Thu.Oct 10, 2019

article thumbnail

MY TAKE: CASBs help companies meet ‘shared responsibility’ for complex, rising cloud risks

The Last Watchdog

Cloud Access Security Brokers – aka “caz-bees” — have come a long way in a short time. CASBs, a term coined by tech industry consultancy Gartner, first cropped about seven years ago to help organizations enforce security and governance policies as they commenced, in earnest, their march into the cloud. Related: Implications of huge Capital One breach CASBs supplied a comprehensive set of tools to monitor and manage the multitude of fresh cyber risks spinning out of the rise in in corporate

Cloud 161
article thumbnail

How Cybercriminals Continue to Innovate

Data Breach Today

Europol Report: Ransomware, DDoS, Business Email Compromises Are Persistent Threats Online attack threats continue to intensify, with criminals preferring ransomware, DDoS attacks and business email compromises, warns Europol, the EU's law enforcement intelligence agency. After numerous successful disruptions by police, criminals have responded by launching increasingly complex attacks.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

When Improving Processes, Anticipate Circumstances Beyond Your Control

Weissman's World

We spend a lot of time advocating for process improvement everywhere we can – the proven thinking being that even the best information available loses value if it can’t be effectively shared and leveraged. But there’s one element that consistently goes missing that warrants special attention: the need to anticipate circumstances beyond our control and […].

IT 168
article thumbnail

Compliance: Mississippi State Agencies Have a Long Way to Go

Data Breach Today

Audit Finds Agencies Not Following State's Cybersecurity Law The personal data of Mississippi citizens is susceptible to breaches because many state agencies, universities and other organizations are failing to comply with all the mandates of the state's cybersecurity law, according to a report issued by the Office of the State Auditor.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Own Your Cloud Security

Thales Cloud Protection & Licensing

It’s hard to believe it’s mid-October. Along with autumn, comes National Cybersecurity Awareness Month (NCSAM). The NCSAM 2019 focuses on personal accountability. Driven through mass public engagement, the ‘Own IT. Secure. IT. Protect IT.’ theme will help to encourage personal accountability and proactive behavior in digital privacy, security best practices, common cyber threats and cybersecurity careers.

Cloud 115

More Trending

article thumbnail

Attackers Hide Behind Trusted Domains, HTTPS

Dark Reading

One in four malicious URLs employed a legitimate domain, making it more difficult for potential victims to spot possible dangers, a mid-year report finds.

IT 95
article thumbnail

Complying with New York's SHIELD Act

Data Breach Today

What should healthcare organizations know about complying with the breach notification and data security requirements of New York's SHIELD Act? And how does the new law compare with HIPAA? Jon Moore, chief risk officer at consulting firm Clearwater, explains.

Risk 171
article thumbnail

How to Think Like a Hacker

Dark Reading

In the arms race of computer security, it's never been more important to develop an adversarial mindset that can identify assumptions and determine if and how they can be violated.

article thumbnail

Fighting Human Nature: How to Combat Socially Engineered Account Takeover Attacks

Data Breach Today

Learn from a former U.S. Cybercriminal on why social engineering is one of the most difficult to stop online crimes. As a fraud management leader, are you aware that social engineering is a widespread and increasingly common tactic used to takeover customer accounts? Learn more about why social engineering is one of the most dangerous and difficult to stop online crimes.

162
162
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Wi-Fi Hotspot Tracking

Schneier on Security

Free Wi-Fi hotspots can track your location , even if you don't connect to them. This is because your phone or computer broadcasts a unique MAC address. What distinguishes location-based marketing hotspot providers like Zenreach and Euclid is that the personal information you enter in the captive portal­ -- like your email address, phone number, or social media profile­ -- can be linked to your laptop or smartphone's Media Access Control (MAC) address.

Privacy 85
article thumbnail

Volusion Payment Platform Sites Hit by Attackers

Data Breach Today

Sesame Street Live Among Sites Hit by Card-Skimming Attacks, Researcher Warns A security researcher has uncovered credit card skimming attacks targeting websites that use a cloud-based payment platform from Volusion. Among the victims: The Sesame Street Live online store.

Cloud 142
article thumbnail

California Attorney General Issues Proposed Regulations for CCPA

Hunton Privacy

On October 10, 2019, the California Attorney General (“AG”) announced Proposed Regulations implementing the California Consumer Privacy Act of 2018 (“CCPA”). Along with a Notice of Proposed Rulemaking Action and the Text of Proposed Regulations , the AG issued an Initial Statement of Reasons elaborating on the purposes of the proposed regulations. According to the AG , “The proposed regulations would establish procedures to facilitate consumers’ new rights under the CCPA and provide guidance to

article thumbnail

Preventing Election Interference: New Recommendations

Data Breach Today

Senate Intel Committee Calls for Congress, White House and Social Media Firms to Take Action To counter efforts to interfere in the 2020 presidential election, the Senate Intelligence Committee recommends new security measures for social media companies, new legislation and creating an interagency task force.

Security 134
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Sophos fixed a critical vulnerability in Cyberoam firewalls

Security Affairs

A vulnerability in Sophos Cyberoam firewalls could be exploited by an attacker to gain access to a target’s internal network without authentication. Sophos addressed a vulnerability in its Cyberoam firewalls that could be exploited by an attacker to gain access to a company’s internal network without providing a password. “A critical shell injection vulnerability in Sophos Cyberoam Firewall appliances running CyberoamOS (CROS) version 10.6.6 MR-5 and earlier was recently discovered and res

article thumbnail

What is the ISO 27000 series of standards?

IT Governance

The ISO/IEC 270001 family of standards, also known as the ISO 27000 series, is a series of best practices to help organisations improve their information security. Published by ISO (the International Organization for Standardization) and the IEC (International Electrotechnical Commission) , the series explains how to implement an ISMS (information security management system).

article thumbnail

Tor Project is going to remove End-Of-Life relays from the network

Security Affairs

Maintainers at the Tor Project have removed from its network more than 800 relay servers running outdated and EOL versions of the Tor software. Currently, the Tor network is composed of more than 6000 relays, some of them running outdated Tor software versions (in some cases back to the 0.2.4.x versions). Other relays are running the latest Tor software in nightly builds and alpha releases.

Privacy 81
article thumbnail

New Reductor Nation-State Malware Compromises TLS

Schneier on Security

Kaspersky has a detailed blog post about a new piece of sophisticated malware that it's calling Reductor. The malware is able to compromise TLS traffic by infecting the computer with hacked TLS engine substituted on the fly, "marking" infected TLS handshakes by compromising the underlining random-number generator, and adding new digital certificates.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Attor malware was developed by one of the most sophisticated espionage groups

Security Affairs

New espionage malware found targeting Russian-speaking users in Eastern Europe. ESET found an advanced malware piece of malware named Attor, targeting diplomats and high-profile Russian-speaking users in Eastern Europe. ESET researchers discovered an advanced malware piece of malware named Attor , that was used in cyberespionage operations on diplomats and high-profile Russian-speaking users in Eastern Europe.

article thumbnail

Planting Tiny Spy Chips in Hardware Can Cost as Little as $200

WIRED Threat Level

A new proof-of-concept hardware implant shows how easy it may be to hide malicious chips inside IT equipment.

IT 105
article thumbnail

California Attorney General Releases Proposed CCPA Regulations

Data Matters

Earlier today, the California Attorney General ended months of anticipation by releasing the text of his proposed California Consumer Privacy Act (CCPA) regulations. Comments on the proposed regulations are due by December 6, 2019, and the Attorney General’s office will hold public hearings on the regulations on December 2 (Sacramento), December 3 (Los Angeles), December 4 (San Francisco), and December 5 (Fresno).

Privacy 68
article thumbnail

iTunes Zero-Day flaw exploited by the gang behind BitPaymer ransomware

Security Affairs

The gang behind BitPaymer and ransomware attacks has been found exploiting Windows zero-day for Apple iTunes and iCloud. The cybercriminals behind BitPaymer and iEncrypt ransomware attacks have been found exploiting a Windows zero-day vulnerability for Apple iTunes and iCloud in attacks in the wild. The zero-day vulnerability resides in the Bonjour updater that comes packaged with Apple’s iTunes and iCloud software for Windows to evade antivirus detection.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

The relationship-powered enterprise

DXC Technology

In a workplace increasingly filled with intelligent machines, strong interpersonal relationships between actual humans will be critical to an enterprise’s success. That’s according to an organization called the Business Relationship Management Institute (BRMI), which recently unveiled a theory it calls “Relationshipism.” I think the folks at BRMI maybe could have brainstormed a bit longer before […].

article thumbnail

NCSC announces major change to the Cyber Essentials scheme

IT Governance

Over the past five years, the Cyber Essentials scheme has been vital in helping protect organisations from some of the most common causes of data breaches. However, the NCSC (National Cyber Security Centre) has announced a change to the way the scheme is run. From April 2020, the five Cyber Essentials accreditation bodies will be replaced by one, the IASME Consortium.

article thumbnail

iTunes Zero-Day Exploited to Deliver BitPaymer

Dark Reading

The ransomware operators targeted an "unquoted path" vulnerability in iTunes for Windows to evade detection and install BitPaymer.

article thumbnail

Why you should join Jamf Nation

Jamf

If you aren't already leveraging the largest Apple IT community on the planet, this systems engineer wants to fill you in on what you're missing.

IT 73
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Network Security Must Transition into the Cloud Era

Dark Reading

An integrated approach is the best way to provide organizations with the tools they need to decrease the attack surface and use strong security controls.

Cloud 72
article thumbnail

2020 trends in cloud computing: The epicenter of cloud native architecture

Information Management Resources

Rhis architecture is the most cost effective and efficient means of scaling—horizontally and vertically—to meet the modern demands of the heterogeneous computing environments with which organizations contend.

Cloud 65
article thumbnail

Magecart Attack on Volusion Highlights Supply Chain Dangers

Dark Reading

Attackers compromised Volusion's Google Cloud environment to load malicious skimmer code onto more than 6,500 customer sites.

Cloud 79