Thu.Dec 20, 2018

article thumbnail

Feds Charge Three in Mass Seizure of Attack-for-hire Services

Krebs on Security

Authorities in the United States this week brought criminal hacking charges against three men as part of an unprecedented, international takedown targeting 15 different “booter” or “stresser” sites — attack-for-hire services that helped paying customers launch tens of thousands of digital sieges capable of knocking Web sites and entire network providers offline.

article thumbnail

2 Chinese Nationals Indicted for Cyber Espionage

Data Breach Today

Prosecutors Say They Were Part of APT10 Group and Had Government Ties The U.S. Department of Justice on Thursday unsealed an indictment charging two Chinese nationals in connection with a cyber espionage campaign, alleging they acted in association with a government agency.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Role of Big Data in Human Resource Management

AIIM

Those who have been practicing Human resource management for years knows the importance of relying on data analytics for creating an enhanced work culture or else they might lag behind that of other departments. Many of you tend to hold the purse strings that HR deals with people, they do not require dealing with large-scale data efforts and have gone to the back of the queue as a result.

Big data 125
article thumbnail

Facebook Sued in U.S. Over Cambridge Analytica

Data Breach Today

DC Attorney General Alleges Violation of Consumer Protection Law Facebook violated consumer protection law by failing to protect personal data that consumers thought they'd locked down, the District of Columbia alleges in a new lawsuit. Plus, Facebook is disputing a New York Times report that it ignored privacy settings and shared data with large companies without consent.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

GUEST ESSAY: Top cybersecurity developments that can be expected to fully play out in 2019

The Last Watchdog

From a certain perspective, 2018 hasn’t been as dramatic a cybersecurity year as 2017, in that we haven’t seen as many global pandemics like WannaCry. Related: WannaCry signals worse things to come. Still, Ransomware, zero-day exploits, and phishing attacks, were among the biggest threats facing IT security teams this year. 2018 has not been a d ull y ear as far as breaches.

More Trending

article thumbnail

A Short Cybersecurity Writing Course Just for You

Lenny Zeltser

My new writing course for cybersecurity professionals teaches how to write better reports, emails, and other content we regularly create. It captures my experience of writing in the field for over two decades and incorporates insights from other community members. It’s a course I wish I could’ve attended when I needed to improve my own security writing skills.

article thumbnail

Another State Announces a HIPAA Breach Settlement

Data Breach Today

Hospital Pays $75,000 Penalty in Case Involving Lost Unencrypted Devices In the latest in series of HIPAA enforcement actions taken by states this year, Massachusetts Attorney General Maura Healey's office has signed a $75,000 consent judgement with McLean Hospital, a psychiatric facility, in connection with a breach that affected 1,500 individuals.

166
166
article thumbnail

2019 may not be the year of quantum, but it should be the year of preparation

Thales Cloud Protection & Licensing

A few weeks ago, the National Academies of Sciences, Engineering and Medicine published a new report exploring the progress and prospects – or lack of – around quantum computing. Highlighting several technical and financial problems that need to be overcome before a functional quantum computer can be built, the report states it’s too early to even predict a timeline for the development of the technology.

IT 88
article thumbnail

Microsoft issues emergency patch for IE Zero Day exploited in the wild

Security Affairs

Microsoft has issued an out-of-band security update to fix a critical zero-day flaw in the Internet Explorer (IE) browser. Microsoft has rolled out an out-of-band security update to address a critical zero-day vulnerability affecting the Internet Explorer (IE) browser. According to the tech giant, attackers already exploited in the wild the vulnerability tracked as CVE-2018-8653.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Your checklist for responding to and reporting data breaches

IT Governance

This blog has been updated to reflect industry updates. Originally published 25 October 2018. There is a lot you need to do after you discover a data breach, so it’s a good idea to keep a checklist. This will help you keep track of your progress during a hectic few days and ensure that you’ve done everything necessary to comply with the EU GDPR (General Data Protection Regulation).

article thumbnail

Researcher disclosed a Windows zero-day for the third time in a few months

Security Affairs

Security researcher SandboxEscaper released a working proof-of-concept (PoC) exploit for a new Windows zero-day vulnerability. Hacker Discloses New Unpatched Windows Zero-Day Exploit On Twitter. The security researcher SandboxEscaper is back and for the third time in a few months, released proof-of-concept (PoC) exploit for a new zero-day vulnerability affecting Microsoft’s Windows OS.

article thumbnail

3 Reasons to Train Security Pros to Code

Dark Reading

United Health chief security strategist explains the benefits the organization reaped when it made basic coding training a requirement for security staff.

article thumbnail

Hack the Air Force 3 – White hat hackers earn $130,000

Security Affairs

Hack the Air Force 3.0 – The US DoD announced that more than 30 white hat hackers earned $130,000 for more than 120 vulnerabilities. The U.S. Defense Department, along with bug bounty platform HackerOne, presented the results of the third bug bounty program Hack the Air Force. The program started on October 19 and lasted more than four weeks, it finished on November 22.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Attackers Use Scripting Flaw in Internet Explorer, Forcing Microsoft Patch

Dark Reading

Microsoft issues an emergency update to its IE browser after researchers notified the company that a scripting engine flaw is being used to compromised systems.

IT 80
article thumbnail

Analyzing a Danabot Paylaod that is targeting Italy

Security Affairs

A new variant of the infamous Danabot botnet hit Italy, experts at Cybaze-Yoroi ZLab dissected one of these sample that targeted entities in Italy. In the last weeks, a new variant of the infamous Danabot botnet hit Italy. Security firms such as Proofpoint and Eset analyzed other samples of the same threat targeting the Australian landscape back in May 2018 and, more recently, in Italy.

article thumbnail

Hackers Bypass Gmail, Yahoo 2FA at Scale

Dark Reading

A new Amnesty International report explains how cyberattackers are phishing second-factor authentication codes sent via SMS.

article thumbnail

NASA Announces Data Breach

Adam Levin

The US National Aeronautics and Space Administration has announced that it experienced a data breach in October. In an internal memo sent to employees, the agency disclosed that its “cybersecurity personnel began investigating a possible compromise of NASA servers,” and that they had “determined that information from one of the servers containing Social Security numbers and other PII data of current and former NASA employees may have been compromised.”.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Amazon Sends 1,700 Alexa Voice Recordings to a Random Person

Threatpost

The intimate recordings paint a detailed picture of a man's life.

article thumbnail

Safely adopting technology in the hospitality industry

IT Governance

The hospitality sector has embraced consumer-facing technology. Chatbots, AI, robotics – such as Hilton’s robot concierge, Connie , which hit the headlines in 2016 – the IoT (Internet of Things), recognition technology, virtual reality, augmented reality, automation, voice search and virtual concierge are just some of the developments being adopted.

article thumbnail

How to Optimize Security Spending While Reducing Risk

Dark Reading

Risk scoring is a way of getting everyone on the same page with a consistent, reliable method of gathering and analyzing security data.

Risk 75
article thumbnail

What is ISO 27001 certification?

IT Governance

Organisations are facing increasing pressure from regulators, clients and the public to address information security, which is leading to a spike in ISO 27001 certifications. The Standard describes best practices for an ISMS (information security management system), helping organisations address their people, processes and technology in the most effective way possible.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

2018 In the Rearview Mirror

Dark Reading

Among this year's biggest news stories: epic hardware vulnerabilities, a more lethal form of DDoS attack, Olympic 'false flags,' hijacked home routers, fileless malware - and a new world's record for data breaches.

article thumbnail

Jamf After Dark podcast: Past, present and future

Jamf

The Jamf podcast gives you an inside look at the people, teams and processes that make Jamf what it is. See what episodes we launched in 2018 and what you can expect in 2019.

IT 63
article thumbnail

Security 101: How Businesses and Schools Bridge the Talent Gap

Dark Reading

Security experts share the skills companies are looking for, the skills students are learning, and how to best find talent you need.

article thumbnail

Facebook Admits Giving Partners Access to Messages

Threatpost

A Facebook partnership with Netflix, Dropbox, Spotify, and Royal Bank of Canada gave them access to messages.

Access 81
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

US Indicts 2 APT 10 Members for Years-Long Hacking Campaign

Dark Reading

In an indictment unsealed this morning, the US ties China's state security agency to a widespread campaign of personal and corporate information theft.

article thumbnail

U.S. Indicts China-Backed Duo for Massive, Years-Long Spy Campaign

Threatpost

The homeland security implications are significant: the two, working with Beijing-backed APT10, allegedly stole sensitive data from orgs like the Navy and NASA.

article thumbnail

Automating a DevOps-Friendly Security Policy

Dark Reading

There can be a clash of missions between security and IT Ops teams, but automation can help.