20-Year-Old Bug in Legacy Microsoft Code Plagues All Windows Users
Threatpost
AUGUST 14, 2019
A bug in an obscure legacy Windows protocol can lead to serious real-world privilege-escalation attacks.
Threatpost
AUGUST 14, 2019
A bug in an obscure legacy Windows protocol can lead to serious real-world privilege-escalation attacks.
Data Breach Today
AUGUST 14, 2019
Vendor Copied Data Without Authorization; Left MongoDB Open to Internet Choice Hotels says about 700,000 records for guests were exposed after one of its vendors copied data from its systems. Fraudsters discovered the data and tried to hold the hotel chain to ransom, which it ignored.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
AUGUST 14, 2019
“ Bluetana ,” a new mobile app that looks for Bluetooth-based payment card skimmers hidden inside gas pumps, is helping police and state employees more rapidly and accurately locate compromised fuel stations across the nation, a study released this week suggests. Data collected in the course of the investigation also reveals some fascinating details that may help explain why these pump skimmers are so lucrative and ubiquitous.
Data Breach Today
AUGUST 14, 2019
Newly Discovered Bugs Can Carry Out Remote Code Execution Without User Interaction Microsoft has released a set of patches for two newly discovered BlueKeep-like vulnerabilities in a number of Windows operating systems. The "wormable" bugs in remote desktop services permit propagation of malware from one compromised device to others, the company reports.
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
The Last Watchdog
AUGUST 14, 2019
With all the talk of escalating cyber warfare , the spread of counterfeit smartphones and new forms of self-replicating malware , I came away from Black Hat USA 2019 (my 15 th ) marveling, once more, at the panache of modern cyber criminals. Related: Lessons learned from Capital One breach Yet, I also had the chance to speak one-on-one with dozens of security vendors who are innovating like crazy to improve security.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
AIIM
AUGUST 14, 2019
“To Fly. To Serve.” That’s the motto of British Airways, a carrier I have flown for many years. When I first saw those words displayed on a plaque in the cabin as I boarded my flight, I chuckled. At the time, they seemed rather pretentious for what has become a very commonplace, almost plebeian way to get folks from one place to another. Of course, the more I thought about it, the more I warmed to the seriousness with which somebody at BA viewed the enormous responsibility inherent in transporti
The Guardian Data Protection
AUGUST 14, 2019
Fingerprints, facial recognition and other personal information from Biostar 2 discovered on publicly accessible database The fingerprints of over 1 million people, as well as facial recognition information, unencrypted usernames and passwords, and personal information of employees, was discovered on a publicly accessible database for a company used by the likes of the UK Metropolitan Police, defence contractors and banks.
IT Governance
AUGUST 14, 2019
The EU GDPR (General Data Protection Regulation) grants data subjects the right to access their personal data. This is known as a DSAR (data subject access request). Subject access requests are not new, but the GDPR introduced several changes that make responding to them more challenging. Organisations now have less time to respond, and may no longer charge a fee (except in certain circumstances).
Schneier on Security
AUGUST 14, 2019
Last month, Attorney General William Barr gave a major speech on encryption policywhat is commonly known as "going dark." Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it. Some hold this view dogmatically, claiming that it is technologically impossible to provide lawful access without weakening security against unlawful access.
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
Security Affairs
AUGUST 14, 2019
Experts at Netflix and Google discovered eight denial-of-service ( DoS ) vulnerabilities affecting various HTTP/2 implementations. Researchers from Netflix and Google discovered eight denial-of-service ( DoS ) flaws affecting various HTTP/2 implementations. Some of the flawed implementations belong to tech giants such as Amazon, Apple, Facebook, and Microsoft.
WIRED Threat Level
AUGUST 14, 2019
A political consultant crosses paths with Konstantin Kilimnik, Paul Manafort, and Cambridge Analytica, then becomes part of the Russia investigation.
Security Affairs
AUGUST 14, 2019
Microsoft Patches Over 90 Vulnerabilities With August 2019 Updates. Microsoft Patch Tuesday security updates for August 2019 address more than 90 flaws, including two new ‘ wormable ‘ issues in Windows Remote Desktop Services. Microsoft Patch Tuesday security updates for August 2019 fix 93 vulnerabilities, including two new ‘ wormable ‘ issues in Windows Remote Desktop Services.
Threatpost
AUGUST 14, 2019
A publicly accessible database exposed the fingerprints and facial recognition information of millions, thrusting biometrics security into the spotlight once again.
Advertisement
“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.
Dark Reading
AUGUST 14, 2019
As threats continue to evolve and cybercriminals become more sophisticated, organizations that lack a mature security awareness and training program place themselves at serious risk.
Security Affairs
AUGUST 14, 2019
A parliamentary committee in the Czech Republic blame s a foreign country state for a cyberattack that hit the C zech Foreig n Ministry. A parliamentary committee in the Czech Republic revealed that the National Cyber and Information Security Agency blamed a foreign state for a cyber attack that targeted the Czech Foreign Ministry. The committee did not reveal the name of the state allegedly involved in the attack. “The committee of the upper house of parliament said it received the findin
Dark Reading
AUGUST 14, 2019
Thousands of organizations, including banks, governments, and the UK Metropolitan Police, use the biometric security tool to authenticate users.
IT Governance
AUGUST 14, 2019
IT Governance, part of GRC International Group, is looking to recruit recent graduates to join its successful Cyber Essentials consultancy as trainee assessors. Cyber Essentials is a baseline cyber security standard that is run by the NCSC (National Cyber Security Centre) on behalf of the UK government. Applicants must have degrees in networking, digital forensics, ethical hacking, or computer science, and strong technical knowledge of networking.
Advertisement
If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.
Dark Reading
AUGUST 14, 2019
Criminals are using the tools intended to protect consumers to attack them through techniques that are becoming more successful with each passing month.
TAB OnRecord
AUGUST 14, 2019
In a four-part blog series, we are focusing on color-coding. In part one we discussed the color-coded file folder and in part two we looked beyond the obvious and immediate benefits of color-coding. In this post we reveal how color-coding makes it easier to meet requirements for records retention and disposition – and avoids risk [.] Read More. The post Color-Coding (Part 3): Retention and disposition headaches?
Dark Reading
AUGUST 14, 2019
Cybercriminals are initiating more attacks using low-bandwidth techniques, but the tactics expand the gray area between DDoS attacks and popular methods of mass scanning.
Security Affairs
AUGUST 14, 2019
SAP Patches Highest Number of Critical Flaws Since 2014. SAP released Security Patch Day updates for August 2019 that address three critical vulnerabilities in the company’s products. SAP has released the Security Patch Day for August, this month the company addresses several flaws, including three critical vulnerabilities (Hot News), the highest number of critical flaws since 2014.
Advertisement
Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.
Dark Reading
AUGUST 14, 2019
A new lawsuit says that GitHub bears responsibility for the Capital One breach because it actively encourages hacking and stored stolen data.
IBM Big Data Hub
AUGUST 14, 2019
In my last blog post , I covered how you can deliver an AI pilot in just eight weeks and at the same time design your program in a way to scale the AI across your enterprise. Culture, architecture and technology is fundamental to move from AI pilot to AI @ Scale. I also discussed how IBM is helping one of biggest ANZ-region banks to do AI @ Scale to deliver personalized offers using a bot to automate risk modeling and crediting the money in their customers’ accounts.
Dark Reading
AUGUST 14, 2019
Researchers see the rise of new relationships and attack techniques as criminals put companies' resilience to the test.
Schneier on Security
AUGUST 14, 2019
Several high-security electronic locks are vulnerable to side-channel attacks involving power monitoring.
Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO
The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.
Threatpost
AUGUST 14, 2019
Hundreds of contractors reportedly were hired to transcribe Messenger voice chats in order to test the accuracy of an AI algorithm -- raising questions about what Facebook does with the data.
Dark Reading
AUGUST 14, 2019
Far too often, there's a new breach in the headlines. Companies need to start learning some obvious lessons.
Information Management Resources
AUGUST 14, 2019
While much is written on the constant advances in technologies, it can be easy to overlook the impact that these changes have on the way that IT and data professionals work.
Let's personalize your content