Fri.Nov 16, 2018

article thumbnail

The Privacy Penalty for Voting in America

Data Breach Today

States Shouldn't Serve Up on a Platter Voters' Email Addresses and Phone Numbers Voting in the United States carries a huge privacy cost: states give away or sell voters' personal information to anyone who wants it. In this era of content micro-targeting, rampant misinformation and identity theft schemes, this trade in voters' personal data is both dangerous and irresponsible.

Privacy 231
article thumbnail

How to create a business continuity plan – with free template

IT Governance

Comprehensive BCM (business continuity management) measures are essential for responding effectively to a disruption and providing a minimum acceptable service during a disaster. A crucial aspect of BCM is the development of an effective BCP (business continuity plan). What is a business continuity plan? A BCP consists of the processes and procedures an organisation needs in order to continue operating during a disaster and recover as quickly as possible.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GandCrab Ransomware: Cat-and-Mouse Game Continues

Data Breach Today

Free Decryptor Combats 'Aggressive' Ransomware-as-a-Service Provider A new, free decryptor has been released for "aggressive" crypto-locking ransomware called GandCrab. Researchers say GandCrab has come to dominate the ransomware-as-a-service market, earning its development team an estimated $120,000 per month.

article thumbnail

Lessons from the Eurostar hack

IT Governance

Last month, cross-Channel rail service Eurostar discovered that it had suffered a hacking attempt between 15 and 19 October 2018. However, unlike other players in the travel industry that recently suffered breaches, such as BA and Cathay Pacific , Eurostar has emerged relatively unscathed. Once Eurostar realised it had suffered a data breach, it: Identified the timing and the scale of the breach; Blocked access; Emailed customers alerting them to the situation and advising them to reset password

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Texas Hospital Hit With Dharma Ransomware Attack

Data Breach Today

Altus Baytown Hospital Among Latest Healthcare Cyberattack Victims An attack on Altus Baytown Hospital in Texas is the latest ransomware incident reported to federal regulators as a health data breach. What other major ransomware incidents are impacting the healthcare sector?

More Trending

article thumbnail

China's Hack Attacks: An Economic Espionage Campaign

Data Breach Today

An analysis of China's surging hack attacks as part of an economic espionage campaign leads the latest edition of the ISMG Security Report. Also: Choosing the right MSSP, plus an analysis of the recent hijacking of Google traffic.

Security 133
article thumbnail

Surveillance Kills Freedom By Killing Experimentation

WIRED Threat Level

When we're being watched, we conform. We don't speak freely or try new things. But social progress happens in the gap between what’s legal and what’s moral.

Security 105
article thumbnail

tRat is a new modular RAT used by the threat actor TA505

Security Affairs

The threat actor TA505 behind many Dridex and Locky campaigns have been using a new Remote Access Trojan (RAT) dubbed tRat. Researchers at Proofpoint warns that the threat actor TA505 have been using a new Remote Access Trojan (RAT) dubbed tRat that implements a modular structure that was written in Delphi. The TA505 operates on a large scale, it was behind other major campaigns leveraging the Necurs botnet to deliver other malware, including the Locky ransomware , the Jaff ransomware , a

article thumbnail

Hidden Cameras in Streetlights

Schneier on Security

Both the US Drug Enforcement Administration (DEA) and Immigration and Customs Enforcement (ICE) are hiding surveillance cameras in streetlights. According to government procurement data , the DEA has paid a Houston, Texas company called Cowboy Streetlight Concealments LLC roughly $22,000 since June 2018 for "video recording and reproducing equipment.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

Security Affairs

According to Group-IB’s report findings, Asia is one of the most actively attacked regions in the world, the company presented latest cybercrime trends. Hong Kong, 16.11.2018 – Group-IB, an international company that specializes in preventing cyber attacks, presented the findings of its latest Hi-Tech Crime Trends 2018 report at the FinTech Security Conference in Hong Kong organized by Binary Solutions Limited in partnership with Group-IB.

article thumbnail

7 of the most common cyber attacks you need to prepare for

IT Governance

Organisations are warned all the time about the threat of cyber attacks, but what does that really mean? How might a crook actually inflict damage? Here are seven of the most common methods of attack. Hacking. The term ‘hacker’ is often used synonymously with ‘cyber criminal’, but it actually refers to a specific activity in which someone circumvents an organisation’s security measures.

article thumbnail

OpenText Extended ECM for Microsoft Dynamics 365 by Contesto has arrived with Release 16 EP5

OpenText Information Management

“If it’s not in CRM, it doesn’t exist.” How many times do sales professionals hear this phrase during a forecast meeting or call with their sales managers? As a participant in many sales meetings, I can usually predict when this interaction will occur during funnel reviews: directly after an account manager adds or changes a … The post OpenText Extended ECM for Microsoft Dynamics 365 by Contesto has arrived with Release 16 EP5 appeared first on OpenText Blogs.

ECM 77
article thumbnail

New Bluetooth Hack Affects Millions of Vehicles

Dark Reading

Attack could expose the personal information of drivers who sync their mobile phone to a vehicle entertainment system.

95
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Mailing Tech Support a Bomb

Schneier on Security

I understand his frustration, but this is extreme: When police asked Cryptopay what could have motivated Salonen to send the company a pipe bomb ­ or, rather, two pipe bombs, which is what investigators found when they picked apart the explosive package ­ the only thing the company could think of was that it had declined his request for a password change.

article thumbnail

95% of Organizations Have Cultural Issues Around Cybersecurity

Dark Reading

Very few organizations have yet baked cybersecurity into their corporate DNA, research finds.

article thumbnail

Cybersecurity vulnerability rises to top concern among large organizations

Information Management Resources

Tim Francis, vice president and enterprise cyber lead at Travelers Insurance, weighs in on the findings of the new Travelers Risk Index, on cyber trends heading into 2019 and what companies should do to best protect themselves.

article thumbnail

AI Poised to Drive New Wave of Exploits

Dark Reading

Criminals are ready to use AI to dramatically speed the process of finding zero-day vulnerabilities in systems.

81
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Emoji Attack Can Kill Skype for Business Chat

Threatpost

The "Kitten of Doom" denial-of-service attack is easy to carry out.

89
article thumbnail

26M Texts Exposed in Poorly Secured Vovox Database

Dark Reading

The server, which lacked password protection, contained tens of millions of SMS messages, two-factor codes, shipping alerts, and other user data.

article thumbnail

UK and EU Draft Withdrawal Agreement

Hunton Privacy

On November 14, 2018, the UK government and the EU agreed upon the text of a draft Withdrawal Agreement in relation to the UK’s impending exit from the European Union on March 29, 2019. The draft Withdrawal Agreement provides for a transition period under which the UK will remain subject to a number of its EU membership obligations, during the period starting when the UK leaves the EU on March 29, 2019 to the end of the transition period on December 31, 2020.

article thumbnail

BlackBerry Doubles Down on Security in $1.4B Acquisition of Cylance

Dark Reading

BlackBerry aims to bring Cylance artificial intelligence and security tools into its software portfolio.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Gmail Glitch Offers Stealthy Trick for Phishing Attacks

Threatpost

The issue comes from how Gmail automatically files messages into the "Sent" folder.

article thumbnail

Weekly podcast: Bank of England, the OPM, Patch Tuesday and Japanese minister

IT Governance

This week, we discuss a Bank of England cyber resilience exercise, the latest cyber security news from the US Office of Personnel Management, the highlights of this month’s Patch Tuesday, and a surprising admission by a Japanese cyber security minister. Hello and welcome to the IT Governance podcast for Friday, 16 November. Here are this week’s stories.

article thumbnail

Black Hat Europe Speaker Q&A: SoarTech's Fernando Maymi on 'Synthetic Humans'

Dark Reading

Ahead of his Black Hat Europe appearance, SoarTech's Fernando Maymi explains how and why synthetic humans are critical to the future of cybersecurity.

article thumbnail

Lock-Screen Bypass Bug Quietly Patched in Handsets

Threatpost

The flaw allows hackers to bypass handset lock screens in seconds.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

UK: First prison sentence following ICO prosecution

DLA Piper Privacy Matters

The Information Commissioner’s Office (“ ICO “) has brought a successful prosecution under the Computer Misuse Act 1990. Mustafa Kasim, a motor industry employee, was found guilty under section 1 of the Act (unauthorised access to computer material) and sentenced to six months’ imprisonment. [1]. Mr Kasim worked for car repair business Nationwide Accident Repair Services (“ NARS “), where he would use a colleague’s password to log onto the software syste

article thumbnail

Critical WordPress Flaw Grants Admin Access to Any Registered Site User

Threatpost

The privilege-escalation vulnerability would allow an attacker to inject malware, place ads and load custom code on an impacted website.

Access 53
article thumbnail

DHS Task Force Moves Forward on Playbooks for Supply Chain Security

Dark Reading

The public/private task force takes early steps toward securing the end-to-end supply chain.