Tue.Jul 30, 2019

article thumbnail

Woman Arrested in Massive Capital One Data Breach

Data Breach Today

Authorities Allege Paige A. Thompson Referenced Stolen Files on GitHub A Seattle-area woman has been charged with accessing tens of millions of Capital One credit card applications after allegedly taking advantage of a misconfigured firewall. The incident is likely to increase calls for better corporate caretaking of sensitive consumer data.

article thumbnail

The Break-Up List - A Checklist to Avoid Information Management Issues with Employee Separation

AIIM

Everyone has a process for onboarding new hires, contractors, consultants, etc. There's a checklist to follow: issue the badge, issue the keys to the office and the parking garage, and of course set up the Active Directory account, the email account, and all the other information management system set-up tasks. Similarly, when employees separate, there's a checklist there too: remove access to systems, get the laptop back, get the keys back, etc.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

JPMorgan Chase Develops 'Early Warning System'

Data Breach Today

Researchers Detail use of Machine Learning to Find Phishing URLs JPMorgan Chase researchers have published a new paper describing their efforts at developing a novel "early warning" system based on artificial intelligence algorithms that can detect malware, Trojans and other advanced persistent threats before the phishing campaign that targets the bank's employees even starts.

article thumbnail

The Break-Up List - A Checklist to Avoid Information Management Issues with Employee Separation

AIIM

Everyone has a process for onboarding new hires, contractors, consultants, etc. There's a checklist to follow: issue the badge, issue the keys to the office and the parking garage, and of course set up the Active Directory account, the email account, and all the other information management system set-up tasks. Similarly, when employees separate, there's a checklist there too: remove access to systems, get the laptop back, get the keys back, etc.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

CEO to CEO: Breach Response Advice for Capital One

Data Breach Today

The Capital One data breach is in early stages of remediation. Art Coviello, former chair of RSA, which was breached in 2011, shares first-hand insight on steps the breached institution and its CEO should be taking now.

More Trending

article thumbnail

DirectTrust Launches Effort for Secure Instant Messaging

Data Breach Today

New Initiative Focused on Developing IM Standard for Healthcare DirectTrust, - known for creating and maintaining the Direct protocol and trust framework for secure email in healthcare - has kicked off a new initiative to develop industry standards for secure real-time instant messaging. What are the potential benefits?

Security 132
article thumbnail

Hacking campaign is wiping Iomega NAS Devices exposed online

Security Affairs

Experts warn of a new campaign carried out by threat actors that are wiping Iomega NAS d evices exposed online. Security experts are warning of a campaign carried out by attackers that are deleting files on publicly accessible Lenovo Iomega NAS devices. Likely attackers use the Shodan search engine to find unprotected IOmega NAS exposed online and access them using the publicly accessible web interface.

article thumbnail

Report: LAPD Data Breach Exposes 2,500 Officer Records

Data Breach Today

Police Database Includes Email Addresses and Partial Social Security Number The Los Angeles Police Department is investigating a possible data breach that appears to have exposed the personal information of about 2,500 full-time officers, as well as records related to 17,500 potential police candidates, according to local news media reports.

article thumbnail

Google Project Zero hackers disclose details and PoCs for 4 iOS RCE flaws

Security Affairs

Security experts at Google disclosed details and proof-of-concept exploit codes for 4 out of 5 security vulnerabilities in Apple iOS. Researchers at Google disclosed details and proof-of-concept exploit codes for 4 out of 5 security vulnerabilities in Apple iOS that could be exploited by attackers to hack Apple devices by sending a specially-crafted message over iMessage.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

'Urgent/11' Vulnerabilities Affect Many Embedded Systems

Data Breach Today

Armis Researchers Disclose Flaws in VxWorks Operating System Researchers with Armis have disclosed 11 zero-day vulnerabilities in the VxWorks real-time operating system that is used in some 2 billion embedded devices. Of all the "Urgent/11" vulnerabilities, six of the flaws are considered critical.

143
143
article thumbnail

ACLU on the GCHQ Backdoor Proposal

Schneier on Security

Back in January, two senior GCHQ officials proposed a specific backdoor for communications systems. It was universally derided as unworkable -- by me , as well. Now Jon Callas of the ACLU explains why.

article thumbnail

What is Jamf Parent?

Jamf

Jamf Parent gives parents peace of mind while their child uses a school-issued device by providing parents a number of management features that help oversee and control student devices while outside school hours.

81
article thumbnail

Insecure Real-Time Video Protocols Allow Hollywood-Style Hacking

Dark Reading

Lack of security in the default settings of Internet-enabled video cameras make co-opting video feeds not just a movie-hacker technique, but a reality for millions of cameras.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

LAPD data breach exposes personal info of thousands of officers

Security Affairs

While Capital One incident is making the headlines, another incident may have severe consequences, the Los Angeles Police Department (LAPD) also suffered a data breach. The Los Angeles Police Department (LAPD) suffered a data breach that exposed the names, email addresses, passwords, and birth dates for thousands of police officers and applicants. The NBCLosAngeles confirmed that the data breach was discovered on July 20, 2019, the local media revealed that personal information for 2,500 LAPD of

article thumbnail

Sextortion Email Scams Rise Sharply

Dark Reading

Cybercriminals are increasingly trying to trick people into paying ransoms by threatening to expose compromising activities to friends and family.

87
article thumbnail

Capital One data breach: hacker accessed details of 106M customers before its arrest

Security Affairs

Capital One, one of the largest U.S. – card issuer and financial corporation suffered a data breach that exposed personal information from more than 100 million credit applications. A hacker that goes online with the handle “erratic” breached the systems at Capital One and gained access to personal information from 106 million Capital One credit applications.

article thumbnail

CISOs Must Evolve to a Data-First Security Program

Dark Reading

Such a program will require effort and reprioritization, but it will let your company fight modern-day threats and protect your most important assets.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Introducing Jamf Pro 10.14

Jamf

From workflow improvements to brand new features, Jamf Pro 10.14. is packed with functionality that will make your management life better and help you serve your end users more comprehensively.

75
article thumbnail

BlueKeep Exploits Appear as Security Firms Continue to Worry About Cyberattack

Dark Reading

The lack of an attack has puzzled some security experts, but the general advice remains that companies should patch their vulnerable systems more quickly.

article thumbnail

Critical zero-days discovered in VxWorks RTOS, billions of devices at risk

Security Affairs

Security experts at Armis have discovered a dozen zero-day vulnerabilities affecting the VxWorks real-time operating systems (RTOS) for embedded devices. Researchers at Armis Labs have discovered a dozen zero-day flaws in the VxWorks real-time operating systems (RTOS) for embedded devices. The collection of vulnerabilities was dubbed URGENT/11, it includes 11 flaws, 6 of which are rated as critical in severity.

Risk 71
article thumbnail

Container Security Is Falling Behind Container Deployments

Dark Reading

Organizations are increasingly turning to containers even though they are not as confident in the security of those containers, according to a new survey.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

DHS Warning: Small Aircraft are Ripe for Hacking

Threatpost

Hackers with physical access to small aircraft can easily hack the plane's CAN bus system and take control of key navigation systems.

Access 79
article thumbnail

Capital One Breach Affects 100M US Citizens, 6M Canadians

Dark Reading

The breach exposed credit card application data, Social Security numbers, and linked bank accounts, among other information.

article thumbnail

Actionable Followups from the Capital One Breach

Adam Shostack

Alexandre Sieira has some very interesting and actionable advice from looking at the Capital One Breach in “ Learning from the July 2019 Capital One Breach.” Alex starts by saying “The first thing I want to make clear is that I sympathize with the Capital One security and operations teams at this difficult time. Capital One is a well-known innovator in cloud security, has very competent people dedicated to this and has even developed and high quality open source solutions such

Cloud 64
article thumbnail

Apple iOS Flaw Could Give Attacker Access via iMessage

Dark Reading

Google Project Zero researchers found an iOS vulnerability that could let an attacker snoop on a victim's phone remotely.

Access 87
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Hacking eCommerce sites based on OXID eShop by chaining 2 flaws

Security Affairs

Researchers at RIPS Technologies discovered vulnerabilities in the OXID eShop platform that could expose eCommerce websites to hack. Experts at RIPS Technologies discovered several flaws in the OXID eShop platform that could be exploited by unauthenticated attackers to compromise eCommerce websites. OXID eShop is a popular e-commerce software platform used by important brands like Mercedes and Edeka.

GDPR 60
article thumbnail

4 top data security and risk trends, according to Gartner

Information Management Resources

It’s an increasingly difficult challenge for many IT and security executives. One good practice is to stay up on the latest cyber security trends and potential solutions.

Risk 66
article thumbnail

Nation-State Actors Go All-In on Mobile Malware

Threatpost

Even though mobile data security is less mature than its desktop equivalent, the quality of the information on offer is top-tier.