Sun.Mar 17, 2019

article thumbnail

Massive attacks bypass MFA on Office 365 and G Suite accounts via IMAP Protocol

Security Affairs

Threat actors targeted Office 365 and G Suite cloud accounts using the IMAP protocol to bypass multi-factor authentication (MFA). Over the past months, threat actors have targeted Office 365 and G Suite cloud accounts using the IMAP protocol to bypass multi-factor authentication (MFA). Experts at Proofpoint conducted an interesting study of massive attacks against accounts of major cloud services, The experts noticed that attackers leverage legacy protocols and credential dumps to increase the e

Phishing 111
article thumbnail

Where now for Mark Zuckerberg after his – and our – loss of innocence? | Martin Moore

The Guardian Data Protection

A year on from the Observer exposé, what has really changed for Facebook and its users? The Cambridge Analytica revelations , the most damning of which were published by the Observer and the New York Times a year ago, quickly morphed from a scandal about a British political consultancy into one about Facebook, the social media behemoth. It was not the first or last of Facebook’s many crises, but has been the most consequential for the company and for the future of data privacy.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Experts uncovered a malspam campaign using Boeing 737 Max crashes

Security Affairs

Experts at the 360 Threat Intelligence Center uncovered a new malspam campaign that leverages the tragic Boeing 737 Max crash to spread malware. Crooks always attempt to exploit the attention of the people on the events that made the headlines. In the last days, two events captured the attention of the media, the New Zealand mosque shooting and the tragic crash of the Boeing 737 Max in Ethiopia, In the wake of the New Zealand mosque shooting, US CISA is recommending users to remain vigilant on p

article thumbnail

Find real business insights with a data processing pipeline approach

DXC Technology

I love beach vacations. It is a great time to relax, have fun and let time slow down. However, nothing spoils a beach vacation like losing car keys. It happened to me recently. Aside from the inconvenience and disruption, the one thing that struck me was the monumental task of searching for the keys in […].

IT 57
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Unprotected Elasticsearch DB exposed 33 Million job profiles in China

Security Affairs

Security expert discovered an unprotected Elasticsearch database exposed online that was containing approximately 33 million job profiles in China. . Security expert Sanyam Jain at GDI Foundation has discovered an unprotected database exposed online that was containing approximately 33 million profiles for people in China who provided their resume to job recruitment sites. .

More Trending

article thumbnail

Security Affairs newsletter Round 205 – News of the week

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Kindle Edition. Paper Copy. Once again thank you! Jackson County paid $400,000 to crooks after ransomare attack. Venezuelan Minister declares Venezuelas Blackout may be caused by cyberattack carried by US. Crooks use The Pirate Bay to spread PirateMatryoshka malware via reputed seeders.

article thumbnail

Don't Miss these Intriguing Black Hat Asia Briefings

Dark Reading

With two weeks to go, organizers would like to quickly highlight some Black Hat Asia Briefings that you may have overlooked!

61
article thumbnail

Falsity

InfoGovNuggets

One of the exceptions to freedom of speech is falsely shouting fire in a crowded theater. (Actually, the case in which Justice Holmes used this term may have been overturned or, as the lawyers say, distinguished.). “Facebook Cracks Down on Vaccine Misinformation,” The Wall Street Journal , March 8, 2019. Even though not a government entity (yet, anyway), Facebook attempts to stop the spread of (what Facebook thinks is false) information about vaccinations.

article thumbnail

Why Phone Numbers Stink As Identity Proof

Krebs on Security

Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they’ve become de facto identities. At the same time, when you lose control over a phone number — maybe it’s hijacked by fraudsters, you got separated or divorced, or you were way late on your phone bill payments — whoever inherits that number can then be you in a lot of places online.

Passwords 251
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Higher learning

InfoGovNuggets

“Hackers Breach College-Applicant Databases, Seek Ransom,” The Wall Street Journal , March 8, 2019. Hackers seek ransom not from the college who held the information, but from the students who provided it. Who’s responsible for the protection of information a student provides to a college in the application process? [This article appeared before the college application cheating scandal broke.

article thumbnail

gnosticplayers offers 26 Million new accounts for sale on the Dark Web

Security Affairs

The hacker gnosticplayers is offering the fourth batch of millions of records stolen from 6 new websites for sale on the dark web. Gnosticplayers is back with the fourth round of hacked accounts offered for sale on the dark web. In February, the hacker who goes by online with the moniker Gnosticplayers disclosed the existence of some massive unreported data breaches in three rounds.

Sales 81
article thumbnail

Experience does not equal information, apparently

InfoGovNuggets

“Italy Allows Illegal Homes to Be Rebuilt, Earthquake Zone or Not,” The Wall Street Journal , March 4, 2019. The headline says it all. Leaving aside the impact of a government “permitting” the building of “illegal” homes, what does it say when that government allows the illegal homes to be rebuilt on the site of a recent earthquake?

article thumbnail

In Decision That Sounds the “Death Knell” for Fifth Amendment Protection, Defendant Ordered to Provide Cell Phone Password: eDiscovery Case Law

eDiscovery Daily

In Commonwealth v. Jones, SJC-12564 (Mass. Mar. 6, 2019) , the Supreme Judicial Court of Massachusetts reversed a lower court judge’s denial of the Commonwealth’s renewed Gelfgatt motion (where the act of entering the password would not amount to self-incrimination because the defendant’s knowledge of the password was already known to the Commonwealth, and was therefore a “foregone conclusion” under the Fifth Amendment and art. 12 of the Massachusetts Declaration of Rights), an

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Is chocolate information?

InfoGovNuggets

“How Accountants Break the Bad News About Tax Refunds: With Chocolate and Tissues,” The Wall Street Journal , March 5, 2019. Prepping the client for bad news. So, in a way, chocolate is an information derivative, or substitute, or precursor. If your accountant preps you with chocolate, you know it can’t be good. I guess this is also Governance, because the accountant is controlling your receipt-of-bad-information experience.

article thumbnail

Age ID check for pornography websites ‘puts users’ data at risk’

The Guardian Data Protection

A date will soon be set for the launch of a UK-wide age block on visiting adult websites – but campaigners fear a threat to privacy The government will this week confirm the launch date for a UK-wide age block on online pornography, as privacy campaigners continue to raise concerns about how adult websites and age-verification companies will use the data they collect.

Risk 76
article thumbnail

Kill the messenger

InfoGovNuggets

Speaking of information controls, … “After One Auditor Flunked Brazil Dam, Vale Found Another Who Passed It,” The Wall Street Journal , March 5, 2019. Did dam owner fire an auditor who refused to certify a dam as safe? Dam burst, killing people. How does your company deal with bad information? Maybe the auditor should have brought chocolates.

article thumbnail

Information lifecycle

InfoGovNuggets

“Vatican to Open Archives on World War II Pope Pius XII,” The Wall Street Journal , March 5, 2019. Church opens archives from the World War II years. While you’re alive, you may be able to control the distribution of some information. After you die, control is harder. So, Governance (when does your power to control end?) mutates over written Information that still remains after your death (or other departure).

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Using information

InfoGovNuggets

“Shopping at Discount Stores Could Help Get You a Loan,” The Wall Street Journal , March 5 2019. Artificial intelligence looks at unusual bites of information when making loan decisions. What do credit card companies look at to decide whether to loan you money? A lot of seemingly unconnected information. Is that information you can affect?

article thumbnail

University book store

InfoGovNuggets

“Chinese Hackers Target Universities in Pursuit of Maritime Military Secrets,” The Wall Street Journal , March 6, 2019. It’s “an elaborate scheme to steal research about maritime technology.” Clearly, information. But what controls (Governance) are in place at the repositories (universities) to prevent this espionage/theft?

article thumbnail

Oxymoronic

InfoGovNuggets

“Facebook Plans New Emphasis on Private Communications,” The Wall Street Journal, March 7, 2019. Facebook looks to change focus from providing a platform for people to share information publicly to one where the public can communicate privately. Through Facebook. Color me dubious. Facebook’s history when handling the privacy of other peoples’ information has been a bit, well, spotty.

article thumbnail

Hello, I’m from the government and I’m actually helping you.

InfoGovNuggets

“New York Requests Documents from Facebook, Apps on Data Sharing,” The Wall Street Journal , March 1, 2019. Apps were apparently sending sensitive personal health information to Facebook. Does that app you use share your data with Facebook? What if the data is personal health information? This investigation is brought to you courtesy of the New York Financial Services Department, which claims jurisdiction over all financial services that affect New York consumers.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Managing your information

InfoGovNuggets

“Getting Into the 800 Credit Score Club Is Tough—Staying in Is Tougher,” The Wall Street Journal , March 4, 2019. Steps people are taking to manage their credit scores. Who knew you could aggressively manage your credit score? Is that like massaging your SAT score? [Note: this is posted March 17, 2019, after the college admissions case broke.

article thumbnail

Snopes+

InfoGovNuggets

“Know-It-All Robot Shuts Down Dubious Family Texts,” The Wall Street Journal , March 1, 2019. Robot filters chat groups for false and dubious posts, all on a real-time basis. Wouldn’t this be a wonderful app to apply more broadly? Would it be good to have3 a Snopes-like pop-up alerting you to something in an email you receive (or one you’re drafting)?

article thumbnail

Failing to report

InfoGovNuggets

“French Cardinal Convicted for Covering Up Child Sex Abuse,” The Wall Street Journal , March 8, 2019. Conviction for failure to report a crime. Criminal law has some provisions about failing to report certain types of crimes. At common law (which means civil liability for damages, in the absence of a statute or contract), an employee has a duty to his or her employer (a) to comply with applicable law and (b) report material violations to his or her employer.

article thumbnail

Disinfectant

InfoGovNuggets

“Trump Administration Weighs Publicizing Secret Rates Hospitals and Doctors Negotiate With Insurers,” The Wall Street Journal , March 8, 2019. What to doctors and hospitals charge insurance companies for the services they provide you? This would seem to be information that, in a free market, would be public. After all, you are the responsible party.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Sauce 4 goose, sauce 4 gander

InfoGovNuggets

“Democrats Adopt GOP Strategy in Fight for Trump Probe Information,” The Wall Street Journal , March 4, 2019. What information can the President withhold from Congress? This is really more about Governance than either Information or Compliance. Is this determined by the President, or is Congress a higher ( i.e. , not co-equal) power? Or does the Constitution control?