Wed.Aug 14, 2019

article thumbnail

20-Year-Old Bug in Legacy Microsoft Code Plagues All Windows Users

Threatpost

A bug in an obscure legacy Windows protocol can lead to serious real-world privilege-escalation attacks.

85
article thumbnail

Choice Hotels: 700,000 Guest Records Exposed

Data Breach Today

Vendor Copied Data Without Authorization; Left MongoDB Open to Internet Choice Hotels says about 700,000 records for guests were exposed after one of its vendors copied data from its systems. Fraudsters discovered the data and tried to hold the hotel chain to ransom, which it ignored.

IT 255
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Meet Bluetana, the Scourge of Pump Skimmers

Krebs on Security

“ Bluetana ,” a new mobile app that looks for Bluetooth-based payment card skimmers hidden inside gas pumps, is helping police and state employees more rapidly and accurately locate compromised fuel stations across the nation, a study released this week suggests. Data collected in the course of the investigation also reveals some fascinating details that may help explain why these pump skimmers are so lucrative and ubiquitous.

article thumbnail

Microsoft Issues Patches for BlueKeep-Like Vulnerabilities

Data Breach Today

Newly Discovered Bugs Can Carry Out Remote Code Execution Without User Interaction Microsoft has released a set of patches for two newly discovered BlueKeep-like vulnerabilities in a number of Windows operating systems. The "wormable" bugs in remote desktop services permit propagation of malware from one compromised device to others, the company reports.

147
147
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

NEW TECH: Trend Micro inserts ‘X’ factor into ‘EDR’ – endpoint detection and response

The Last Watchdog

With all the talk of escalating cyber warfare , the spread of counterfeit smartphones and new forms of self-replicating malware , I came away from Black Hat USA 2019 (my 15 th ) marveling, once more, at the panache of modern cyber criminals. Related: Lessons learned from Capital One breach Yet, I also had the chance to speak one-on-one with dozens of security vendors who are innovating like crazy to improve security.

Analytics 147

More Trending

article thumbnail

A Call to Service – Seeking Leaders to Help AIIM Soar to New Heights

AIIM

“To Fly. To Serve.” That’s the motto of British Airways, a carrier I have flown for many years. When I first saw those words displayed on a plaque in the cabin as I boarded my flight, I chuckled. At the time, they seemed rather pretentious for what has become a very commonplace, almost plebeian way to get folks from one place to another. Of course, the more I thought about it, the more I warmed to the seriousness with which somebody at BA viewed the enormous responsibility inherent in transporti

Education 104
article thumbnail

Major breach found in biometrics system used by banks, UK police and defence firms

The Guardian Data Protection

Fingerprints, facial recognition and other personal information from Biostar 2 discovered on publicly accessible database The fingerprints of over 1 million people, as well as facial recognition information, unencrypted usernames and passwords, and personal information of employees, was discovered on a publicly accessible database for a company used by the likes of the UK Metropolitan Police, defence contractors and banks.

Passwords 112
article thumbnail

GDPR Data Subject Access Requests: How to Respond

IT Governance

The EU GDPR (General Data Protection Regulation) grants data subjects the right to access their personal data. This is known as a DSAR (data subject access request). Subject access requests are not new, but the GDPR introduced several changes that make responding to them more challenging. Organisations now have less time to respond, and may no longer charge a fee (except in certain circumstances).

GDPR 94
article thumbnail

Attorney General Barr and Encryption

Schneier on Security

Last month, Attorney General William Barr gave a major speech on encryption policy­what is commonly known as "going dark." Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it. Some hold this view dogmatically, claiming that it is technologically impossible to provide lawful access without weakening security against unlawful access.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Flaws in HTTP/2 implementations expose servers to DoS attacks

Security Affairs

Experts at Netflix and Google discovered eight denial-of-service ( DoS ) vulnerabilities affecting various HTTP/2 implementations. Researchers from Netflix and Google discovered eight denial-of-service ( DoS ) flaws affecting various HTTP/2 implementations. Some of the flawed implementations belong to tech giants such as Amazon, Apple, Facebook, and Microsoft.

article thumbnail

Kostya and Me: How Sam Patten Got Ensnared in Mueller’s Probe

WIRED Threat Level

A political consultant crosses paths with Konstantin Kilimnik, Paul Manafort, and Cambridge Analytica, then becomes part of the Russia investigation.

article thumbnail

Microsoft Patch Tuesday for August 2019 patch 93 bugs, including 2 dangerous wormable issues

Security Affairs

Microsoft Patches Over 90 Vulnerabilities With August 2019 Updates. Microsoft Patch Tuesday security updates for August 2019 address more than 90 flaws, including two new ‘ wormable ‘ issues in Windows Remote Desktop Services. Microsoft Patch Tuesday security updates for August 2019 fix 93 vulnerabilities, including two new ‘ wormable ‘ issues in Windows Remote Desktop Services.

article thumbnail

Fingerprints of 1M Exposed in Public Biometrics Database

Threatpost

A publicly accessible database exposed the fingerprints and facial recognition information of millions, thrusting biometrics security into the spotlight once again.

Access 85
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

You Gotta Reach 'Em to Teach 'Em

Dark Reading

As threats continue to evolve and cybercriminals become more sophisticated, organizations that lack a mature security awareness and training program place themselves at serious risk.

article thumbnail

Czech Republic ‘s committee blames foreign state for Foreign Ministry Cyberattack

Security Affairs

A parliamentary committee in the Czech Republic blame s a foreign country state for a cyberattack that hit the C zech Foreig n Ministry. A parliamentary committee in the Czech Republic revealed that the National Cyber and Information Security Agency blamed a foreign state for a cyber attack that targeted the Czech Foreign Ministry. The committee did not reveal the name of the state allegedly involved in the attack. “The committee of the upper house of parliament said it received the findin

article thumbnail

BioStar 2 Leak Exposes 23GB Data, 1M Fingerprints

Dark Reading

Thousands of organizations, including banks, governments, and the UK Metropolitan Police, use the biometric security tool to authenticate users.

article thumbnail

Looking to start a career in cyber security?

IT Governance

IT Governance, part of GRC International Group, is looking to recruit recent graduates to join its successful Cyber Essentials consultancy as trainee assessors. Cyber Essentials is a baseline cyber security standard that is run by the NCSC (National Cyber Security Centre) on behalf of the UK government. Applicants must have degrees in networking, digital forensics, ethical hacking, or computer science, and strong technical knowledge of networking.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Financial Phishing Grows in Volume and Sophistication in First Half of 2019

Dark Reading

Criminals are using the tools intended to protect consumers to attack them through techniques that are becoming more successful with each passing month.

article thumbnail

Color-Coding (Part 3): Retention and disposition headaches? Add a splash of color!

TAB OnRecord

In a four-part blog series, we are focusing on color-coding. In part one we discussed the color-coded file folder and in part two we looked beyond the obvious and immediate benefits of color-coding. In this post we reveal how color-coding makes it easier to meet requirements for records retention and disposition – and avoids risk [.] Read More. The post Color-Coding (Part 3): Retention and disposition headaches?

article thumbnail

Attackers Try to Evade Defenses with Smaller DDoS Floods, Probes

Dark Reading

Cybercriminals are initiating more attacks using low-bandwidth techniques, but the tactics expand the gray area between DDoS attacks and popular methods of mass scanning.

77
article thumbnail

Security Patch Day for August includes the most critical Note released by SAP in 2019

Security Affairs

SAP Patches Highest Number of Critical Flaws Since 2014. SAP released Security Patch Day updates for August 2019 that address three critical vulnerabilities in the company’s products. SAP has released the Security Patch Day for August, this month the company addresses several flaws, including three critical vulnerabilities (Hot News), the highest number of critical flaws since 2014.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

GitHub Named in Capital One Breach Lawsuit

Dark Reading

A new lawsuit says that GitHub bears responsibility for the Capital One breach because it actively encourages hacking and stored stolen data.

IT 81
article thumbnail

3 Principles to move from AI Pilots to AI @ Scale

IBM Big Data Hub

In my last blog post , I covered how you can deliver an AI pilot in just eight weeks and at the same time design your program in a way to scale the AI across your enterprise. Culture, architecture and technology is fundamental to move from AI pilot to AI @ Scale. I also discussed how IBM is helping one of biggest ANZ-region banks to do AI @ Scale to deliver personalized offers using a bot to automate risk modeling and crediting the money in their customers’ accounts.

Risk 69
article thumbnail

Stronger Defenses Force Cybercriminals to Rethink Strategy

Dark Reading

Researchers see the rise of new relationships and attack techniques as criminals put companies' resilience to the test.

85
article thumbnail

Side-Channel Attack against Electronic Locks

Schneier on Security

Several high-security electronic locks are vulnerable to side-channel attacks involving power monitoring.

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Facebook Records User Audio, Sparking Privacy Questions

Threatpost

Hundreds of contractors reportedly were hired to transcribe Messenger voice chats in order to test the accuracy of an AI algorithm -- raising questions about what Facebook does with the data.

Privacy 61
article thumbnail

Why Companies Fail to Learn from Peers' Mistakes (and How They Can Change)

Dark Reading

Far too often, there's a new breach in the headlines. Companies need to start learning some obvious lessons.

81
article thumbnail

How advanced technologies can boost worker productivity and creativity

Information Management Resources

While much is written on the constant advances in technologies, it can be easy to overlook the impact that these changes have on the way that IT and data professionals work.

IT 66