Mon.Jul 27, 2020

article thumbnail

Business ID Theft Soars Amid COVID Closures

Krebs on Security

Identity thieves who specialize in running up unauthorized lines of credit in the names of small businesses are having a field day with all of the closures and economic uncertainty wrought by the COVID-19 pandemic, KrebsOnSecurity has learned. This story is about the victims of a particularly aggressive business ID theft ring that’s spent years targeting small businesses across the country and is now pivoting toward using that access for pandemic assistance loans and unemployment benefits.

article thumbnail

MY TAKE: Even Google CEO Sundar Pichai agrees that it is imperative to embed ethics into AI

The Last Watchdog

It took a global pandemic and the death of George Floyd to put deep-seated social inequities, especially systemic racism, front and center for intense public debate. Related: Will ‘blockchain’ lead to more equitable wealth distribution? We may or may not be on the cusp of a redressing social injustice by reordering our legacy political and economic systems.

IT 289
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Garmin Confirms Hackers Encrypted Several Systems

Data Breach Today

Navigation and Smartwatch Company Stops Short of Using Term 'Ransomware' Garmin acknowledged Monday that a "cyberattack" that encrypted several of its systems led to outages that affected several of the company's fitness and aviation products along with knocking its homepage and customer service centers offline. As of Monday, several affected services were again operating.

article thumbnail

FBI warns cyber actors abusing protocols as new DDoS attack vectors

Security Affairs

The FBI issued an alert last week warning about the discovery of new network protocols that have been exploited to launch large-scale DDoS attacks. The Federal Bureau of Investigation sent an alert last week warning about large-scale distributed denial of service (DDoS) attacks that abused new network protocols. “Cyber actors’ abuse of built-in network protocols may enable DDoS amplification attacks to be carried out with limited resources and result in significant disruptions and impact o

IoT 110
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

US Intelligence Warns of Foreign Election Interference

Data Breach Today

Report Describes Threats From Russia, China and Iran With less than 100 days to go before the U.S. election, intelligence officials are warning of attempted interference by Russia, China and Iran. But Congressional lawmakers are disagreeing about the severity of these threats.

318
318

More Trending

article thumbnail

The Hacker Battle for Home Routers

Data Breach Today

Trend Micro Says Botnet Families Fight for Control of Vulnerable Routers Trend Micro says it has seen increasing attempts to infect home routers for use as proxies and for DDoS attacks. The battle is primarily being fought by three bot families - Mirai, Qbot and Kaiten - that enable low-level fraudsters to hide their activity.

IT 261
article thumbnail

Attackers Exploiting High-Severity Network Security Flaw, Cisco Warns

Threatpost

Attackers are exploiting a high-severity vulnerability in Cisco's network security software products, which is used by Fortune 500 companies.

Security 121
article thumbnail

Dave: Mobile Banking App Breach Exposes 3 Million Accounts

Data Breach Today

Hack Blamed on Credentials Stolen via Breach of Third-Party Service Provider Waydev Mobile-only banking app Dave has suffered a data breach that exposed personal details for at least 3 million users. But the fintech startup says no account information was exposed, and there are no signs of fraud. Dave says the incident traces to credentials stolen from Waydev, a third-party service provider.

article thumbnail

How to Approach an Office Records Management Overhaul

The Texas Record

Overhauling a records management system can be a daunting task. Understanding what worked previously, what didn’t work, and what new programs to implement are all elements in an office records management overhaul. There are a range of things to consider when revamping your records management program, including inventory, security, and disposition projects.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

LifeSpan Health System Hit With $1 Million HIPAA Fine

Data Breach Today

Hefty Penalty After Theft of Unencrypted Laptop Federal regulators have slapped the Rhode Island-based health system LifeSpan with a $1 million HIPAA settlement tied to a 2017 data breach involving the theft of an unencrypted laptop that potentially exposed the data of 20,000 individuals. It's the largest HIPAA enforcement action so far this year.

article thumbnail

Encryption Under ‘Full-Frontal Nuclear Assault’ By U.S. Bills

Threatpost

The U.S. government and tech companies continue to butt heads over the idea of encryption and what that means for law enforcement.

article thumbnail

CISA: Attackers Are Exploiting F5 BIG-IP Vulnerability

Data Breach Today

Update Follows Warnings About Urgency of Patching CISA is warning that threat actors are actively exploiting a remote code execution vulnerability in F5's BIG-IP network products that can lead to data exfiltration and other security issues. Earlier, researchers and F5 had urged users to patch the flaw.

Security 186
article thumbnail

Source code of Cerberus Android Trojan offered for sale for $100,000

Security Affairs

The authors of the Android Cerberus banking trojan are auctioning the project for a price starting at $50,000, with $100K the deal could be immediately closed. The authors of the notorious Cerberus Android banking trojan are auctioning their project for a price starting at $50,000, but buyers could close the deal for $100,000. The overall project includes the source code of the components (the malicious APK, the admin panel, and C2 code), the installation guide, a collection of scripts for the s

Sales 96
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Detecting Payroll Fraud With Data Analytics

Data Breach Today

Data analytics can play a critical role in detecting payroll fraud, says Kelly Paxton, a fraud examiner and private investigator.

Analytics 235
article thumbnail

A Cyberattack on Garmin Disrupted More Than Workouts

WIRED Threat Level

A ransomware hit and subsequent outage caused problems in the company's aviation services, including flight planning and mapping.

article thumbnail

FBI Warns US Firms About Malware in Chinese Tax Software

Data Breach Today

Alert Follows Trustwave Reports on Hidden Backdoors In a private industry alert, the FBI warns U.S. firms of possible malware hidden in tax software the Chinese government requires companies doing business in the nation to use. The warning follows reports by Trustwave about backdoors that can give hackers access to entire networks.

article thumbnail

Examining the future of retail bank branches post pandemic

CGI

Examining the future of retail bank branches post pandemic. This CGI blog post discusses the future of the traditional retail bank branch once the COVID 19 pandemic ends. shobana.lv@cgi.com. Mon, 07/27/2020 - 02:20.

Retail 85
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Stephanie Wagenaar, the problem-solver: Using AI-infused analytics to establish trust

IBM Big Data Hub

Follow @IBMDat a. This story is part of Analytics Heroes, a series of profiles on leaders transforming the future of business analytics.

Analytics 102
article thumbnail

Europe: EDBP issues FAQs on Schrems II – No Grace Period for Privacy Shield Transfers; Case-by-Case Assessments Required to Continue with SCCs

DLA Piper Privacy Matters

On 23 July, the European Data Protection Board issued a set of Frequently Asked Questions with regard to the Schrems II decision of the Court of Justice of the European Union. More information on the Schrems II decision can be found in our Privacy Matters blogpost of 16 July 2020. The main takeaways from these FAQs are: With regard to Privacy Shield : Transfers under the Privacy Shield are now illegal.

Privacy 78
article thumbnail

Schrems II landmark ruling: our recommendations

Data Protection Report

On 16 July 2020, the Court of Justice of the European Union ( CJEU ) published its decision in the landmark case Data Protection Commissioner v Facebook Ireland Ltd, Maximilian Schrems and intervening parties, Case C-311/18 (known as the Schrems II case). While the EU-US Privacy Shield ( Privacy Shield ) has been completely invalidated, the Standard Contractual Clauses ( SCCs ) remain valid, but with strict conditions.

article thumbnail

EDPB Adopts Information Note on BCRs in Preparation for Brexit

Hunton Privacy

On July 22, 2020, the European Data Protection Board (the “EDPB”) adopted an information note (the “Note”) to assist organizations relying on Binding Corporate Rules (“BCRs”) for international personal data transfers, as well as supervisory authorities, in preparing for the end of the Brexit implementation period on December 31, 2020. The Note is provided specifically for those groups of undertakings and enterprises that have the UK Information Commissioner’s Office (“ICO”) as the competent supe

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Images in Eye Reflections

Schneier on Security

In Japan, a cyberstalker located his victim by enhancing the reflections in her eye , and using that information to establish a location. Reminds me of the image enhancement scene in Blade Runner. That was science fiction, but now image resolution is so good that we have to worry about it.

IT 106
article thumbnail

Legendary Help: Modernizing the retail customer experience

Rocket Software

Online shopping has taken off across all industries, and has only been amplified by the recent pandemic. Groceries, clothes, pre-made meals or household supplies—everything you could imagine is accessible now through the click of a button on your computer or phone. This is extremely beneficial to the customer, who can now access anything they need, regardless of location.

article thumbnail

Microsoft Revamps Windows Insider Preview Bug Bounty Program

Threatpost

Researchers can earn up to $100,000 for finding vulnerabilities in Microsoft's revamped Windows Insider Preview bug bounty program.

article thumbnail

SAMHSA Releases Final 42 CFR Part 2 Revised Rule

Data Matters

On July 13, the Department of Health and Human Services’ Substance Abuse and Mental Health Services (“SAMHSA”) announced final revisions to the Confidentiality of Substance Use Disorder Patient Records regulation codified at 42 CFR Part 2 (so-called “Part 2” regulations). These regulations—which apply to certain information relating to patients being treated for substance use disorders (“SUDs”)—impose restrictions above and beyond those in the Health Insurance Portability and Accountability Act

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Block/Allow: The Changing Face of Hacker Linguistics

Dark Reading

Terms such as "whitelist," "blacklist," "master," and "slave" are being scrutinized again and by a wider range of tech companies than ever before.

86
article thumbnail

Garmin says many of the systems are returning to operation

Security Affairs

Smartwatch and wearable device maker Garmin announced that its computer networks were coming back after the ransomware attack that took place last week. Last week, on July 23, smartwatch and wearable device maker Garmin had to shut down some of its connected services and call centers following a ransomware attack. A few days after the outage, the company admitted it was the victim of a “cyber attack that encrypted” some of its systems.

article thumbnail

Pandemic Credential Stuffing: Cybersecurity's Ultimate Inside Job

Dark Reading

How stolen credentials for services like Zoom and password reuse practices threaten to compromise other accounts and applications.