Tue.Dec 03, 2019

article thumbnail

New Malware Campaign Uses Trojanized 'Tetris' Game: Report

Data Breach Today

PyXie Trojan Targets Healthcare, Educational Institutions, Blackberry Cylance Says A new malware campaign uses a Trojanized version of the game Tetris to target healthcare and educational institutions for credential stealing, according to Blackberry Cylance. Analysts have observed evidence of the threat actors attempting to deliver ransomware with the 'PyXie' Trojan.

Education 211
article thumbnail

How to Assess a System Implementation Failure - To Salvage, or Rip & Replace?

AIIM

This week I taught the AIIM Modern Records Management Master Class in Washington, DC. As with previous classes , there was a question that generated significant discussion among the students. In this instance, the question was about a system implementation that was not successful: “When you have a failed implementation, should you stick with it and try to make it work, or should you replace it with a better system?”.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

SAP Software Update Exposed NZ Firearms Register

Data Breach Today

SAP Apologizes and Blames 'Human Error' German software giant SAP has apologized after a software update mistakenly assigned higher-level privileges to some users within New Zealand's firearms buy-back database, exposing personal details for gun owners. The system has been shut down by police.

162
162
article thumbnail

Website of gunmaker Smith & Wesson hit by a Magecart attack

Security Affairs

The US gunmaker Smith & Wesson was hacked late last month in a Magecart attack, attackers injected a malicious software ski mmer. A new Magecart attack made the headlines, the victim is the American gunmaker Smith & Wesson. The hack took place last month, the attackers planted a malicious software skimmer on its website to steal customers’ payment card data.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

A Tale of Two Breach Lawsuits

Data Breach Today

Nuance Sued Following NotPetya Attack; Solara Medical Supply Sued for Exposing Patient Data Two vendors serving the healthcare sector have been targeted with breach-related lawsuits. Experts say the incidents at the center of these cases showcase the potential risks posed by vendors.

Risk 147

More Trending

article thumbnail

SAP Software Update Exposed New Zealand Firearms Register

Data Breach Today

SAP Apologizes and Blames 'Human Error' German software giant SAP has apologized after a software update mistakenly assigned higher-level privileges to some users within New Zealand's firearms buy-back database, exposing personal details for gun owners. The system has been shut down by police.

147
147
article thumbnail

European cooperation on flexibility to accelerate the energy transition

CGI

European cooperation on flexibility to accelerate the energy transition. kathy.jacquay@…. Tue, 12/03/2019 - 10:52. Early in September, we invited a number of our clients from around Europe to participate in a roundtable discussion on energy flexibility. First and foremost, it was an open exchange about the varied drivers for energy flexibility in different geographies, and how each operator is addressing the challenges they face.

article thumbnail

15 Hot Sessions at Black Hat Europe 2019

Data Breach Today

Contactless Payments, IoT, False Flag Attacks and More in the Spotlight This year's Black Hat Europe conference in London features dozens of briefings touching on a wide variety of topics, including exploiting contactless payment and Bluetooth vulnerabilities, identifying vulnerable OEM IoT devices at scale and running false-flag cyberattacks.

IoT 113
article thumbnail

Mozilla removed 4 Avast and AVG extensions for spying on Firefox users

Security Affairs

Mozilla has removed four extensions from Avast and AVG from the Firefox site that are suspected to track user activity online. Four Avast and AVG Firefox extensions have been removed from Mozilla Addons Site over concerns of spying of users. “This add-on violates Mozilla’s add-on policy by collecting data without user disclosure or consent,” explained Mozilla.

Privacy 91
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Analysis: Vendor Contract Changes Under CCPA

Data Breach Today

Getting the proper vendor contracts completed is a top concern for organizations preparing to comply with the California Consumer Privacy Act, says Caitlin Fennessy, research director at the International Association of Privacy Professionals.

Privacy 113
article thumbnail

This beautiful future depends on data and AI

IBM Big Data Hub

With its electro-light tulip garden, disco ball-adorned trees and no stone-left-unturned music lineup, "Denmark’s Most Beautiful Festival" aims to surpass guests’ expectations on safety, comfort and entertainment, from its uncannily clean bathrooms down to its whimsical camp-in-a-beer-can glamping options.

IT 85
article thumbnail

Blockchain Developer Gets Busted After Talk in North Korea

WIRED Threat Level

Hacker and Ethereum developer Virgil Griffith was recently arrested by US authorities for speaking at a conference on blockchain technologies.

article thumbnail

Philips Healthcare advances fast, accurate diagnosis

OpenText Information Management

Three words, sought by healthcare providers and patients alike: fast, accurate diagnosis. As a leader in diagnostic imaging, image-guided therapy and other patient care technologies, Philips Healthcare aims to improve the lives of billions of people every year. Philips Radiation Oncology must bridge the divides between systems and software, facilities and caregivers to deliver effective, … The post Philips Healthcare advances fast, accurate diagnosis appeared first on OpenText Blogs.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

The secret to being a successful data scientist (hint: it isn’t data or science)

DXC Technology

I wasn’t fortunate enough to be at O’Reilly’s Strata Data Conference in London earlier this year, but in his roundup of the event’s big takeaways, CIO contributor Martin De Saulles listed eight “factors shaping the future of big data, machine learning, and AI.” No. 2 on his list is “changing skillsets for data scientists.” “Cassie […].

article thumbnail

A flaw in Microsoft OAuth authentication could lead Azure account takeover

Security Affairs

A vulnerability in the Microsoft OAuth implementation exposes Azure cloud accounts to takeover. The vulnerability affects the way Microsoft applications use OAuth for authentication, these applications trust certain third-party domains and sub-domains that are not registered by Microsoft. Experts from Cyberark discovered the following three vulnerable Microsoft applications that trust these unregistered domains Portfolios , O365 Secure Score , Microsoft Service Trust.

article thumbnail

Five questions to help plan your multicloud digital transformation

IBM Big Data Hub

More companies are choosing to implement multicloud platforms that include software as a service (SaaS) due to the many opportunities, advantages, and benefits they provide.

article thumbnail

European Data Protection Board Adopts Data Protection by Design and by Default Guidelines

Data Matters

On 13 November 2019, the European Data Protection Board (“EDPB”) adopted guidelines on the GDPR’s data protection by design and by default principle (“Guidelines”). The Guidelines provide further guidance into the technical and organizational measures and safeguards that data controllers must take into account when designing their processing activities.

GDPR 60
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Talos experts found a critical RCE in GoAhead Web Server

Security Affairs

Experts at Cisco Talos found two vulnerabilities in the GoAhead embedded web server, including a critical remote code execution flaw. GoAhead is the world’s most popular, tiny embedded web server. It is developed by EmbedThis that defines it as compact, secure and simple to use. GoAhead is deployed in hundreds of millions of devices and is ideal for the smallest of embedded devices.

IoT 65
article thumbnail

European Data Protection Board Adopts Data Protection by Design and by Default Guidelines

Data Matters

On 13 November 2019, the European Data Protection Board (“EDPB”) adopted guidelines on the GDPR’s data protection by design and by default principle (“Guidelines”). The Guidelines provide further guidance into the technical and organizational measures and safeguards that data controllers must take into account when designing their processing activities.

GDPR 60
article thumbnail

“Becoming” digital: federal digitization standards here and on the horizon

Preservica

This is the third and final installment of a blog based on a webinar jointly hosted by Preservica and Deloitte entitled “ Transition to Electronic Government: Practical Advice from the Field.”. While a great deal of attention rightly has been paid to managing and accessioning into permanent archives “born digital” documents, there still remains a tremendous amount of legacy paper records that are candidates for digitization under the deadlines set in Memorandum M-19-21 issued by OMB and NARA (se

Paper 52
article thumbnail

Collibra is FedRAMP Authorized

Collibra

Collibra is FedRAMP Authorized . No one takes security more seriously than the government. Collibra takes data protection and security seriously, and that’s why so many government agencies around the world already trust Collibra to meet standards for privacy, reliability, and compliance. In order to better support the Data Citizens community, we’re proud to announce that Collibra has been authorized as a Moderate Impact Cloud Service Provider under the Federal Risk and Authorization Management P

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Episode 170: Cyber Monday is for Hackers

The Security Ledger

This Cyber Monday may have been the biggest yet - and not just for shoppers and online retailers. Hackers use the year's biggest online shopping day to cover their tracks. Brendon Macareg of Signal Sciences joins us to talk about Cyber Monday and the rising tide of e-commerce hacks. The post Episode 170: Cyber Monday is for Hackers appeared first. Read the whole entry. » Related Stories Episode 168: Application Security Debt is growing and Securing Web Apps in the Age of IoT Episode 164: Wh

Retail 52
article thumbnail

Uncovering vulnerabilities in Cryptographic libraries: Mayhem, Matrixssl, and WolfSSL

ForAllSecure

Introduction. As part of a recent initiative at ForAllSecure to analyze more open source software with Mayhem, a next-generation fuzzing solution, we decided to investigate some cryptographic libraries.

article thumbnail

New GDPR Fines Bring Important Lessons for Organizations Big and Small

Everteam

December 3, 2019 / Pat Dawson. The last several weeks have been active ones in terms of data privacy protection. In the wake of massive fines to Marriott and British Airways a few months ago, there was a slight – very slight – lull. Since late October, two new fines have been levied that bring instructive lessons for organizations looking to avoid a similar fate.

GDPR 52
article thumbnail

Buyers Lab Recognizes Kodak Alaris for Outstanding Achievement in Innovation

Info Source

Alaris INfuse Smart Connected Scanning Solution hailed as a ‘groundbreaking’ solution. ROCHESTER, N.Y., December 3, 2019 – Keypoint Intelligence – Buyers Lab (BLI) , the world’s leading independent evaluator of document imaging software, hardware and services, has recognized the Alaris INfuse Smart Connected Scanning Solution with its Outstanding Achievement in Innovation award in the Document Imaging Software category.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

The pursuit of justice

OpenText Information Management

With 20 law offices across the globe, Sidley Austin LLP devotes more than 140,000 hours per year in pro bono work to improve the lives of people around the world. It trusts OpenText™ technology to deliver timely, and necessary, legal advice. As usual, legal cases hinge on finding useful evidence and information quickly. Instead of … The post The pursuit of justice appeared first on OpenText Blogs.

IT 52
article thumbnail

FTC Announces Settlements with Four Companies Related to Allegations they Deceived Consumers over Participation in the EU-U.S. Privacy Shield

Information Governance Perspectives

The Federal Trade Commission has reached settlements with four companies that allegedly misrepresented their participation in the EU-U.S. Privacy Shield framework, which enables companies to transfer consumer data legally from European Union countries to the United States. The FTC also alleged that two of the companies failed to comply with Privacy Shield requirements.

Privacy 52
article thumbnail

Collibra is FedRAMP Authorized

Collibra

Collibra is FedRAMP Authorized . No one takes security more seriously than the government. Collibra takes data protection and security seriously, and that’s why so many government agencies around the world already trust Collibra to meet standards for privacy, reliability, and compliance. In order to better support the Data Citizens community, we’re proud to announce that Collibra has been authorized as a Moderate Impact Cloud Service Provider under the Federal Risk and Authorization Management P