Wed.May 02, 2018

article thumbnail

86% of Passwords are Terrible (and Other Statistics)

Troy Hunt

A couple of months ago, I launched version 2 of Pwned Passwords. This is a collection of over half a billion passwords which have previously appeared in data breaches and the intention is that they're used as a black list; these are the "secrets" that NIST referred to in their recent guidance : When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or comp

article thumbnail

Cambridge Analytica Shuts Down Amid Ongoing Facebook Crisis

WIRED Threat Level

The troubled data firm, which improperly accessed the data of up to 87 million Facebook users, has ceased operations.

Access 107
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GDPR will be an on-going process, not a one-time data fix

Information Management Resources

Since there is no specific certification, compliance is based largely on certain 'appropriateness' standards and it’s up to each organization to determine what that means.

GDPR 49
article thumbnail

Is Payments Industry Ready for New Encryption Protocols?

Data Breach Today

PCI-DSS Requirement Looms on June 30 New PCI requirements that go into effect June 30 are pushing payment card acquirers, processors, gateways and service providers worldwide to implement more secure encryption protocols for transactions. But are they ready?

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

How a functional classification system can improve your RIM program

TAB OnRecord

A properly functioning classification system is an integral part of your RIM program. Without it, records will become disorganized and potentially lost, undermining the entire purpose of your RIM program. What is functional classification? Functional classification is the “what” of your RIM program. It is the method for identifying records and their content.

More Trending

article thumbnail

GDPR compliance: Reasons to be cheerful

IBM Big Data Hub

When you hire a life coach, feelings can often be mixed. Someone is helping you on the way to improving yourself, but that path is one you have to walk, and it can be tough. Feelings can be much the same about the European Union’s General Data Protection Regulation (GDPR), which some organizations view as a burden. But can’t it make your business fitter and healthier?

GDPR 87
article thumbnail

Amazon, Google Block Trick That Let Encrypted Chats Flow

Data Breach Today

But 'Domain Fronting' Was Also Used to Mask Cybercriminal Activity Following in Google's footsteps, Amazon has closed a technical loophole that helped some online services evade censorship filters, but which was also abused by cybercriminals. Collateral damage is already being felt by the likes of Signal, a popular, encrypted-messaging app blocked by some governments.

article thumbnail

Cambridge Analytica closure – questions and answers

The Guardian Data Protection

Following the Facebook data crisis, the company has folded. But will the scandal now end? Which companies are closing down? Cambridge Analytica, the company at the heart of the data scandal which has engulfed Facebook, announced it was shutting down on Wednesday evening. Continue reading.

IT 83
article thumbnail

LogicHub: Automating SOC Intel

Data Breach Today

Co-Founder Monica Jain on the Value of Capturing Tribal Knowledge Monica Jain has a lot of experience in security operations centers, and she knows much of the tribal knowledge there is not automated or shared. That's why she co-founded LogicHub, a new intelligence automation platform.

Security 100
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

EU: data-harvesting tech firms are 'sweatshops of connected world'

The Guardian Data Protection

Data protection supervisor lambasts companies’ deluge of ‘take it or leave it’ privacy emails ahead of GDPR The European data protection supervisor has hit out at social media and tech firms over the recent constant stream of privacy policy emails in the run up to GDPR, calling them them the “sweatshops of the connected world”. With the tough new General Data Protection Regulations coming into force on 25 May, companies around the world are being forced to notify their users to accept new privac

GDPR 83
article thumbnail

Allure Security: Protecting Data

Data Breach Today

CEO Mark Jaffe on How to Protect What the Adversaries Really Want Mark Jaffe is less concerned about how adversaries breach networks, but more concerned about how to secure their actual target - critical data. His startup company, Allure Security, intends to help secure that data.

Security 100
article thumbnail

How to Prevent SQL Injection Attacks

eSecurity Planet

Your company's website does not have to be the next victim of a SQL injection breach. Here's how to prevent SQL injection attacks.

94
article thumbnail

Certain Becton Dickinson Products at Risk for 'KRACK' Flaw

Data Breach Today

Regulators Issue Warning; Vendor Implementing Patch Plan A dozen medication and supply management products from Becton Dickinson and Co. are vulnerable to flaws identified last year in the WPA2 protocol, putting the products at risk for so-called KRACK attacks, according to a federal alert. Such attacks can potentially lead to malware infections.

Risk 100
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Commonwealth Bank admits it lost backup data for 20m accounts

The Guardian Data Protection

The bank, one of the Australia’s big four, assures customers the information has not been compromised Sign up to receive the top stories from Guardian Australia every morning The Commonwealth Bank is reportedly facing renewed investigations after admitting it lost backup data on tape for more than 15 years of customer statements in 2016, affecting almost 20 million accounts.

IT 80
article thumbnail

Get out of the data swamp with a governed data lake

IBM Big Data Hub

Making your data lake a “governed data lake” is the game changer. Without governance, organizations risk securing the data and as well as protecting it. When data is cataloged and governed, an organization can effectively discover, classify, track history and lineage, quality of data and thereby use it with trust and confidence. A governed data lake contains data that’s accessible, clean, trusted and protected.

article thumbnail

NHS staff aren’t border guards. We won’t police the ‘hostile environment’ | Tim Dudderidge

The Guardian Data Protection

NHS Digital is sharing confidential patient data with the Home Office. This betrays those we are committed to caring for NHS Digital, which collects confidential patient information, is sharing this personal data with the Home Office to support its immigration enforcement work. This can result in patients being detained and potentially deported. In the Doctors of the World (DOTW) UK London clinic , doctors, nurses and support workers provide medical care for people excluded from NHS services – i

article thumbnail

NIST Issues Call for "Lightweight Cryptography" Algorithms

Schneier on Security

This is interesting: Creating these defenses is the goal of NIST's lightweight cryptography initiative, which aims to develop cryptographic algorithm standards that can work within the confines of a simple electronic device. Many of the sensors, actuators and other micromachines that will function as eyes, ears and hands in IoT networks will work on scant electrical power and use circuitry far more limited than the chips found in even the simplest cell phone.

IoT 71
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

An Inside Job: How DMS Access Controls Prevent Security Breaches

Record Nations

A document management system (DMS) in the workplace helps to ensure an efficient protocol for managing large amounts of files. In addition to more efficiency, a DMS can also increase the security of your confidential files with different levels of access controls. With a predetermined set of access controls, you can manage who has the […]. The post An Inside Job: How DMS Access Controls Prevent Security Breaches appeared first on Record Nations.

Access 74
article thumbnail

5 benefits of an ISO 22301-conforming BCMS

IT Governance

ISO 22301 sets out the requirements for a best-practice business continuity management system (BCMS). Certification to the Standard brings a host of benefits. What is a business continuity management system? A BCMS is a comprehensive approach to organisational resilience and helps organisations cope with incidents that affect their business-critical processes and activities.

article thumbnail

Enforcement Notice: First text message case under CASL

Privacy and Cybersecurity Law

The Canadian Radio-television and Telecommunications Commission (CRTC) has announced the first undertaking and fine involving text message violations under Canada’s […].

article thumbnail

Automation Exacerbates Cybersecurity Skills Gap

Dark Reading

Three out of four security pros say the more automated AI products they bring in, the harder it is to find trained staff to run the tools.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Facebook Introduces ‘Clear History’ Option Amid Data Scandal

Threatpost

Facebook hopes to improve data privacy with a new feature letting users flush their history so that it is cleared from their account.

article thumbnail

Breaches Drive Consumer Stress over Cybersecurity

Dark Reading

As major data breaches make headlines, consumers are increasingly worried about cyberattacks, password management, and data security.

article thumbnail

Hacktivists, Tech Giants Protest Georgia’s ‘Hack-Back’ Bill

Threatpost

Google, Microsoft, security researchers and hacking groups have lined up to protest the bill, which would criminalize unauthorized computer access.

Access 51
article thumbnail

Spring Clean Your Security Systems: 6 Places to Start

Dark Reading

The sun is shining and you have an extra kick in your step. Why not use that newfound energy to take care of those bothersome security tasks you've put off all winter?

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Schneider Electric Patches Critical RCE Vulnerability

Threatpost

Researchers found a critical remote code execution vulnerability afflicting two Schneider Electric products that could give attackers to disrupt or shut down plant operations.

article thumbnail

Three ways for agencies to prepare for the Internet of Things

CGI

Three ways for agencies to prepare for the Internet of Things. pooja.cs@cgi.com. Wed, 05/02/2018 - 17:33. The Internet of Things (IoT) will change many aspects of our daily lives. Everyday objects are becoming smart assets, seamlessly integrated across a global network and capable of generating and exchanging valuable data without human intervention.

IoT 40
article thumbnail

Using Docker in Heroku: Understanding the Tradeoffs

Role Model Software

The new Heroku container runtime is compared to the traditional slug compiler The following post is technical in nature and assumes familiarity with Docker and containers. Summary Heroku recently announced their container runtime, which enables deployment of docker images to Heroku. The overall experience is on par in terms of features and ease with the traditional approach, which uses the slug compiler.