Tue.Jan 22, 2019

article thumbnail

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

Two of the most disruptive and widely-received spam email campaigns over the past few months — including an ongoing sextortion email scam and a bomb threat hoax that shut down dozens of schools, businesses and government buildings late last year — were made possible thanks to an authentication weakness at GoDaddy.com , the world’s largest domain name registrar, KrebsOnSecurity has learned.

article thumbnail

France Hits Google with $57 Million GDPR Fine

Data Breach Today

Record Privacy Fine Sends Strong Signal to Data-Processing Technology Companies France has hit Google with a 50 million euro ($57 million) fine for violating the EU's General Data Protection Regulation. The country's data regulator says Google doesn't inform users in a clear way how their data is being collected and processed for targeted advertising.

GDPR 243
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How Cybercriminals Clean Their Dirty Money

Dark Reading

By using a combination of new cryptocurrencies and peer-to-peer marketplaces, cybercriminals are laundering up to an estimated $200 billion in ill-gotten gains a year. And that's just the beginning.

90
article thumbnail

Mergers & Acquisitions: Privacy and Security Considerations

Data Breach Today

How do data privacy and security matters affect organizations that are contemplating a merger or acquisition? Attorney Iliana Peters offers insights into cybersecurity, data breach and compliance issues that can potentially doom a deal.

Privacy 168
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Critical flaw in Linux APT package manager could allow remote hack

Security Affairs

Expert discovered a remote code execution vulnerability in the APT package manager used by several Linux distributions, including Debian and Ubuntu. The independent security consultant Max Justicz has discovered a remote code execution vulnerability in the APT package manager used by several Linux distributions, including Debian and Ubuntu. The flaw, tracked as CVE-2019-3462, affects package manager version 0.8.15 and later, it could be exploited by an attacker in a MiTM position to execute arbi

More Trending

article thumbnail

Stealthy New DDoS Attacks Target Internet Service Providers

Dark Reading

Adversaries took advantage of the large attack surface of large communications networks to spread small volumes of junk traffic across hundreds of IP prefixes in Q3 2018, Nexusguard says.

article thumbnail

Transfers of Personal Data from the EU to the U.S. in the Event of a Brexit ‘No-Deal’

Data Matters

The EU-U.S. Privacy Shield (“ Privacy Shield ”) enables the free-flow of personal data from the European Economic Area (“EEA”) to the U.S. Under the Privacy Shield, U.S. participant organisations commit to adhering to Privacy Shield principles, which include accountability for the onward transfer of personal data after receiving such data from EEA organisations, data integrity obligations and purpose limitations with respect to the personal data transferred.

article thumbnail

Securing data in the hybrid cloud

Thales Cloud Protection & Licensing

IDG’s 2018 Cloud Computing Study tells us: Seventy-three percent of organizations have at least one application, or a portion of their computing infrastructure already in the cloud – 17% plan to do so within the next 12 months. But IDG also points out: Organizations are utilizing a mix of cloud delivery models. Currently the average environment is 53% non-cloud, 23% SaaS, 16% IaaS and 9% PaaS….

Cloud 81
article thumbnail

IBM earns fifth AI-related leader position for open AI infrastructure

IBM Big Data Hub

The Forrester Wave has named IBM a leader across five AI-related categories. Most recently, IBM Cloud Private for Data earned its place among vendors offering enterprise insights platforms.

Cloud 89
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

URLhaus identified and shut down 100,000 malware sites in 10 Months

Security Affairs

Security experts participating in the abuse.ch project called URLhaus have identified and shut down roughly 100,000 malware distribution sites. The abuse. ch project called URLhaus was launched in March 2018 to track websites used to spread malware, it involved 265 researchers worldwide. In a 10-month period, 265 security researchers around the world have identified in average 300 malware sites each day. “End of March 2018, abuse.ch launched it’s most recent project called URLhaus.

article thumbnail

What is an ISMS and 8 reasons why you should implement one

IT Governance

An ISMS (information security management system) is a centrally managed framework for keeping an organisation’s information secure. It contains a set of policies, procedures and controls for protecting the confidentiality, integrity and availability of information. Confidentiality refers to the ability to make sure data is only accessed by authorised people, integrity refers to the accuracy and completeness of records, and availability refers to the ability to ensure that data is accessible when

Paper 84
article thumbnail

Adobe fixed XSS flaws in Experience Manager that can result in information Disclosure

Security Affairs

Adobe released security updates to address multiple XSS vulnerabilities in the Experience Manager and Experience Manager Forms that can lead to information disclosure. Adobe released security updates for the Experience Manager and Experience Manager Forms to address flaws that can lead to information disclosure. The Experience Manager is affected by a stored cross-site scripting (XSS) issue and a r eflected XSS issue.

article thumbnail

Hacking Construction Cranes

Schneier on Security

Construction cranes are vulnerable to hacking: In our research and vulnerability discoveries, we found that weaknesses in the controllers can be (easily) taken advantage of to move full-sized machines such as cranes used in construction sites and factories. In the different attack classes that we've outlined, we were able to perform the attacks quickly and even switch on the controlled machine despite an operator's having issued an emergency stop (e-stop).

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Welcome to the new world of digital signage

Jamf

Whether in the classroom, conference room or hotel lobby, see how Apple TV devices are transforming the way we communicate with students, employees and customers.

article thumbnail

0patch releases unofficial security patches for 3 Windows flaws yet to be fixed

Security Affairs

Researchers from 0patch , a community of experts that aims at addressing software flaws, released unofficial patches for three Windows vulnerabilities that Microsoft has yet to be fixed. The list of vulnerabilities addressed by 0patch include a denial-of-service ( DoS ) bug, a file read issue, and a code execution flaw. “While we’re busy ironing out the wrinkles before 0patch finally exits its adolescence (i.e., Beta) and becomes a fully responsible adult able to pay for its own rent

article thumbnail

An Overview of the Best FTP Alternatives for Secure File Transfers

OneHub

For a long time, FTP was a great way to move large files online- and lot of them – to the clients and customers you work with. But the web of today is a lot different than the web of ten years ago. Modern file upload and document sharing services are easier, faster and more secure. Instead of forcing colleagues and co-workers to download complicated FTP clients with bad user interfaces, it’s time for your growing business to use an FTP alternative. .

article thumbnail

How Web Apps Can Turn Browser Extensions Into Backdoors

Threatpost

Researchers show how rogue web applications can be used to attack vulnerable browser extensions in a hack that gives adversaries access to private user data.

Access 80
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Hack of Plug-in Website Ruffles WordPress Community

Dark Reading

An intruder thought to be a former employee used a backdoor into the WPML website to skim email addresses and send a mass email blast.

87
article thumbnail

Did you win at online casinos? Watch out, your data might have had exposed online

Security Affairs

Data belonging to online casinos found exposed online on unprotected Elastic search instance, it includes info on 108 million bets and user details. Data breaches are an ordinary issue, this time an online casino group leaked information about 108 million bets including user details. Leaked data includes personal information and payment card details, including real names, home addresses, phone numbers, email addresses, birth dates, site usernames, account balances, IP addresses, browser and OS d

article thumbnail

GUEST POST: Six tangible ways ‘SOAR’ can help narrow the cybersecurity skills gap

The Last Watchdog

article thumbnail

What’s holding back operational excellence in the utility sector?

OpenText Information Management

Once upon a time, the utility industry was a relatively simple place to be. It was all about the safe and consistent generation and distribution of energy with good capacity planning, minimal outages and happy customers. Then it all changed. Climate change happened. Infrastructure got older. Governments and industry bodies got busy with new legislation … The post What’s holding back operational excellence in the utility sector?

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

The Fact and Fiction of Homomorphic Encryption

Dark Reading

The approach's promise continues to entice cryptographers and academics. But don't expect it to help in the real world anytime soon.

article thumbnail

France watchdog fines Google with $57 million under the EU GDPR

Security Affairs

The French data protection watchdog CNIL announced a fine of 50 million euros ($57 million) for US search giant Google under GDPR. The French data protection watchdog CNIL announced a fine of 50 million euros ($57 million) for US search giant Google under GDPR. “ On 21 January 2019, the CNIL’s restricted committee imposed a financial penalty of 50 Million euros against the company GOOGLE LLC, in accordance with the General Data Protection Regulation (GDPR), for lack of transparency, inadeq

GDPR 68
article thumbnail

Google Fined $57M in Largest GDPR Slap Yet

Threatpost

The French Data Protection Authority (DPA) found a lack of transparency when it comes to how Google harvests and uses personal data for ad-targeting purposes.

GDPR 67
article thumbnail

We Finally Have Our First Big GDPR Fine: Data Privacy Trends

eDiscovery Daily

OK, we’ve been waiting for that first big fine for failing to comply with Europe’s General Data Protection Regulation and now we have one. So, guess who it was? OK, guess again. You can probably guess within three guesses. As covered in Fortune ( France Fines Google $57 Million For GDPR Violations , written by Emily Price), France’s data protection regulator, the Commission nationale de l’informatique et des libertés (CNIL), has issued a €50 million fine (about $56.8 million ) fine to G

GDPR 69
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

CIPL Submits Comments to EDPB’s Draft Guidelines on the Territorial Scope of the GDPR

Hunton Privacy

On January 18, 2019, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP submitted formal comments to the European Data Protection Board (the “EDPB”) on its draft guidelines on the territorial scope of the GDPR (the “Guidelines”). The Guidelines were adopted by the EDPB on November 16, 2018, for public consultation. CIPL appreciates many of the clarifications and concrete examples provide by the EDPB in the Guidelines with respect to the extraterritorial reach and a

GDPR 60
article thumbnail

Information Governance Innovations in 2019

Everteam

If 2018 showed us anything, it’s that information governance has captured the attention of organizations of all sizes. Maybe they don’t all refer to the work they do on ensuring their information is well governed as “information governance,” but they are thinking about what’s needed and doing the work to make it happen. While companies are developing strategies and defining projects technology is evolving to help organizations take control of their information.

article thumbnail

Security Talent Continues to Fetch Top Dollar on IT Job Market

Dark Reading

IT and cybersecurity positions continue to rank near the top of the salary ranges paid to IT professionals, according to a new survey.