Mon.Mar 18, 2019

article thumbnail

Unsecure Fax Server Leaked Patient Data

Data Breach Today

Incident Highlights the Importance of Vendor Risk Management A medical software vendor's unsecured fax server leaked patients' medical information, highlighting yet again the importance of vendor risk management.

Risk 218
article thumbnail

The Artificial Intelligence Yin Needs a Business Yang

AIIM

Seven (yes, seven!) years ago, AIIM published “The Big Data Balancing Act - Too much yin and not enough yang?” The author of the report was none other than Nuxeo’s David Jones, who worked as a business analyst for AIIM at the time. The premise of the report -- published at the height of the Big Data hype cycle -- was that only part of the Big Data story was being told.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

UN Report: N. Korea Targets Cryptocurrency Exchanges, Banks

Data Breach Today

Nation Flaunts Sanctions via Cybercrime Efforts North Korea's cybercrime capabilities have given the country the ability to flaunt international sanctions by allowing the regime to steal millions in currency not only from banks but also from cryptocurrency exchanges, according to a report from the United Nation's Security Council.

Security 213
article thumbnail

ISO 27001: The 14 control sets of Annex A explained

IT Governance

ISO 27001 is the international standard that describes best practice for an ISMS (information security management system). The Standard takes a risk-based approach to information security, requiring organisations to identify threats to their organisation and select appropriate controls to tackle them. Those controls are outlined in Annex A of the Standard.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Bitcoin Exchange's CEO Gets Suspended Sentence

Data Breach Today

Mt. Gox's CEO, Mark Karpelès, Convicted on One Charge, Exonerated of Fraud, Embezzlement The former CEO of what was once the world's most popular bitcoin exchange, Mt. Gox, will not serve prison time. Mark Karpelès was sentenced Friday to two and a half years in prison on one charge of falsifying data, but the sentence was suspended. He was cleared of embezzlement and fraud charges.

196
196

More Trending

article thumbnail

Can Machine Learning Systems 'Overlearn'?

Data Breach Today

Sam Curry of Cybereason on When to Trust ML Systems Machine learning systems adapt their behavior on the basis of a feedback loop, so they can overlearn and develop blind spots, which if not understood by practitioners can lead to dangerous situations, says Sam Curry of Cybereason.

184
184
article thumbnail

GCHQ implements World War II cipher machines in encryption app CyberChef

Security Affairs

UK intelligence agency GCHQ released emulators for World War II cipher machines (Enigma, Typex and The Bombe) that can be executed in the encryption app CyberChef. UK intelligence agency GCHQ, as part of the celebration of its centenary , has released emulators for World War II cipher machines that can be executed in the encryption app CyberChef released for educational purposes.

article thumbnail

Telemetry: Monitoring Applications in Hostile Environments

Data Breach Today

Aaron Lint of Arxan on How Application Telemetry Can Guide Security Strategies Getting a telemetry stream back from applications can help organizations to "adjust much more quickly to see how practical attacks are happening on the endpoint and then go to mitigate," says Aaron Lint of Arxan.

Security 155
article thumbnail

New IoT Security Bill: Third Time's the Charm?

Dark Reading

The latest bill to set security standards for connected devices sold to the US government has fewer requirements, instead leaving recommendations to the National Institute of Standards and Technology.

IoT 80
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Hackers used Scanbox framework to hack Pakistani Govt’s passport application tracking site

Security Affairs

Experts uncovered a watering hole attack against the Pakistani Govt’s passport application tracking site, hackers used the Scanbox Framework to steal visitors’ data. Security experts at Trustwave have shared their findings of a recent data breach suffered by a Pakistani government website. The attackers used the Scanbox Framework , the intrusion is similar to another attack that last week hit the Bangladeshi Embassy in Cairo.

Sales 80
article thumbnail

CAs Reissue Over One Million Weak Certificates

Schneier on Security

Turns out that the software a bunch of CAs used to generate public-key certificates was flawed : they created random serial numbers with only 63 bits instead of the required 64. That may not seem like a big deal to the layman, but that one bit change means that the serial numbers only have half the required entropy. This really isn't a security problem; the serial numbers are to protect against attacks that involve weak hash functions, and we don't allow those weak hash functions anymore.

article thumbnail

A new development shows a potential shift to using Mirai to target enterprises

Security Affairs

PaloAlto Networks researchers discovered a new variant of the infamous Mirai botnet is targeting IoT devices belonging to businesses. Researchers at PaloAlto Networks spotted a new variant of the infamous Mirai botnet is targeting IoT devices belonging to businesses. Mirai malware first appeared in the wild in 2016 when the expert MalwareMustDie discovered it in massive attacks aimed at Internet of Things (IoT) devices.

IoT 75
article thumbnail

Don’t wait to set your data strategy as Netezza goes end of support

IBM Big Data Hub

Support for Netezza TwinFin and Striper models will end as early as June 2019, potentially leaving business-critical data in unsupported environments. Yet there’s no need for long-time Netezza customers to take those risks. The next stage in Netezza’s evolution has already arrived.

Risk 73
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Slack Launched Encryption Key Addon For Businesses

Security Affairs

Slack announced today to launch encryption keys that will help businesses to protect their data. Slack announced today to launch encryption keys that will help businesses to protect their data. Staying safe is the toughest job in this risky online world. With the exponential growth of online threats , companies are working days and nights to fight with the hackers, snoopers, cybercriminals and other bad guys.

article thumbnail

Here's What It's Like to Accidentally Expose the Data of 230M People

WIRED Threat Level

The owner of Exactis, a 10-person firm that exposed a database including nearly every American, tells the story of his company's downfall.

IT 80
article thumbnail

Employment Scams Increasingly Targeting Job Seekers

Adam Levin

Employment fraud is currently the most prevalent scam targeting consumers, according to Better Business Bureau report. The scams primarily target job-seekers with promises of great job opportunities and high pay. One victim in Montana was approached by what appeared to be a courier service offering him more than $70,000 per year to purchase and ship consumer electronics.

article thumbnail

Are You Prepared for a Zombie (Domain) Apocalypse?

Dark Reading

When a domain registration expires, they can be claimed by new owners. And sometimes, those new owners have malicious intent.

80
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Privacy Regulations Needed for Next-Gen Cars

Threatpost

With wide deployment expected in the next decade, the driverless automobile landscape looks fraught – from road safety to data protection.

Privacy 73
article thumbnail

New Europol Protocol Addresses Cross-Border Cyberattacks

Dark Reading

The protocol is intended to support EU law enforcement in providing rapid assessment and response for cyberattacks across borders.

70
article thumbnail

Why we’re awarding innovation and experimentation

DXC Technology

Business is changing fast. Companies are looking to rapidly scale their digital efforts, drawing strength from new digital service platforms and deeper integration of enterprise processes. Leaders will master information flows and data markets. They will need to innovate to survive and thrive. A key aspect of digital innovation today is having a culture of […].

article thumbnail

Mirai Variant Goes After Enterprise Systems

Threatpost

The newest Mirai variant is targeting WePresent WiPG-1000 Wireless Presentation systems and LG Supersign TVs used by enterprises.

IoT 66
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

3 conseils pour automatiser votre expérience client

DXC Technology

Décembre dernier, je me suis rendu au Customer Contact Week à Las Vegas, la grande messe mondiale des professionnels du service client. “L’automatisation est bien là”, c’est la conclusion de mes échanges avec les différents intervenants et conférenciers de cet évènement. Côté participants, la majorité d’entre eux ont exprimé l’urgence d’aller de l’avant, mais aussi […].

48
article thumbnail

Fourth Major Credential Spill in a Month Hits DreamMarket

Threatpost

Gnosticplayers has released about 26 million records from what he said are breaches of six new companies.

Privacy 66
article thumbnail

Winning Tactics for Becoming a Certified Records Manager (CRM)

IG Guru

So you want to become a Certified Records Manager (CRM)? For those of us in Records and Information Management (RIM), becoming a Certified Records Manager (CRM) is a significant milestone. It takes intense focus, dedication, fortitude, endurance, and knowledge to become a CRM. The CRM credential provides the basis of the essential skill set and aptitude […].

article thumbnail

RSA Recap: CTO Zulfikar Ramzan talks about Trust, Zero Trust and the Debate over Going Dark

The Security Ledger

I talk with Zulfikar Ramzan, Chief Technology Officer (CTO) at RSA Security* about the major trends at this year's RSA Conference including the growing focus on digital risk and trust, the debate around encryption, law enforcement and "going dark" and what people mean when they talk about "zero trust" networks. The post RSA Recap: CTO Zulfikar. Read the whole entry. » Related Stories Automation, Machine Learning Power Future of SIEM At RSA: Focus on Cyber in the Public Interest Following Se

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

The Netherlands – DPA reiterates strict position on alcohol, drug and medicine testing   

DLA Piper Privacy Matters

The Dutch Data Protection Authority published an article in which it again affirms that testing employees on alcohol, drugs or medicines can only be performed if there is a specific legal basis to carry out such tests. Earlier, the Dutch DPA gave an explanation on some Q&A’s on this subject. The Dutch DPA states that the risks of a possible breach of privacy must be minimalized and the tests are therefore only permitted under strict conditions.

GDPR 40
article thumbnail

India’s Intermediary Guidelines

Adam Shostack

I’ve signed on to Access Now’s letter to the Indian Ministry of Electronics and Information Technology, asking the Government of India to withdraw the draft amendments proposed to the Information Technology (Intermediary Guidelines) Rules. As they say in their press release : Today’s letter, signed by an international coalition of 31 organizations and individuals, explains how the proposed amendments threaten fundamental rights and the space for a free internet, while not addressing

Privacy 40
article thumbnail

Dragos Buys ICS Firm with US Dept. of Energy Roots

Dark Reading

NexDefense ICS security tool will be offered for free by Dragos.