Wed.Feb 06, 2019

article thumbnail

Data Breach Reports in Europe Under GDPR Exceed 59,000

Data Breach Today

Netherlands, Germany and UK Have Logged the Most Data Breach Reports Since the EU's GDPR went into full effect, European data protection authorities have received over 59,000 data breach reports, with the Netherlands, Germany and the U.K. receiving the greatest number of notifications, according to the law firm DLA Piper.

article thumbnail

MY TAKE: Why Satya Nadella is wise to align with privacy advocates on regulating facial recognition

The Last Watchdog

We’re just a month and change into the new year, and already there have been two notable developments underscoring the fact that some big privacy and civil liberties questions need to be addressed before continuing the wide-scale deployment of advanced facial recognition systems. This week civil liberties groups in Europe won the right to challenge the UK’s bulk surveillance activities in the The Grand Chamber of the European Court of Human Rights.

Privacy 117
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

A Collaborative Approach to Mitigating Cyberthreats

Data Breach Today

Banks need to work toward improving collaboration between their cybersecurity and fraud management departments to boost efforts to mitigate cyberthreats, say Scott Walters and Eric Reddel of the consultancy Booz Allen Hamilton.

article thumbnail

Android devices could be hacked by viewing a malicious PNG Image

Security Affairs

Google patched a critical flaw in its Android OS that allows an attacker to send a specially crafted PNG image file to hack a target device, Opening an image file on your smartphone could allow attackers to hack into your Android device due to three critical vulnerabilities, CVE-2019-1986, CVE-2019-1987, and CVE-2019-1988. The flaws affect millions of Android devices running versions of the Google OS, ranging from Android 7.0 Nougat to the latest Android 9.0 Pie.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Report: Nation-State Malware Attack Could Cripple US

Data Breach Today

Government, Industry Need to Work More Closely on Response Plans Without improved coordination, the U.S. government and private companies could be caught flat-footed if a nation-state hit the software supply chain with malware or a worm, according to a new report that echoes conclusions made over the last decade and calls for closer industry-government ties.

More Trending

article thumbnail

Bolstering the Cybersecurity of Medical Devices

Data Breach Today

As cybersecurity threats in the healthcare sector evolve, medical device manufacturer ICU Medical is taking a number of steps to help safeguard its products. Chaitanya Srinivasamurthy and Marshall Fryman of the company describe these security initiatives.

article thumbnail

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

Data Matters

On December 3, 2018, twelve attorneys general (“AGs”) jointly filed a data breach lawsuit against Medical Informatics Engineering and its subsidiary, NoMoreClipboard LLC (collectively “the Company”), an electronic health records company, in federal district court in Indiana. See Indiana v. Med. Informatics Eng’g, Inc. , No. 3:18-cv-00969 (N.D. Ind. filed Dec. 3, 2018).

article thumbnail

Memo: Nation-State Malware Attack Could Cripple US

Data Breach Today

Government, Industry Need to Work More Closely on Response Plans Without improved coordination, the U.S. government and private companies could be caught flat-footed if malware or a worm hit a software supply chain. The report echoes conclusions made over the last decade and calls for closer industry-government ties.

article thumbnail

Reverse RDP Attack – Rogue RDP Server can be used to hack RDP clients

Security Affairs

Researchers at Check Point Software Technologies have discovered more than two dozen vulnerabilities in the popular implementations of the remote desktop protocol (RDP). Security experts at Check Point Software Technologies discovered a total of 25 security flaws in the popular implementations of the remote desktop protocol (RDP). 16 that have been rated as “major,” some of the vulnerabilities could be exploited by a malicious RDP server to hack a device running the client RDP software.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

HIMSS19: Cybersecurity in the Spotlight

Data Breach Today

A Sampling of What's Slated for Health IT's Biggest Annual Show Once again, cybersecurity issues will be in the spotlight at the Healthcare Information and Management Systems Society Conference, to be held Feb. 11-15 in Orlando, Fla.

article thumbnail

Security expert Marco Ramilli released for free the Malware Hunter tool

Security Affairs

Malware researcher Marco Ramilli released for free the Malware Hunter tool a simple but interesting catching tool base on static YARA rules. Malware researcher Marco Ramilli released for free the Malware Hunter tool a simple but interesting catching tool base on static YARA rules. I’v been working on cybersecurity for most than 10 years. During my career, I’ve held numerous roles which took me facing many problems: I had to solve technical issues as well as management, economic and financial one

article thumbnail

Fortinet's Sonia Arista on Securing the Digital Enterprise

Data Breach Today

Listen to the latest on security's role in digital transformation, as well as visibility challenges facing the security industry.

article thumbnail

Using Gmail "Dot Addresses" to Commit Fraud

Schneier on Security

In Gmail addresses, the dots don't matter. The account "bruceschneier@gmail.com" maps to the exact same address as "bruce.schneier@gmail.com" and "b.r.u.c.e.schneier@gmail.com" -- and so on. (Note: I own none of those addresses, if they are actually valid.). This fact can be used to commit fraud : Recently, we observed a group of BEC actors make extensive use of Gmail dot accounts to commit a large and diverse amount of fraud.

Sales 85
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Some Airline Flight Online Check-in Links Expose Passenger Data

Dark Reading

Several airlines send unencrypted links to passengers for flight check-in that could be intercepted by attackers to view passenger and other data, researchers found.

86
article thumbnail

New ExileRAT backdoor used in attacks aimed at users in Tibet

Security Affairs

A malware campaign using new LuckyCat-Linked RAT dubbed ExileRAT has been targeting the mailing list of the organization officially representing the Tibetan government-in-exile. Security experts at Talos group have uncovered a malware campaign using the ExileRAT backdoor to target the mailing list of the organization officially representing the Tibetan government-in-exile.

article thumbnail

MacOS Zero-Day Exposes Apple Keychain Passwords

Threatpost

A researcher who discovered a flaw letting him steal passwords in MacOS is not sharing his findings with Apple without a macOS bug bounty program.

article thumbnail

7 Tips For Communicating With the Board

Dark Reading

The key? Rather than getting bogged down in the technical details, focus on how a security program is addressing business risk.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Clever Phishing Attack Enlists Google Translate to Spoof Login Page

Threatpost

A tricky two-stage phishing scam is targeting Facebook and Google credentials using a landing page that hides behind Google's translate feature.

article thumbnail

How to manage Microsoft Office 2019 for Mac - Q&A

Jamf

Have questions about managing Microsoft Office for Mac and what its availability in the App Store means for you? We've got (lots) of answers!

IT 75
article thumbnail

A critical counterfeiting vulnerability addressed in Zcash

Security Affairs

A critical counterfeiting vulnerability in Zcash cryptocurrency could have allowed coining an infinite number of Zcash (ZEC) cryptocurrency. Reading some news, investors could believe that cryptocurrencies are not a good investment. A few days ago, QuadrigaCX Bitcoin exchange announced to have lost USD 145 million worth of cryptocurrency because the only person with access to its cold storage has died.

article thumbnail

What are Data Manipulation Attacks, and How to Mitigate Against Them

Threatpost

Hackers don't always steal data. Sometimes the goal is to manipulate the data to intentionally trigger external events that can be capitalized on.

Cloud 73
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Nature and Nurture in Threat Modeling

Adam Shostack

Josh Corman opened a bit of a can of worms a day or two ago, asking on Twitter: “ pls RT: who are the 3-5 best, most natural Threat Modeling minds? Esp for NonSecurity people. @adamshostack is a given. ” (Thanks!). What I normally say to this is I don’t think I’m naturally good at finding replay attacks in network protocols — my farming ancestors got no chance to exercise such talents, and so it’s a skill I acquired.

IT 65
article thumbnail

What is Infonomics and Why Should You Care?

Everteam

Is the information your organization captures as important as the physical assets it owns or the money it makes? It should be, but figuring out how to put a value on your information isn’t easy or straightforward. Infonomics is a discipline that attempts to help you figure out how to look at your information as an asset. But there’s maybe a bigger question than does information have value – why does it matter if it does or not?

article thumbnail

Over Half of Companies Are Upping Spending on IT Security: eSecurity Planet Survey

eSecurity Planet

Data breaches and new privacy regulations are prompting increased spending on IT security products and staff.

article thumbnail

Serverless Computing: 'Function' vs. 'Infrastructure' as-a-Service

Dark Reading

How much do companies really gain from offloading security duties to the cloud? Let's do the math.

Cloud 82
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Modern Cybercrime: It Takes a Village

Threatpost

Today's financial cyber-rings have corporate insider and management roles -- cybercrime is not just just for hackers and coders anymore.

IT 69
article thumbnail

4 Practical Questions to Ask Before Investing in AI

Dark Reading

A pragmatic, risk-based approach can help CISOs plan for an efficient, effective, and economically sound implementation of AI for cybersecurity.

article thumbnail

What It Takes to Pull Off the Country's First Online Census

WIRED Threat Level

Going digital could make the 2020 census more inclusive and efficient, but experts fear the Census Bureau is also opening itself up to new risks.

IT 61