Tue.Feb 05, 2019

article thumbnail

Failed Fraud Against UK Bank Abused Mobile Infrastructure

Data Breach Today

Fresh SS7 Fraud Highlights Ongoing Call Routing Weaknesses A U.K. bank says no customers lost money after cyberattackers attempted account takeovers by rerouting one-time passcodes, Motherboard reports. Such attacks involve unauthorized tampering with Signaling System #7, the protocol used to route mobile phone calls worldwide.

235
235
article thumbnail

AIIM19 session preview - Writing Effective IIM & IT Policies with Lewis Eisen

AIIM

AIIM19 is just around the corner, March 26-28 in San Diego, and a number of interesting sessions and panel discussions are planned. To give you a sneak-peek, I spoke with one of the presenters this year, Lewis Eisen from Perfect Policies about his session titled “Writing Effective IMM and IT Policies.”. What will you be speaking about during your session?

IT 82
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Fewer Breaches in 2018, But More Sensitive Data Spilled

Data Breach Today

Business and Healthcare Sectors Suffered Most US Breaches, ITRC Finds In 2018, the Identity Theft Resource Center counted 1,244 U.S. data breaches - involving the likes of Facebook, Marriott and Exactis - that exposed 447 million sensitive records, such as Social Security numbers, medical diagnoses and payment card data.

article thumbnail

Severe bug in LibreOffice and OpenOffice suites allows remote code execution

Security Affairs

A security expert discovered a severe Remote Code Execution vulnerability in the popular LibreOffice and Apache OpenOffice. The security researcher Alex Inführ discovered a severe remote code execution vulnerability in LibreOffice and Apache OpenOffice that could be exploited by tricking victims into opening an ODT (OpenDocument Text) file embedding an event embedded.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Settlement Reached in Community Health Systems Breach Suit

Data Breach Today

Under Proposal, Those Affected Would Be Eligible to Receive Payments A $3.1 million proposed settlement has been reached in a data breach class action lawsuit against Community Health Systems stemming from a 2014 cyberattack that affected 4.5 million individuals. Why are settlements in data breach cases still relatively rare?

More Trending

article thumbnail

SOC-as-a-Service for Financial Institutions

Data Breach Today

Beyond managed security services. With such a wide breadth of responsibility, how can small and mid-sized financial institutions counter sophisticated cyberthreats, provide monitoring and incident response needed for compliance?

article thumbnail

Cybercriminals Exploit Gmail Feature to Scale Up Attacks

Dark Reading

Criminals are taking advantage of Gmail's 'dots don't matter' feature to set up multiple fraudulent accounts on websites, using variations of the same email address, Agari says.

81
article thumbnail

Maximize Cybersecurity Risk Ratings in 2019

Data Breach Today

Insights from the Forrester New Wave: Cybersecurity Risk Rating Solutions, Q4 2018. If you are a security or risk leader, you know that even with a formal third-party risk program in place, you are not effectively keeping track of all of your third parties.

Risk 171
article thumbnail

Introducing Intelligent Records Management Powered by AI

Gimmal

Records Management technology hasn’t always been at the forefront of technological innovation. Since records management systems and processes work best when coupled with an organization's current business processes, progress is dependent on the innovations within the workplace. But, over the last couple of years, we have seen a sharp increase in the adoption of modern technology in the workplace which has allowed our industry to innovate as well including, web and cloud-based platforms, cross-re

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Capitalizing on Cloud and Modernization – Fascinating New Industry Report

Micro Focus

Digital Transformation – Must Modernize! Recent discussions around modernization as a smart IT transformation strategy suggest a strong market trend towards Modernization. Before we look at a new study, let’s remind ourselves why organizational transformation matters. Take a look at these three groups of companies and organizations. Group A: American Motors, Brown Shoe, Studebaker, Collins.

article thumbnail

SpeakUp Linux Backdoor targets Linux servers in East Asia and LATAM.

Security Affairs

Security experts at Check Point discovered a new backdoor dubbed ‘ SpeakUp ’ targeting Linux servers in East Asia and Latin America. Malware researchers at Check Point have spotted a new Linux backdoor dubbed ‘ SpeakUp ’ targeting servers in East Asia and Latin America , The SpeakUp backdoor leverages known vulnerabilities in six different Linux distros, it is also able to infect Mac systems.

article thumbnail

Major Zcash Vulnerability Fixed

Schneier on Security

Zcash just fixed a vulnerability that would have allowed "infinite counterfeit" Zcash. Like all the other blockchain vulnerabilities and updates, this demonstrates the ridiculousness of the notion that code can replace people, that trust can be encompassed in the protocols, or that human governance is not ncessary.

article thumbnail

A New Google Chrome Extension Will Detect Your Unsafe Passwords

WIRED Threat Level

“Password Checkup” isn’t a password manager but a simple tool that warns you if you’re using a password that’s been exposed in data breaches.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

ICO Releases Discussion Paper on Regulatory Sandbox Beta Phase

Hunton Privacy

On January 30, 2019, the UK Information Commissioner’s Office (“ICO”) released a discussion paper on the upcoming beta phase of its regulatory sandbox initiative (the “Discussion Paper”). The ICO had launched a call for views on creating a regulatory sandbox in September 2018, and the feedback received facilitated developing systems and processes necessary to launch the beta phase.

Paper 60
article thumbnail

Taming the Wild, West World of Security Product Testing

Dark Reading

The industry has long needed an open, industry-standard testing framework. NetSecOPEN is working to make that happen.

article thumbnail

Enterprises Move (Slowly) Toward Stronger Cybersecurity, Research Shows

eSecurity Planet

Enterprises understand the urgent need for stronger cybersecurity measures — even if they're slow to adopt them, research shows.

article thumbnail

Mitigating the Security Risks of Cloud-Native Applications

Dark Reading

While containers can create more secure application development environments, they also introduce new security challenges that affect security and compliance.

Risk 63
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

What is unified ecosystem management?

Jamf

See how Jamf and Microsoft are changing device management and discover what the benefits are for your organization.

74
article thumbnail

Over 59K Data Breaches Reported in EU Under GDPR

Dark Reading

In addition, 91 reported fines have been imposed since the regulation went into effect last May.

article thumbnail

The APT Name Game: How Grim Threat Actors Get Goofy Monikers

Threatpost

How do advanced persistent threat groups such as Darkhotel and Anchor Panda get their ridiculous names?

article thumbnail

New Vulnerabilities Make RDP Risks Far From Remote

Dark Reading

More than two dozen vulnerabilities raise the risk of using RDP clients to remotely manage and configure systems.

Risk 69
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Remote Desktop Protocol Clients Rife with Remote Code-Execution Flaws

Threatpost

Several flaws in both open-source RDP clients and in Microsoft's own proprietary client make it possible for a malicious RDP server to infect a client computer – which could then allow for an intrusion into the IT network as a whole.

IT 56
article thumbnail

The search for key tech talent will get harder and more costly in 2019

Information Management Resources

Wage growth is starting to accelerate, and CIOs could find themselves paying premiums for certain roles in high demand such as data science, AI, security and cloud technology.

article thumbnail

Shellbot Crimeware Re-Emerges in Monero Mining Campaign

Dark Reading

New attack uses a repurposed version of the Trojan that spreads using Internet Relay Chat.

Mining 75
article thumbnail

How digital leaders are reinventing skillsets to guarantee success

Information Management Resources

Organizations that win at digital become gravity points for the best talent. And the best talent is what organizations need to keep transforming in these times of change.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

EU Recalls Children’s Smartwatch That Leaks Location Data

Threatpost

The children's smartwatch allows bad actors to track their location and communicate with them, according to the alert.

article thumbnail

No Sign of 'Material' Nation-State Actor Impact on 2018 US Midterms

Dark Reading

That's the conclusion of a classified postmortem report sent to the White House yesterday by Acting Attorney General and DHS Secretary.

55
article thumbnail

IoT Scale Flaws Enable Denial of Service, Privacy Issues

Threatpost

Flaws in this connected smart scale might give the diet-challenged a legitimate reason to be nervous.

IoT 66