Krebs on Security

DECEMBER 13, 2018

A new email extortion scam is making the rounds, threatening that someone has planted bombs within the recipient’s building that will be detonated unless a hefty bitcoin ransom is paid by the end of the business day. Sources at multiple U.S. based financial institutions reported receiving the threats, which included the subject line, “I advise you not to call the police.” The email reads: My man carried a bomb (Hexogen) into the building where your company is located.

Blockchain 200

Blockchain Passwords IT Security 200

Data Breach Today

DECEMBER 13, 2018

But Experts Caution Forensic Evidence is Lacking Hackers linked with China are suspected to be behind the four-year breach of Marriott's Starwood guest reservation system, Reuters reports on Wednesday. The suggestion is likely to contribute to increased tension between the U.S. and China.

182

182

IT Governance

DECEMBER 13, 2018

This blog has been updated to reflect industry updates. Originally published 24 October 2018. The first 72 hours after you become aware of a data breach are critical. This is the deadline given to you under the EU GDPR (General Data Protection Regulation) to report information security incidents to your supervisory authority. As you might expect, there are a lot of intricacies involved.

Data breaches 110

Data breaches GDPR Personal data Compliance 110

Data Breach Today

DECEMBER 13, 2018

Modifications Could Affect Certain Privacy, Security Provisions Will the Department of Health and Human Services' request for feedback on potential changes to HIPAA eventually result in modifications to the regulation, including certain provisions that touch on privacy and security issues? There's a long road to travel before any changes actually might get made.

Privacy 170

Privacy Security 170

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Security Affairs

DECEMBER 13, 2018

McAfee uncovered a campaign tracked as Operation Sharpshooter that hit at least 87 organizations in global defense and critical infrastructure. Security experts at McAfee uncovered a hacking campaign, tracked as Operation Sharpshooter, aimed at infrastructure companies worldwide. The threat actors are using malware associated with Lazarus APT group that carried out Sony Pictures attack back in 2014.

Encryption 95

Encryption Metadata Phishing Security 95

Hunton Privacy

DECEMBER 13, 2018

On November 23, 2018, both Australia and Chinese Taipei joined the APEC Cross-Border Privacy Rules (“CBPR”) system. The system is a regional multilateral cross-border transfer mechanism and an enforceable privacy code of conduct and certification developed for businesses by the 21 APEC member economies. The Australian Attorney-General’s Department recently announced that APEC endorsed Australia’s application to participate and that the Department plans to work with both the Office of the Austral

Privacy 86

Privacy Information Security Security 86

Data Breach Today

DECEMBER 13, 2018

NYKA Advisory Services' Sunil Chandiramani Offers Insights for Financial Institutions Providing vendors with visibility to a company's systems makes the vendor management process far more complicated, says Sunil Chandiramani of NYKA Advisory Services.

Risk 152

Risk 152

Security Affairs

DECEMBER 13, 2018

InfoArmor discovered a misconfigured server online that contained taxpayer identification numbers for 120 million Brazilian taxpayers. In March 2018, security experts at InfoArmor discovered a misconfigured server online that contained taxpayer identification numbers, or Cadastro de Pessoas Físicas (CPFs), for 120 million Brazilian nationals. It is not clear how long data remained exposed online or who accessed them.

Archiving 85

Archiving Military Security Access 85

Thales Cloud Protection & Licensing

DECEMBER 13, 2018

As you will no doubt have heard by now, Thales and Gemalto announced last December that they had reached an agreement under which Thales will acquire Gemalto by way of an all-cash offer, upon receipt of all regulatory clearances. As part of the regulatory process and in order to obtain regulatory clearances among other agencies and from the European Commission, Thales has committed to divest Thales eSecurity’s nShield business in full to a suitable purchaser.

Security 79

Security IT 79

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Schneier on Security

DECEMBER 13, 2018

The New York Times and Reuters are reporting that China was behind the recent hack of Mariott Hotels. Note that this is still uncomfirmed, but interesting if it is true. Reuters: Private investigators looking into the breach have found hacking tools, techniques and procedures previously used in attacks attributed to Chinese hackers, said three sources who were not authorized to discuss the company's private probe into the attack.

Access 79

Access IT 79

Hunton Privacy

DECEMBER 13, 2018

The Agency of Access to Public Information ( Agencia de Acceso a la Información Pública ) (“AAIP”) has approved a set of guidelines for binding corporate rules (“BCRs”), a mechanism that multinational companies may use in cross-border data transfers to affiliates in countries with inadequate data protection regimes under the AAIP. As reported by IAPP, pursuant to Regulation No. 159/2018, published December 7, 2018, the guidelines require BCRs to bind all members of a corporate group, including e

Personal data 78

Personal data Marketing Access Security 78

Data Matters

DECEMBER 13, 2018

*This article was originally published by DataGuidance in October 2018. On 6 September 2018, the Monetary Authority of Singapore (‘MAS’) issued a consultation paper on its draft notice on cyber hygiene (‘the Notice’) which will require financial institutions operating in Singapore to implement a set of fundamental controls to raise their overall level of cyber resilience.

Paper 68

Paper Privacy IT 68

PerezBox

DECEMBER 13, 2018

The previous OSSEC articles went through through the process of installing OSSEC and deploying a distributed architecture. This article will focus on configuring OSSEC to make better sense of WordPress. Read More. The post OSSEC FOR WEBSITE SECURITY: PART III – Optimizing for WordPress appeared first on PerezBox.

Security 75

Security 75

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

IT Governance

DECEMBER 13, 2018

This week, in our last podcast of the year, we revisit some of the biggest information security stories from the past 12 months. Hello and welcome to the final IT Governance podcast of 2018. As is now traditional, I’ve installed myself in the porter’s chair next to the fire in the library, ready to recap some of the year’s more newsworthy information security events.

Data breaches 71

Data breaches Personal data Access GDPR 71

Thales Cloud Protection & Licensing

DECEMBER 13, 2018

In the digital transformation era, companies across all sectors are using next-generation technologies to streamline their operations, deliver value to customers, and gain a competitive edge. Invariably, Internet of Things (IoT) strategies form the backbone of those efforts. Enormous quantities of data can be generated by and collected from a wide variety of IoT devices.

IoT 66

IoT Manufacturing Encryption Authentication 66

eSecurity Planet

DECEMBER 13, 2018

A look at the top vendors in the breach and attack simulation market, a new IT security technology that offers continuous vulnerability assessment.

Marketing 77

Marketing Security IT 77

Jamf

DECEMBER 13, 2018

Learn the ins and outs of automated Apple device enrollment and discover how to put this workflow to use in your environment.

81

81

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Dark Reading

DECEMBER 13, 2018

The toll from cybercrime is expected to pass $6 trillion in the next three years, according to a new report.

86

86

OpenText Information Management

DECEMBER 13, 2018

OpenText Exstream™ has consistently been recognized by analysts as a leader in the Customer Communications Management (CCM) space for over 10 years. Indeed, OpenText™ was recently named as a 2018 CCM Leader in the debut edition of the Aspire Leaderboard for CCM, an interactive, online vendor evaluation tool for customer communications management solutions.

Communications 65

Communications Customer Experience Digital transformation Cloud 65

Dark Reading

DECEMBER 13, 2018

Colleges and universities are prime targets for criminals due to huge sets of personal information and security that is weaker than in many businesses.

Security 72

Security 72

Security Affairs

DECEMBER 13, 2018

The French foreign ministry announced today that its travel alert registry website had been hacked and personal data of citizens “could be misused” The French foreign ministry confirmed tha hackers breached into the Ariane system, its travel alert registry website, and personal data of citizens “could be misused” The Ariane system provides security alerts to registered users when traveling abroad.

IT 64

IT Personal data Security 64

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

eSecurity Planet

DECEMBER 13, 2018

With an Israeli intelligence pedigree and strong funding, XM Cyber has the makings of a serious player in the breach and attack simulation market.

Marketing 71

Marketing 71

Dark Reading

DECEMBER 13, 2018

Enterprises are struggling with familiar old security challenges as a result, new survey shows.

Risk 80

Risk Security 80

Threatpost

DECEMBER 13, 2018

One of the most destructive malware families ever seen is back, and researchers think its authors are gearing up to again take aim at the Middle East.

IT 63

IT 63

Dark Reading

DECEMBER 13, 2018

Even the best chefs will produce an inferior product if they begin with the wrong ingredients.

Cybersecurity 78

Cybersecurity 78

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Threatpost

DECEMBER 13, 2018

An email campaign is demanding large sums of money in return for not blowing up schools, banks and businesses.

Security 72

Security 72

Dark Reading

DECEMBER 13, 2018

The education sector falls last on a list analyzing the security posture of 17 US industries, SecurityScorecard reports.

Education 64

Education Cybersecurity Security 64

OpenText Information Management

DECEMBER 13, 2018

Artificial intelligence (AI) and analytics, individually, topped the digital agenda for companies in 2018 according to CIO magazine. The publication noted that the intersection of the two technologies will drive success for businesses. The combination helps businesses become more successful by giving them a new level of insight into their operations and customer relationships.

Analytics 49

Analytics Artificial Intelligence 49