Tue.Jul 23, 2019

article thumbnail

Consumer Advocates Criticize Equifax Settlement Plan

Data Breach Today

Two States Sit Out Proposed Settlement and Continue Their Own Lawsuits Equifax's move to settle federal and 48 states' probes, as well as class action lawsuits, would see breach victims being able to claim up to $20,000 for unreimbursed expenses. But some consumer advocates and government officials say the proposed deal is insufficient, given the magnitude of Equifax's failures.

article thumbnail

Protecting America’s Critical Infrastructure

Thales Cloud Protection & Licensing

From taking a shower, to brewing your coffee, and watching the news, your morning routine is fueled by the energy sector. If you’re like millions of other Americans, your TV is connected to the Internet and uses technology generated from the nation’s power grid. But the energy sector also underpins our emergency and response systems, our hospitals and healthcare, our schools, our businesses, and virtually everything we do as a society.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Yet Again, More Victims Added to AMCA Breach Tally

Data Breach Today

'It's Like Watching a Train Wreck in Slow Motion' The list of laboratories and other healthcare clients affected by the data breach at American Medical Collection Agency continues to grow - as does the number of patients whose data may have been exposed. Here's the latest tally.

article thumbnail

The War for Cyber Talent Will Be Won by Retention not Recruitment

Dark Reading

Six steps for creating a work environment that challenges, stimulates, rewards, and constantly engages employees fighting the good fight against cybercriminals.

109
109
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

iNSYNQ Continues Recovery From MegaCortex Ransomware Attack

Data Breach Today

Cloud Hosting Provider's Customers Affected A week after a ransomware attack locked up customer files and data at online cloud hosting provider iNSYNQ, the company is continuing to recover and restore its internal infrastructure. It remains unclear how much longer this process will take, the company acknowledges.

More Trending

article thumbnail

Cloud IAM: Integration Issues

Data Breach Today

A major misconception about cloud IAM is that it's easy to implement, says Mark Perry, CTO for APAC at Ping Identity. Implementation poses challenges, and cloud IAM must be carefully integrated with other systems, he says.

Cloud 179
article thumbnail

China-Linked APT15 group is using a previously undocumented backdoor

Security Affairs

ESET researchers reported that China-linked cyberespionage group APT15 has been using a previously undocumented backdoor for more than two years. Security researchers at ESET reported that China-linked threat actor APT15 (aka Ke3chang , Mirage , Vixen Panda , Royal APT and Playful Dragon) has been using a previously undocumented backdoor for more than two years.

article thumbnail

Re-Thinking Supply Chain Security

Data Breach Today

When it comes to supply chain risk, many organizations overlook how dependent they are on those critical relationships, says Matt Kraning of Expanse. As a result, they are minimizing serious security vulnerabilities. Kraning offers insights on re-thinking that dynamic.

Security 143
article thumbnail

Popular Samsung, LG Android Phones Open to ‘Spearphone’ Eavesdropping

Threatpost

A Spearphone attacker can use the accelerometer in LG and Samsung phones to remotely eavesdrop on any audio that's played on speakerphone, including calls, music and voice assistant responses.

Privacy 83
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Science Fiction Writers Helping Imagine Future Threats

Schneier on Security

The French army is going to put together a team of science fiction writers to help imagine future threats. Leaving aside the question of whether science fiction writers are better or worse at envisioning nonfictional futures, this isn't new. The US Department of Homeland Security did the same thing over a decade ago, and I wrote about it back then: A couple of years ago, the Department of Homeland Security hired a bunch of science fiction writers to come in for a day and think of ways terrorists

Risk 79
article thumbnail

VLC Media Player Plagued By Unpatched Critical RCE Flaw

Threatpost

A patch does not yet exist for a critical buffer overflow vulnerability in VLC Media Player that could enable remote code execution.

94
article thumbnail

Comodo Antivirus is affected by several vulnerabilities

Security Affairs

Experts discovered several flaws in Comodo Antivirus, including a vulnerability that could allow to escape the sandbox and escalate privileges. The Tenable expert David Wells discovered five flaws in the Comodo Antivirus and Comodo Antivirus Advanced. Four of the vulnerabilities affect were version 12.0.0.6810 and one the version 11.0.0.6582. The most severe flaw, tracked as CVE=2019-3969, could be exploited by an attacker with access to the target system to escape the Comodo Antivirus sandbox a

Access 76
article thumbnail

5 essential controls to include in your cyber security checklist

IT Governance

Achieving effective cyber security doesn’t have to be a long and expensive process. There are many simple controls you can implement to boost your defences. Let’s take a look at five of these must-have measures. Staff awareness training. The more you know, the better prepared you are. Training courses show staff how security threats affect them and help them apply best-practice advice to real-world situations.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

CNIL Publishes New Guidelines on Cookies and Similar Technologies

Hunton Privacy

On July 18, 2019, the French Data Protection Authority (the “CNIL”) published new guidelines on cookies and similar technologies (the “Guidelines”). As announced by the CNIL in its action plan on targeted advertising for 2019-2020, its 2013 cookie guidance is no longer valid in light of the strengthened consent requirements of the EU General Data Protection Regulation (“GDPR”).

GDPR 74
article thumbnail

Introducing OpenText Industrial Grid

OpenText Information Management

In my previous blogs I’ve mentioned a wide range of technology-driven solutions, from digital twins to collaborative robots that leverage IoT to do business smarter or faster. One topic that’s underpinned my blogs is the need for a secure IoT network to deliver on the promise of Industry 4.0. Failing to attest and secure IoT … The post Introducing OpenText Industrial Grid appeared first on OpenText Blogs.

IoT 73
article thumbnail

A new ProFTPD vulnerability exposes servers to hack

Security Affairs

A flaw in the open-source ProFTPD file transfer protocol (FTP) server can be exploited to copy files to vulnerable servers and potentially execute arbitrary code. The security researcher Tobias Mädel discovered a vulnerability in the open-source ProFTPD file transfer protocol (FTP) server that can be exploited to copy files to vulnerable servers and potentially execute arbitrary code. “Tobias Mädel has identified a vulnerability in ProFTPd’s mod_copy. mod_copy is supplied in the def

article thumbnail

Russia Attempted to De-Anonymize Tor Browser: Report

Dark Reading

An attempt to crack Tor was one of many projects hackers discovered when they broke into Russian intelligence contractor SyTech.

87
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Experts spotted P2P worm spreading Crypto-Miners in the wild

Security Affairs

Malware researchers at Yoroi-Cybaze Z-Lab have discovered a P2P worm that is spreading Crypto-Miners in the wild. Introduction. In the past months we published a white paper exploring the risks that users can encounter when downloading materials from P2P sharing network, such as the Torrent one. We discussed how crooks easily lure their victims to download malware along with the desired content.

article thumbnail

Penetration Test Data Shows Risk to Domain Admin Credentials

Dark Reading

But gaining a foothold on the LAN via vulnerabilities on Internet-facing assets is becoming harder, Rapid7 found in its real-world pen tests.

Risk 81
article thumbnail

How to Watch Robert Mueller's Testimony—and What to Expect

WIRED Threat Level

Robert Mueller will testify before Congress Wednesday in two separate hearings. You can watch it right here, but first make sure to manage your expectations.

IT 76
article thumbnail

DHS's Bob Kolasky Goes All in on Risk Management

Dark Reading

As director of the DHS's National Risk Management Center, measuring and managing risk for critical infrastructure across 16 industrial sectors, Kolasky stands at a busy crossroads.

Risk 66
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Equifax to pay £561 million to settle data breach

IT Governance

Equifax has agreed to pay up to $700 million (about £561 million) as part of a settlement with US regulators following its mammoth data breach in 2017. The FTC (Federal Trade Commission) claimed that Equifax hadn’t taken reasonable steps to secure its systems, which led to the records of more than 147 million people being compromised. The majority of the victims are based in the US, but the Telegraph believes that as many as 44 million people in the UK were affected through companies such as BT,

article thumbnail

Business Email Compromise: Thinking Beyond Wire Transfers

Dark Reading

As BEC continues to drive record-high losses, cybercriminals devise new tactics for swindling corporate targets out of millions.

80
article thumbnail

WordPress Plugin Flaws Exploited in Ongoing Malvertising Campaign

Threatpost

An ongoing malvertising campaign is exploiting WordPress plugin vulnerabilities to redirect website visitors to malicious pages.

article thumbnail

New IPS Architecture Uses Network Flow Data for Analysis

Dark Reading

Can a stream of data intended for network performance monitoring be the basis of network security? One company says the answer is 'yes.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Security pros are paranoid. Maybe we should all follow suit

Information Management Resources

Attackers are able to evade detection, disappear without a trace, automate their attacks, never leave the same set of fingerprints and fool even the savviest among us with spear phishing and social engineering schemes.

article thumbnail

UK decision to deny EU citizens access to data challenged in court

The Guardian Data Protection

Lawyers say blocking right to records could lead to Home Office errors going unchecked The government has been taken to court over its decision to deny European citizens the right to access data the Home Office holds on individuals in immigration cases. In a high court judicial review, campaigners for EU citizens allege that a clause in the Data Protection Act 2018 unlawfully excludes them from rights they would otherwise hold to access private data held by third parties.

Access 55
article thumbnail

CISA Warns Public About the Risks of 5G

Dark Reading

Vulnerabilities include everything from physical risks through the supply chain to business risks.

Risk 76