The Last Watchdog

MARCH 20, 2019

Y2Q. Years-to-quantum. We’re 10 to 15 years from the arrival of quantum computers capable of solving complex problems far beyond the capacity of classical computers to solve. PQC. Post-quantum-cryptography. Right now, the race is on to revamp classical encryption in preparation for the coming of quantum computers. Our smart homes, smart workplaces and smart transportation systems must be able to withstand the threat of quantum computers.

Encryption 118

Encryption Cybersecurity Digital transformation IoT 118

Krebs on Security

MARCH 17, 2019

Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they’ve become de facto identities. At the same time, when you lose control over a phone number — maybe it’s hijacked by fraudsters, you got separated or divorced, or you were way late on your phone bill payments — whoever inherits that number can then be you in a lot of places online.

Passwords 253

Passwords Access Authentication IT 253

Data Breach Today

MARCH 21, 2019

Facebook Under Fresh Scrutiny Over How It Stored User Passwords Facebook has corrected an internal security issue that allowed the company to store millions of user passwords in plaintext that were then available to employees through an internal search tool.

Passwords 261

Passwords Security IT 261

AIIM

MARCH 18, 2019

Seven (yes, seven!) years ago, AIIM published “The Big Data Balancing Act - Too much yin and not enough yang?” The author of the report was none other than Nuxeo’s David Jones, who worked as a business analyst for AIIM at the time. The premise of the report -- published at the height of the Big Data hype cycle -- was that only part of the Big Data story was being told.

Artificial Intelligence 137

Artificial Intelligence Big data Content services IT 137

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

The Last Watchdog

MARCH 21, 2019

Unless you decide to go Henry David Thoreau and shun civilization altogether, you can’t — and won’t — stop generating data , which sooner or later can be traced back to you. Related: The Facebook factor. A few weeks back I interviewed a white hat hacker. After the interview, I told him that his examples gave me paranoia. He laughed and responded, “There’s no such thing as anonymous data; it all depends on how determined the other party is.”.

Metadata 218

Metadata IT Privacy Education 218

Data Breach Today

MARCH 20, 2019

Targeted Crypto-Locking Malware Attack Follows French Firm Being Hit Aluminum giant Norsk Hydro has been hit by LockerGoga ransomware, which was apparently distributed to endpoints by hackers using the company's own Active Directory services against it. To help safeguard others, security experts have called on Hydro to release precise details of how it was hit.

Ransomware 244

Ransomware Security IT 244

AIIM

MARCH 19, 2019

In today's world, where the consumer is king, excellent customer experience is imperative for the success of your business. To achieve this, your data cannot be fragmented, redundant, obsolete, or inaccessible. Most organizations are currently dealing with more information than they can handle. This can be expensive as resources on storing, protecting, and securing information are costly.

Customer Experience 108

Customer Experience Metadata Financial Services IT 108

The Last Watchdog

MARCH 19, 2019

Security information and event management, or SIEM, could yet turn out to be the cornerstone technology for securing enterprise networks as digital transformation unfolds. Related: How NSA cyber weapon could be used for a $200 billion ransomware caper. Exabeam is a bold upstart in the SIEM space. The path this San Mateo, CA-based vendor is trodding tells us a lot about the unfolding renaissance of SIEMs – and where it could take digital commerce.

Big data 127

Big data IoT Analytics Digital transformation 127

Security Affairs

MARCH 17, 2019

Threat actors targeted Office 365 and G Suite cloud accounts using the IMAP protocol to bypass multi-factor authentication (MFA). Over the past months, threat actors have targeted Office 365 and G Suite cloud accounts using the IMAP protocol to bypass multi-factor authentication (MFA). Experts at Proofpoint conducted an interesting study of massive attacks against accounts of major cloud services, The experts noticed that attackers leverage legacy protocols and credential dumps to increase the e

Phishing 112

Phishing Authentication Passwords Cloud 112

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Data Breach Today

MARCH 22, 2019

Brian Honan of BH Consulting on When to Notify - or Not Since the EU's new GDPR privacy law came into effect in May 2018, one challenge for organizations that suffer a breach is knowing whether or not they must report it to authorities, says Brian Honan, president and CEO of BH Consulting in Dublin.

GDPR 235

GDPR Data breaches Privacy IT 235

DXC Technology

MARCH 19, 2019

If you want to do serverless computing today chances are you’re using Amazon Web Services (AWS) Lambda. Which is fine if you’re wedded to AWS, but if you’d rather use another cloud or run a hybrid cloud, AWS-specific Lambda may not be ideal. Enter TriggerMesh Knative Lambda Sources (KLASS), which offers a way to bridge […].

Cloud 105

Cloud 105

The Last Watchdog

MARCH 21, 2019

As sure as the sun will rise in the morning, hackers will poke and prod at the web applications companies rely on – and find fresh weaknesses they can exploit. Related: Cyber spies feast on government shut down. Companies are scaling up their use of web apps as they strive to integrate digital technology into every aspect of daily business operation.

Digital transformation 118

Digital transformation Libraries Security Cloud 118

Security Affairs

MARCH 21, 2019

Pwn2Own 2019 hacking competition is started and participants hacked Apple Safari browser, Oracle VirtualBox and VMware Workstation on the first day. As you know I always cover results obtained by white hat hackers at hacking competitions, for this reason, today I’ll share with you the results of the first day of the Pwn2Own 2019. Pwn2Own 2019 is the hacking competition organized by Trend Micro’s Zero Day Initiative (ZDI) that is taking place in Vancouver, Canada, alongside the CanSecWest c

Security 104

Security IT 104

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Data Breach Today

MARCH 20, 2019

Craig Goodwin of CDK Global on Adding Security to Development As CSO of CDK Global LLC, Craig Goodwin has been part of the rollout of a new API platform that he believes will revolutionize automotive purchasing. Goodwin offers his perspective on security's role in application DevOps.

Security 231

Security 231

IT Governance

MARCH 21, 2019

You might have heard increased chatter recently about the need for an EU representative under the GDPR (General Data Protection Regulation). This rule applies to any organisation outside the EU that monitors the behaviour of, or provides goods or services to, EU residents. The representative will be a point of contact for data subjects and supervisory authorities concerning data protection queries.

GDPR 103

GDPR Personal data Compliance Risk 103

The Last Watchdog

MARCH 22, 2019

Malvertising is rearing its ugly head – yet again. Malicious online ads have surged and retreated in cycles since the earliest days of the Internet. Remember when infectious banner ads and viral toolbars cluttered early browsers? Related: Web application exposures redouble. Historically, with each iteration of malicious ads, the online advertising industry, led by Google, has fought back, and kept this scourge at a publicly acceptable level.

Retail 101

Retail Personal data Phishing Encryption 101

Security Affairs

MARCH 20, 2019

James Forshaw, a white hat hacker at Google Project Zero, has discovered a new class of bugs that affect Windows and some of its drivers. Google Project Zero hacker James Forshaw discovered a new class of flaws that reside in some of the kernel mode drivers in Windows that could allow attackers to escalate privileges. The flaws are caused by the lack of necessary checks when handling specific requests.

Access 104

Access Security Risk IT 104

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Data Breach Today

MARCH 20, 2019

Agency Receives Critique on Draft of Premarket Medical Device Cyber Guidance Update The FDA is generally on the right track in updating guidance for the cybersecurity of premarket medical devices. But a variety of changes are needed, say some of the healthcare sector companies and groups that submitted feedback to the agency.

Cybersecurity 230

Cybersecurity 230

IT Governance

MARCH 18, 2019

ISO 27001 is the international standard that describes best practice for an ISMS (information security management system). The Standard takes a risk-based approach to information security, requiring organisations to identify threats to their organisation and select appropriate controls to tackle them. Those controls are outlined in Annex A of the Standard.

Information Security 100

Information Security Risk Paper Encryption 100

Schneier on Security

MARCH 20, 2019

This isn't a security story, but it easily could have been. Last Saturday, Zipcar had a system outage : "an outage experienced by a third party telecommunications vendor disrupted connections between the company's vehicles and its reservation software.". That didn't just mean people couldn't get cars they reserved. Sometimes is meant they couldn't get the cars they were already driving to work: Andrew Jones of Roxbury was stuck on hold with customer service for at least a half-hour while he and

IT 98

IT Security 98

Security Affairs

MARCH 22, 2019

Russian APT groups are targeting European governments for cyber-espionage purposes ahead of the upcoming European elections. According to experts from FireEye, Russia-linked APT28 (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) and Sandworm Team (also TeleBots ) cyberespionage groups are targeting European governments for cyber-espionage purposes ahead of the upcoming European elections.

Government 101

Government Military Phishing Access 101

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Data Breach Today

MARCH 19, 2019

Crypto-Locking Malware Attack Results in 'Temporary Stoppage at Several Plants' Norsk Hydro, one of the world's largest aluminum producers, has been hit by a crypto-locking ransomware attack that began at one of its U.S. plans and has disrupted some global operations. A Norwegian cybersecurity official said the ransomware strain may be LockerGoga.

Ransomware 226

Ransomware Cybersecurity IT 226

WIRED Threat Level

MARCH 22, 2019

The Homeland Security Department inspector general released a damning report about FEMA's inability to safeguard the personal info of the people it helped.

Security 107

Security IT 107

IT Governance

MARCH 22, 2019

Up to 600 million Facebook users have had their passwords leaked in an internal data breach. Security researcher Brian Krebs broke the news on 21 March 2019, explaining that the social network’s internal company servers contained passwords stored in plaintext. This means they weren’t encrypted, making them freely accessible to as many as 20,000 employees, most of whom had no reason to access this information.

Data breaches 95

Data breaches Passwords Encryption Authentication 95

Security Affairs

MARCH 22, 2019

The U.S. Department of Homeland Security Thursday issued a security advisory for multiple vulnerabilities affecting over a dozen heart defibrillators. Multiple vulnerabilities in the heart defibrillators could be exploited by attackers to remotely control the devices, potentially putting the lives of patients at risk. An implantable cardioverter-defibrillator (ICD) is a device implantable inside the human body that performs cardioversion, defibrillation, and pacing of the heart. .

Communications 99

Communications Encryption Access Manufacturing 99

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Data Breach Today

MARCH 22, 2019

Life After WannaCry and NotPetya: Europol Wants EU Member States To Be Ready Life after WannaCry and NotPetya: Europol, the EU's law enforcement intelligence agency, wants member states to be able to rapidly respond to the next big cyberattack against Europe. But with warnings of ongoing Russian election interference campaigns, the next big attack may already be underway.

224

224

Schneier on Security

MARCH 21, 2019

The Daily Beast is reporting that First Look Media -- home of The Intercept and Glenn Greenwald -- is shutting down access to the Snowden archives. The Intercept was the home for Greenwald's subset of Snowden's NSA documents since 2014, after he parted ways with the Guardian the year before. I don't know the details of how the archive was stored, but it was offline and well secured -- and it was available to journalists for research purposes.

Archiving 92

Archiving Access IT Security 92

WIRED Threat Level

MARCH 21, 2019

Facebook has disclosed that it stored hundreds of millions of user passwords in plaintext, where employees could search them.

Passwords 111

Passwords IT Security 111