Wed.May 29, 2019

article thumbnail

Should Failing Phish Tests Be a Fireable Offense?

Krebs on Security

Would your average Internet user be any more vigilant against phishing scams if he or she faced the real possibility of losing their job after falling for one too many of these emails? Recently, I met someone at a conference who said his employer had in fact terminated employees for such repeated infractions. As this was the first time I’d ever heard of an organization actually doing this, I asked some phishing experts what they thought (spoiler alert: they’re not fans of this partic

Phishing 227
article thumbnail

Under GDPR, UK Data Breach Reports Quadruple

Data Breach Today

After Privacy Law Went Into Full Effect, Data Security Complaints Doubled One year after Europe's tough new GDPR privacy law went into full effect last May, authorities in Britain have seen the number of annual data breach notifications more than quadruple. Meanwhile, the number of data protection complaints filed by Europeans has doubled.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Google white hat hacker found code execution flaw in Notepad

Security Affairs

The popular white hat hacker Tavis Ormandy has announced the discovery of a code execution vulnerability in Microsoft’s Notepad text editor. The Google Project Zero researcher Tavis Ormandy announced the discovery of a code execution flaw in Microsoft’s Notepad text editor. Am I the first person to pop a shell in notepad? … believe it or not, It's a real bug!

article thumbnail

EHR Vendor Penalized Again, This Time by States

Data Breach Today

Settlement Follows Federal HIPAA Penalty Tied to Data Breach Cloud-based electronic health records vendor Medical Informatics Engineering has signed a $900,000 settlement with 16 state attorneys general in a case involving the same 2015 data breach that was at the center of a recent $100,000 settlement with a federal regulator.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Kofax Launches Intelligent Automation Software Platform and Marketplace to Advance Future-of-Work Initiatives for Hyper-Connected Enterprises

Info Source

Industry’s First Integrated, AI-Enabled Platform Ecosystem Automates End-To-End Business Operations at Scale. Irvine, CA – May 29, 2019 – Kofax ®, a leading supplier of Intelligent Automation software to digitally transform end-to-end business operations, today announced it has launched the industry’s first Intelligent Automation platform and marketplace , advancing future-of-work initiatives for hyper-connected enterprises.

More Trending

article thumbnail

Belgium: Belgian Data Protection Authority issues its first fine

DLA Piper Privacy Matters

By Patrick Van Eecke. The Belgian Data Protection Authority on Tuesday May 28 sanctioned a local politician with a fine of 2000 EUR for having abused e-mailaddresses of citizens for election purposes. Although the amount of the fine is rather low, it shows the newly elected members of the DPA take their role seriously since they took office about a month ago.

IT 88
article thumbnail

Outmaneuvering Threat Actors in the Age of Industrial IoT (IIoT)

Data Breach Today

ISMG and Fortinet hosted a roundtable dinner in Atlanta on May 7 focused on "Outmaneuvering Threat Actors in the Age of Industrial IoT (IIoT)". Challenges in communication and gaining buy in from operational teams for security initiatives were explored, and Richard Peters, Director, Operational Technology Global Engagement, of Fortinet provided his insight on the event in this exclusive interview.

IoT 134
article thumbnail

WannaCry Lives On in 145K Infected Devices

Dark Reading

Data from the last half year shows devices worldwide infected with the self-propagating ransomware, putting organizations with poor patching initiatives at risk.

article thumbnail

Executive Roundtable Recap: Securing the Digital Enterprise

Data Breach Today

ISMG and Fortinet hosted a roundtable dinner in Nashville, TN on May 15 focused on "Securing the Digital Enterprise". Challenges in gaining internal buy in for security initiatives and the problems of M&A activity were discussed, and Sonia Arista, National Healthcare Lead of Fortinet provided her insight on the event in this exclusive interview.

Security 134
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

NYC Automated Decision-Making Task Force Forum Provides Insight Into Broader Efforts to Regulate Artificial Intelligence

Data Matters

More and more entities are deploying machine learning and artificial intelligence to automate tasks previously performed by humans. Such efforts carry with them real benefits, such as the enhancement of operational efficiency and the reduction of costs, but they also raise a number of concerns regarding their potential impacts on human society, particularly as computer algorithms are increasingly used to determine important outcomes like individuals’ treatment within the criminal justice system

article thumbnail

Impersonation Attacks Up 67% for Corporate Inboxes

Dark Reading

Nearly three-quarters of organizations hit with impersonation attacks experienced direct losses of money, customers, and data.

93
article thumbnail

All Docker versions affected by an unpatched race condition issue

Security Affairs

A race condition flaw that could be exploited by an attacker to read and write any file on the host system affects any versions of Docker. . Experts found a race condition vulnerability in any versions of Docker, the vulnerability could be exploited by an attacker to read and write any file on the host system. Technically the flaw, tracked as CVE-2018-15664 , is a time-to-check-time-to-use (TOCTOU) flaw caused by changes in a system between the checking of a condition (i.e. authorization chec

article thumbnail

Apple and WhatsApp condemn GCHQ plans to eavesdrop on encrypted chats

The Guardian Data Protection

GCHQ ‘ghost protocol’ would seriously undermine user security and trust, says letter A GCHQ proposal that would enable eavesdropping on encrypted chat services has been condemned as a “serious threat” to digital security and human rights. In an open letter signed by more than 50 companies, civil society organisations and security experts – including Apple, WhatsApp, Liberty and Privacy International – GCHQ was called on to abandon its so-called “ghost protocol”, and instead focus on “protecting

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Docker Vulnerability Opens Servers to Container Code

Dark Reading

Under very specific conditions, code running in a Docker container could access files anywhere on a server, according to a new CVE.

Access 89
article thumbnail

Everteam.iFile | Connect, Extract, Process, Manage and Analyze all your Stored Information

Everteam

The rising value of data today requires a great effort to be managed and kept. A greater effort is required to grant a safe, smart and secure way to share and use this data, especially when it comes to key business processes and workflows that allow organizations and governments to communicate. To efficiently manage data, Everteam developed everteam.iFile, a solution based on Artificial Intelligence and Machine Learning to find, identify, manage and process information regardless of its location

article thumbnail

Nansh0u campaign already infected 50,000 MS-SQL and PHPMyAdmin Servers

Security Affairs

Guardicore Labs uncovered a widespread cryptojacking campaign tracked as Nansh0u and aimed at Windows MS-SQL and PHPMyAdmin servers. Security experts at Guardicore Labs uncovered a widespread cryptojacking campaign leveraging a malware dubbed Nansh0u. The malicious code aimed at Windows MS-SQL and PHPMyAdmin servers worldwide. According to the experts, the malicious campaign is being carried out by a Chinese APT group.

article thumbnail

How to view Microsoft Office documents in OpenText ApplicationXtender

OpenText Information Management

The release of OpenText™ ApplicationXtender 16.3 brought expanded user experience with features like the new, integrated web scanning client (AKA OpenText Captiva cloud runtime). The web scanning client brought the latest in OpenText capture technology to ApplicationXtender, including greatly expanded scanning back end control. This was combined with a new, faster thumbnail preview, integrated text … The post How to view Microsoft Office documents in OpenText ApplicationXtender appeared fi

Cloud 70
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

5G IoT: Literally a Matter of Life or Death

Threatpost

High-risk applications that require zero latency, like remote surgery, could cause loss of life in the event of a cyberattack.

IoT 82
article thumbnail

Flipboard Confirms Two Hacks, Prompts Password Resets

Dark Reading

The company reports two incidents affected a subset of its users and is resetting passwords for involved accounts.

article thumbnail

TA505 is expanding its operations

Security Affairs

An attack against an Italian organization lead the experts at Yoroi-Cybaze ZLab to shed the light on ongoing operations attributed to TA505. Introduction. In the last few days, during monitoring activities, Yoroi CERT noticed a suspicious attack against an Italian organization. The malicious email contains a highly suspicious sample which triggered the ZLAB team to investigate its capabilities and its possible attribution, discovering a potential expansion of the TA505 operation.

IT 67
article thumbnail

Why Fostering Flexibility Is a Win for Women & Cybersecurity

Dark Reading

Creating a culture of supporting and advancing women is no small feat, but it's worth the challenge. Start with yourself. Here's how.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Bridging the old and the new in Chicago @ The Mag Mile

Micro Focus

Thank you, Chicago The Micro Focus crew recently went back to Chicago for its 6th year on the #DevDay tour. Despite the stormy weather predictions and unreliable downtown traffic, plenty of COBOL and mainframe devs joined us for the day. Time and time again, Chicago continues to be a signature stop on this roadshow. Over. View Article.

IT 64
article thumbnail

News aggregator Flipboard disclosed a data breach

Security Affairs

The news aggregator Flipboard announced that it suffered a breach, unauthorized users had access to some databases storing user account information. The news and social media aggregator Flipboard disclosed on Tuesday that it suffered a breach, unauthorized users had access to some databases storing user information. Hackers had access to the company systems between June 2, 2018, and March 23, 2019, and again on April 21-22, 2019.

article thumbnail

50k Servers Infected with Cryptomining Malware in Nansh0u Campaign

Threatpost

A rapidly-expanding campaign has infected 50,000 servers with malware that mines an open source cryptocurrency called TurtleCoin.

Mining 75
article thumbnail

Emotet: How to stop ‘the most destructive malware’ in existence

IT Governance

If you haven’t reviewed your security practices in a while, now’s the time, because security researchers have spotted a surge in Emotet attacks in the past three months. The banking Trojan is considered “among the most costly and destructive [forms of] malware”, as it can strike in countless ways. Victims might be hit with ransomware, have their passwords or intellectual property stolen, or be used as conduits to other organisations.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

‘5G is Coming,’ But Can the Security Industry Keep Up?

Threatpost

What does 5G mean from a security vendor perspective? A Palo Alto Networks expert sounds off at GSMA's Mobile360 this week.

article thumbnail

Level Up Your Data Forensics Game at Black Hat USA

Dark Reading

Learn about the latest supply chain attacks, red team threats, and "deep fake" detection tricks at the premier cybersecurity event in Las Vegas this August.

article thumbnail

The Role of Social Media and AI in Compliance Investigations

Hanzo Learning Center

Can social media posts and data be used as evidence in a compliance investigation? Is it possible to leverage artificial intelligence to identify the right information relevant to an open case among the massive volume of content online? The answer to both questions is yes, and in a new five-part podcast series with Tom Fox, the Compliance Evangelist, we talk about these topics at length from regulatory, technical, and operational perspectives.