Tue.Dec 04, 2018

12 States File Data Breach Lawsuit Against EHR Vendor

Data Breach Today

In Wake of Massive Data Breach, Attorneys General Allege Violations of HIPAA, State Laws In a groundbreaking effort, the attorneys general of a dozen states have jointly filed a federal lawsuit against a cloud-based electronic health records vendor that reported a 2015 data breach affecting 3.9

A Breach, or Just a Forced Password Reset?

Krebs on Security

Software giant Citrix Systems recently forced a password reset for many users of its Sharefile content collaboration service, warning it would be doing this on a regular basis in response to password-guessing attacks that target people who re-use passwords across multiple Web sites.

Kubernetes Alert: Security Flaw Could Enable Remote Hacking

Data Breach Today

Patch Container-Orchestration System Now or Risk Serious Consequences A severe vulnerability in Kubernetes, the popular, open-source software for managing Linux applications deployed within containers, could allow an attacker to remotely steal data or crash production applications. Microsoft and Red Hat have issued guidance and patches, and recommend immediate updating

Risk 186

Bad Consumer Security Advice

Schneier on Security

There are lots of articles about there telling people how to better secure their computers and online accounts. While I agree with some of it, this article contains some particularly bad advice: 1. Never, ever, ever use public (unsecured) Wi-Fi such as the Wi-Fi in a café, hotel or airport.

Lack of Business Associate Agreement Triggers HIPAA Fine

Data Breach Today

184

4 Industries That Have to Fight the Hardest Against Cyberattacks

Security Affairs

Society’s dependence on internet-based technologies means security professionals must defend against cyberattacks as well as more traditional threats, such as robbers or disgruntled employees. However, cybercriminals target some industries at disproportionally high rates.

GDPR Compliance: The Role of Vendor Risk Management

Data Breach Today

Attorney Steven Teppler on Holding Vendors Accountable Why is ramping up vendor risk management such a critical component of compliance with the EU's General Data Protection Regulation? Attorney Steven Teppler provides insights

More Trending

Fighting Against Phishing

Data Breach Today

Richard Conti of Children's Hospital of Philadelphia on Risk Mitigation Steps Because phishing attacks are so pervasive, aggressive staff educational efforts are essential, says Richard Conti of The Children's Hospital of Philadelphia, who also discusses other risk mitigation steps

Quora data breach: hackers obtained information on roughly 100 million users

Security Affairs

Another day another illustrious victim of the data breach, the popular question-and-answer website Quora suffered a major data breach that exposed 100 million users.

A CISO's Insights on Breach Prevention

Data Breach Today

Anahi Santiago of Christiana Care on Patching, Mitigating Insider Threats A failure to patch systems and slipups that lead to insider threats are two major causes of breaches in the healthcare sector that need to be urgently addressed, says Anahi Santiago of Christiana Care Health System

164

M2M protocols can be abused to attack IoT and IIoT systems

Security Affairs

Security experts from Trend Micro discovered that some machine-to-machine (M2M) protocols can be abused to attack IoT and industrial Internet of Things (IIoT) systems. According to a study conducted by experts from Trend Micro and the Polytechnic University of Milan.

IoT 84

Enhancing Security Governance

Data Breach Today

Longtime CISO Vito Sardanopoli on Building an Effective Security Program A formal security program that spells out precise governance components is critical to protecting sensitive data, says Vito Sardanopoli, who served on the U.S.

Foreign Trolls Are Targeting Veterans on Facebook

WIRED Threat Level

Opinion: The VA needs to take preventative measures to protect vets—and more broadly, our democracy—from digital manipulation and fraud. Security Opinion

14 Hot Sessions at Black Hat Europe 2018

Data Breach Today

Top-Flight Information Security Conference Returns to London The Black Hat Europe information security conference returns to London, featuring 40 research-rich sessions covering diverse topics, including politically motivated cyberattacks, recovering passwords from keyboards thanks to thermal emanations, hacking Microsoft Edge and detecting "deep fakes

IT Security Lessons from the Marriott Data Breach

eSecurity Planet

500 million people are at risk because of a data breach at Marriott's Starwood hotel chain. What steps can your organization take to limit the risk of suffering the same fate

Question: Did Quora Hack Expose 100 Million Users?

Data Breach Today

Answer: Yes, Q&A Site Believes Hackers Stole Private Content, Hashed Passwords Next to corporate communications that claim that "your security is important to us," any website post titled "security update" portends bad news. So too for question-and-answer site Quora, which says a hack exposed 100 million users' personal details, including hashed passwords and private content

Dissecting the latest Ursnif DHL-Themed Campaign

Security Affairs

Security experts at Yoroi – Cybaze Z-Lab discovered a new variant of the infamous Ursnif malware targeted Italian users through a malspam campaign. Introduction. In the last weeks, a new variant of the infamous Ursnif malware was discovered hitting Italian users through a malspam campaign.

Nonprofits on Facebook Get Hacked—Then They Really Need Help

WIRED Threat Level

Facebook is an enormous platform for charitable giving, but some nonprofit leaders say there aren’t enough resources when something goes wrong. Security

A look back on 2018: What was hype and what was, perhaps, underrated

Thales Data Security

As we close in on the final few days of the year and look ahead to the clean slate that 2019 represents, I wanted to take a few moments to reflect on 2018 – specifically, what tech innovations and predictions held true, which fell a bit flat and which were entirely unexpected.

IoT 68

Governance in Healthcare: Big Data is Table Stakes

Perficient Data & Analytics

Big data itself does not alter the approach to governance nor its framework. And big data isn’t just about data – it’s also concerned with managing and governing vast amounts of content of varying types such as video, images, voice, etc.

Three ways to simplify your digital content supply chain

OpenText Information Management

Sharing and collaborating on large media files, especially with partners and clients outside your organization, can be a challenge for anyone involved in the provisioning of digital content.

10 top analytics and business intelligence trends for 2019

Information Management Resources

New data quality management practices, data discovery techniques and predictive and prescriptive analytics tools will be among the top trends impacting analytics and business intelligence. Analytics Business intelligence Predictive analytics Chief Analytics Officer Machine learning

[Podcast] Up Against 70,000 Boxes of Paper - One Law Firm’s Paper-Free Journey

AIIM

No, you read that title right – seventy THOUSAND boxes of paper in the highly restrictive environment of legal services. That’s what Susan Gleason , Manager of Records and Information Governance at Shipman & Goodwin and her team were up against.

Paper 60

3 key elements to make data monetization possible

Information Management Resources

Businesses that are not realizing the full potential value of data are leaving untapped opportunities on the table and are at real risk of being disrupted by companies that are driving forward with an analytics agenda. Data strategy Data management Data and information management

Backdoors Up 44%, Ransomware Up 43% from 2017

Dark Reading

Nearly one in three computers was hit with a malware attack this year, and ransomware and backdoors continue to pose a risk

Risk 82

AI investments can boost the human side of HR

Information Management Resources

There is no piece of software or feature set that can possibly demonstrate the value that AI brings to HR. It’s about a holistic experience; everything that HR professionals do should be supported by AI. Artificial intelligence HCM software HR Technology HR analytics

IT 81

The next step in simplifying contract management with OpenText Contract Center

OpenText Information Management

Since we first released OpenText™ Contract Center to support centralized contract management, we’ve been gathering feedback from customers about how to make it even better.

Blog 56

DHS, FBI Issue SamSam Advisory

Dark Reading

Following last week's indictment, federal government issues pointers for how security pros can combat SamSam ransomware

Majority of SMBs feel ill prepared to defend against cyber attacks

Information Management Resources

Small and mid-sized businesses increasingly face the same cyber security risks as larger companies, but only 28 percent rate their ability to mitigate threats, vulnerabilities and attacks as 'highly effective,' says a new study. Data security Cyber security Cyber attacks

Study 76

5 Emerging Trends in Cybercrime

Dark Reading

Organizations can start today to protect against 2019's threats. Look out for crooks using AI "fuzzing" techniques, machine learning, and swarms

National Republican Congressional Committee Emails Breached During Midterms

Adam Levin

Email accounts of four top officials at the National Republican Congressional Committee (NRCC) were successfully hacked during the 2018 midterm elections. The NRCC announced the hack on Tuesday through spokesman Ian Prior, and attributed it to “an unknown entity.”. “[U]pon

IT 52

Quora Breach Exposes Information of 100 Million Users

Dark Reading

The massive breach has exposed passwords for millions who didn't remember having a Quora account

[Podcast] Up Against 70,000 Boxes of Paper - One Law Firm’s Paper-Free Journey

AIIM

No, you read that title right – seventy THOUSAND boxes of paper in the highly restrictive environment of legal services. That’s what Susan Gleason , Manager of Records and Information Governance at Shipman & Goodwin and her team were up against.

Paper 52

Competitive Advantages of Implementing Artificial Intelligence in Banking

InfoGoTo

Nearly 80% of the information captured during the processing of a mortgage loan is in forms that – until recently – have been all but inaccessible to computers.

[Podcast] Up Against 70,000 Boxes of Paper - One Law Firm’s Paper-Free Journey

AIIM

No, you read that title right – seventy THOUSAND boxes of paper in the highly restrictive environment of legal services. That’s what Susan Gleason , Manager of Records and Information Governance at Shipman & Goodwin and her team were up against.

Paper 52

Case Law Summary: Native-Format Production — Lessons From McDonnel Group, LLC v. Starr Surplus Lines Insurance Co.

Hanzo Learning Center

With some electronically stored information (ESI), what you see is what you get. A simple screenshot, PDF, or TIFF image may convey all the information that a litigant needs. ediscovery discovery case law native format production form of production FRCP 34 ESI metadata

1-800-Flowers Becomes Latest Payment Breach Victim

Threatpost

Details are so far scant in this latest in a string of data breaches. Breach Web Security 1-800-flowers Canada data breach four years payment cards