiration dates, and standard identifiers like names, addresses and phone numbers.
Interestingly, the breach didn’t have much to do with Trump International Hotels itself; rather, it was focused on the Saber Hospitality Solutions system used by not only Trump, but also 32,000 separate properties worldwide.
As for why Trump’s hotels have been attacked so frequently, several potential explanations have been brought forth.
That makes the potential payoff from seizing the data of these highly-visible entities better in the process.
While the exact motivation may be unclear, it is clear that Trump hotel visits might be a bit more dangerous than the ordinary lately.
So for those planning a trip involving a stay at one of the President’s fine properties, be sure to take a few extra precautions.
Watch your credit card bills carefully, or consider reducing the amount of cash kept in the account linked to the debit card used to pay for the stay.
Simple precautions go a long way toward helping here.

Ashley Madison Offers £8.5m To Data Breach Victims

Ashley Madison Offers £8.5m To Data Breach Victims.
The fund will be available for anyone with a “valid claim” for being affected by the 2015 breach The parent company of adult dating site Ashley Madison has offered to pay an $11.2 million (£8.5m) settlement to users affected by the mass data breach which exposed 36 million accounts.
Many users have since sued the company for providing inadequate levels of data security and Ruby Life has been attempting to strike a deal with those involved.
On Friday it claimed that an agreement to settle multiple class action lawsuits had been reached and that the £8.5m fund would be available to those who “submit valid claims for alleged losses resulting from the data breach”.
In a statement, Ruby Life said: “While ruby denies any wrongdoing, the parties have agreed to the proposed settlement in order to avoid the uncertainty, expense, and inconvenience associated with continued litigation, and believe that the proposed settlement agreement is in the best interest of ruby and its customers.” In December of last year Ruby was ordered to pay US regulators $1.6 million (£1.3m) for lacking basic security practices and Ashley Madison’s founder and CEO Noel Biderman stepped down in the immediate wake of the cyber attack.
Users also reported receiving blackmail letters after the stolen data had been made public by the hackers, as scammers reacted quickly to the extremely high-profile news.
Ashley Madison is not the only dating website to have been targeted by hackers over the last couple of years.
For example, in 2016 BeautifulPeople.com suffered a data breach where the personal details of 1.1 million users were leaked online.
Are you a security pro?
Try our quiz!

Why It’s Important to Report Identity Theft and How to Do It

Why It’s Important to Report Identity Theft and How to Do It.
No matter how your identity is misused, one of the most important things you should do after you discover it is to report identity theft.
While the victims of identity theft can experience a wide range of feelings afterward, from shock and violation to anger and shame, it’s important not to let any of those stop you from reporting the crime to any and all pertinent businesses and agencies.
How can you report identity theft?
Identity theft can take a great many forms, but most of it can be traced back to specific companies or businesses that will definitely want to know that someone is misusing your information to do business with them.
Most credit card companies, loan services, banks, utility companies and similar businesses have fraud departments that you can contact to disclose the identity theft and get the accounts closed or suspended.
In addition to obtaining copies of all three of your credit reportsfrom the credit bureaus (Experian, Equifax and TransUnion), you should also strongly consider placing a fraud alert on your credit files or going for a full-out credit freeze.
You can obtain free copies of your credit reports once a year through the government owned-and-operated website AnnualCreditReport.com; however, as a victim of identity theft, you can request an additional free copy of your reports.
That said, you are probably going to want to check your credit reports regularly throughout the next year or two for any new problems or to ensure that existing fraud gets successfully removed.
Whether you file a police report or not is ultimately up to you, though it may be required by some businesses to get charges reversed or accounts closed, and it can be helpful in the future if you continue to have problems.

Vendor Exposes Millions of Verizon Customers on Amazon Cloud

Vendor Exposes Millions of Verizon Customers on Amazon Cloud.
The disclosure follows reports that an engineer at Nice Systems, which provides workforce management technology to track call center performance, allowed the data of 14 million Verizon customers to reside on an Amazon Web Services S3 bucket.
The Verizon data was part of a larger data exposure, according to UpGuard, the firm that discovered the problem.
The company did not comment on the reported Orange data exposure.
The only party — besides the vendor and Verizon — to gain access to the customers’ information was the researcher who discovered the exposure, Verizon said.
It was Chris Vickery, director of cyber risk research at UpGuard, who discovered the exposed data, an UpGuard spokesperson confirmed to the E-Commerce Times.
The “overwhelming majority” of the exposed data had no external value, the company said, but it confirmed that it included a “limited amount of personal information.”
To the extent that PINs were included in the data set, they were used to authenticate a customer calling into Verizon’s wireline call center, but they did not provide online access to customer accounts, according to the company.
Although Upguard hasn’t discussed how it discovered the exposed data, it’s likely the researcher scanned the S3 namespace — a unique root folder where users store their data — looking for misconfigured buckets, Nunnikhoven told the E-Commerce Times.
Amazon should not be blamed entirely for the incident, he said, noting that the S3 buckets are secure by default.

Iran state media accuses Saudis of planting false news story

Iran state media accuses Saudis of planting false news story.
(CNN)A state-run Iranian news agency has accused Saudi hackers of planting a fabricated news story on its Twitter account, as a crisis in the Gulf centered around Qatar deepens.
The tweet, if it were true, would likely inflame tensions in the region between Qatar and a quartet of countries led by Saudi Arabia, which has frozen trade and diplomatic ties with Qatar, claiming it supports terror organizations.
Saudi Arabia has no diplomatic ties with Iran or Israel, and it sees Iran as a key rival.
In a statement issued Monday, Alalam said: “Alalam News Network categorically denies spurious and bogus stories which are published via its hacked Twitter account.” “Saudi news agencies and websites, though fully aware of the fact that Alalam’s Twitter account has been hacked, publish these false news stories immediately, designating their collusion with the hackers,” the statement said.
Alalam said in its statement that it had been under a series of cyber-attacks for days.
Last week, it published a story accusing Saudi hackers of breaking into its Twitter account.
The Twitter account is still under the control of hackers, the news agency has said.
But Qatar said that the Washington Post report proved its version of events, that its websites were hacked and that quotes were fabricated and published.

Newcastle City Council Data Breach Exposes Details Of Adopted Children

Newcastle City Council Data Breach Exposes Details Of Adopted Children.
ICO investigates after sensitive information was sent out in a spreadsheet Newcastle City Council is under investigation by the Information Commissioner’s Office (ICO) for a data breach that saw details about adopted children and their parents sent out in an email by mistake.
Names, addresses and birth dates of 2,743 adopted children, alongside details of parents, social workers and former adoptees, were included in a spreadsheet attached to the city’s annual adoption summer party.
The council has said the mistake was caused by human error and that it has taken steps to mitigate the leak, contact all those involved, and to ensure it doesn’t happen again.
A helpline has been set up for those who think they may have been affected, while staff training has been involved.
“I am truly sorry for the distress caused to all those affected,” said Newcastle City Council’s director of people, Ewen Weir.
The council takes data protection and confidentiality very seriously and has acted swiftly to understand what happened and who has been affected.
“The email and attachment were sent to 77 people.
This attachment contained personal details relating to 2,743 individuals, comprising current and former adoptees, parents and social workers who had been involved with these families.
Quiz: Are you a privacy expert?

Your trusted e-Payment service and technology partner in Asia

Your trusted e-Payment service and technology partner in Asia.
Every business today aims to establish itself in the digital space.
Amidst making the most of technological development, it is necessary that transaction data is kept safe and secure.
Customized payment services AsiaPay has been in the ePayment business for 17 years.
AsiaPay provides online businesses not only with complex payment solutions, but also with a full range of consulting services to help customers choose the best payment option and easily integrate it into any website.
AsiaPay has over 17 years industrial experience by serving prestigious companies such as Ikea, Tesla, AVIS, JTB, Nike, Nestlé, Mcdonald’s, L’Occitane, Accor Hotel, The Peninsula Hotel, Harbour Plaza Hotel, SaSa.com, AVIVA, MSIG, Cathay Pacific, HK Airlines, MTR, Octopus Card, Yahoo!Hong Kong and many more.
Broad brand recognition AsiaPay has achieved many accolades.
The most secure and stable payment processing AsiaPay works with the largest banks in Asia, Europe, Australia and Great Britain.
Going forward, the team at AsiaPay aims to improve payment methods, payment channels, and payment experience.
Payment experiences are changing, and thus, the company aims to enhance the experience of clients and customers by providing safe and secure payment options in the future.

Cost of a data breach eased 10% to $3.6M globally

The average cost of a data breach is $3.62 million globally, a 10% decline from $4 million in 2016, according to a study sponsored by IBM Security and conducted by Ponemon Institute.
This is the first time since the global study was created that there has been an overall decrease in the cost.
According to the study, these data breaches cost companies $141 per lost or stolen record on average.
However, many regions experienced an increased cost of a data breach – for example, the cost of a data breach in the United States was $7.35 million, a five percent increase compared to last year.
Organizations in the Middle East, Japan, South Africa, and India all experienced increased costs in 2017 compared to the four-year average costs.
Analyzing the 11 countries and two regions surveyed in the report, IBM Security identified a close correlation between the response to regulatory requirements in Europe and the overall cost of a data breach.
European countries saw% decrease in the total cost of a data breach over last year’s study.
Healthcare data breaches cost organizations $380 per record, more than 2.5 times the global average across industries at $141 per record.
The involvement of third-parties in a data breach was the top contributing factor that led to an increase in the cost of a data breach, increasing the cost $17 per record.
Having an incident response team in place resulted in $19 reduction in cost per lost or stolen record, followed by extensive use of encryption ($16 reduction per record) and employee training ($12.50 reduction per record).