Mon.Aug 17, 2020

article thumbnail

Fraudsters Putting on the Ritz

Data Breach Today

Luxury London Hotel Investigates 'Food and Beverage Reservation System' Data Breach Scammers have reportedly been putting one over on customers of the famous Ritz London, which says it is "aware of a potential data breach within our food and beverage reservation system, which may have compromised some of our clients' personal data." No payment card data was exposed, it says.

article thumbnail

NEW TECH: A better way to secure agile software — integrate app scanning, pen testing into WAF

The Last Watchdog

The amazing array of digital services we so blithely access on our smartphones wouldn’t exist without agile software development. Related: ‘Business logic’ hacks on the rise Consider that we began this century relying on the legacy “waterfall” software development process. This method required a linear plan, moving in one direction, that culminated in a beta deliverable by a hard and fast deadline.

Security 189
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How AI Can Help to Combat Fraud

Data Breach Today

Analytical Steps to Take After a Data Breach After a data breach, organizations should use artificial intelligence to help combat fraud, says Jim Van Dyke, CEO at the security firm Breach Clarity, who offers strategic insights.

article thumbnail

The Schrems II decision – some EU data exporters will face a huge task to work out whether SCCs are sufficient

Data Protector

Many privacy professionals will be shocked to learn that, in terms of safeguarding personal data flows from an EU to a non-EU country, in the absence of an adequacy decision, more is required than simply slipping the right set of SCCs into a vendor contract. The CEJU has clarified that one of the key tasks facing data exporters, when considering whether SCCs are appropriate, is to consider whether there is a conflict between the protections afforded by the SCCs and other local laws, particularly

GDPR 156
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Credential-Stuffing Attacks Affect Canadian Services

Data Breach Today

Government Investigating 2 Incidents That Targeted Thousands of Accounts The Canadian government is investigating two credential-stuffing incidents that affected some of the country's most essential services, including taxation, healthcare, welfare benefits and immigration.

More Trending

article thumbnail

Incident Response: Taking a More Deliberate Approach

Data Breach Today

Kelvin Coleman of National Cyber Security Alliance Offers Guidance Organizations in all sectors need to take a more deliberate approach to incident response, says Kelvin Coleman, executive director of the National Cyber Security Alliance, who offers guidance.

Security 297
article thumbnail

Privacy Shield shafted – but do SCCs really deliver better privacy protections?

Data Protector

Here we go again. The compulsory Sunday morning church services for all Anglicans at my boarding school served as an opportunity for The Reverend James Culross, (or Druid, as we boys affectionately called him), to churn out stuff from the Book of Common Prayer. It was stuff designed to cleanse our souls and provide us with helpful words of comfort, to prepare us for the horrors that would be inflicted upon each and every one of us during the school week ahead.

Privacy 156
article thumbnail

Technical Woes Hamper California's COVID-19 Data Collection

Data Breach Today

Expired Credentials, Server Outage Lead to Inaccurate Tally An expired digital certificate for Quest Diagnostics, a major test provider, and several technology woes temporarily prevented the state of California from receiving timely COVID-19 lab test data, resulting in an inaccurate tally of cases.

article thumbnail

Data Protection: Whither the EU’s SCCs …

Data Protector

It is possible that the European Commission will fail to provide the UK with a data protection adequacy assessment by the end of the year. It is also possible that, in the near future, the EU will publish revised sets of Standard Contractual Clauses to replace the existing SCCs in a bold effort to ensure that flows of personal data outside the European Union remain suitably protected.

GDPR 120
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

One Malicious Link Unlocks Alexa's Voice History

Data Breach Today

Amazon Has Patched the Issues, Says Demo Video Is Misleading Researchers at Check Point developed a one-click attack against Amazon's popular voice-controlled assistant Alexa that could reveal a user's voice history or personal information. Amazon has fixed the web application security flaws but says Check Point's demo video is misleading.

Security 223
article thumbnail

Technology giant Konica Minolta hit by a ransomware attack

Security Affairs

IT giant Konica Minolta was hit with a ransomware attack at the end of July, its services have been impacted for almost a week. A ransomware attack has impacted the services at the business technology giant Konica Minolta for almost a week, the attack took place at the end of July. Konica Minolta is a Japanese multinational technology company headquartered in Marunouchi, Chiyoda, Tokyo, with offices in 49 countries worldwide.

article thumbnail

GDPR supervisory authorities issued £2.6 million in fines in Q2 2020

IT Governance

In the second quarter of 2020, data protection bodies across Europe issued at least 46 administrative fines under the GDPR (General Data Protection Regulation) , with the penalties totalling nearly €2.9 million (£2.6 million). This is a sharp decrease on Q1, which saw more than £45 million in fines – something that is to be expected given the disruption caused by COVID-19.

GDPR 128
article thumbnail

Thousands of Canadian government accounts hacked, Treasury Board of Canada Secretariat say

Security Affairs

The Treasury Board of Canada Secretariat confirmed that thousands of user accounts for online Canadian government services were recently hacked. According to a press release issued by the Treasury Board of Canada Secretariat, thousands of user accounts for online government services were recently hacked. The hackers targeted the GCKey service with credential stuffing attacks, the service is used by some 30 federal departments and Canada Revenue Agency accounts.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

The IT Backbone of Cybercrime

Dark Reading

Like their counterparts who run legitimate businesses, cybercriminals need hosting and cybersecurity protection, too.

IT 144
article thumbnail

CISA warns of phishing attacks delivering KONNI RAT

Security Affairs

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert related to attacks delivering the KONNI remote access Trojan (RAT). The Cybersecurity and Infrastructure Security Agency (CISA) has published an alert to provide technical details on a new wave of attacks delivering the KONNI remote access Trojan (RAT). The KONNI RAT was first discovered in May 2017 by researchers from the Cisco Talos team after it was employed in attacks aimed at organizations linked to North Korea.

Phishing 121
article thumbnail

Age Appropriate Design Code Set to Come into Force

Hunton Privacy

The Age Appropriate Design Code (the “code”) created by the UK Information Commissioner’s Office (the “ICO”) has completed the Parliamentary process and was issued by the ICO on August 12, 2020. It will come into force on September 2, 2020, with a 12-month transition period for online services to conform to the code. The code sets out the standards that online services must meet in order to protect children’s privacy.

article thumbnail

REvil Ransomware Hits Jack Daniel's Manufacturer

Dark Reading

Attackers who targeted US spirits manufacturer Brown-Forman reportedly stole a terabyte of confidential data.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

How to Narrow Down a List of Virtual Data Room Providers

OneHub

A virtual data room , or VDR, is a secure virtual storage space typically used by companies to store valuable documents, confidential information, and data pertaining to their business processes, employees, and/or clients. VDRs help companies increase their reach and productivity without compromising professionalism or security. However, not all virtual data room software is created equal.

article thumbnail

‘EmoCrash’ Exploit Stoppered Emotet For 6 Months

Threatpost

A researcher developed a killswitch exploiting a buffer overflow in Emotet - preventing the malware from infecting systems for six months.

Security 112
article thumbnail

Advent Completes Forescout Purchase

Dark Reading

The purchase by a private equity fund was announced in February and completed today.

140
140
article thumbnail

Cyberattacks Hit Thousands of Canadian Tax, Benefit Accounts

Threatpost

The Canada Revenue Agency (CRA) suspended online services after accounts were hit in a third wave of credential stuffing attacks this weekend - giving bad actors access to various government services.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Cybersecurity Companies Among Smaller Firms Hit with Brand Spoofing

Dark Reading

Researchers find smaller organizations, including some in the cybersecurity space, increasingly targeted with these impersonation attacks.

article thumbnail

Jack Daniels, Ritz London Face Cyberattacks

Threatpost

The REvil ransomware and savvy phone scammers have exposed sensitive information.

article thumbnail

Firms Still Struggle to Prioritize Security Vulnerabilities

Dark Reading

Security debt continues to pile up, with 42% of organizations attributing remediation backlogs to a breach, a new study shows.

Security 135
article thumbnail

Robocall Results from a Telephony Honeypot

Schneier on Security

A group of researchers set up a telephony honeypot and tracked robocall behavior : NCSU researchers said they ran 66,606 telephone lines between March 2019 and January 2020, during which time they said to have received 1,481,201 unsolicited calls -- even if they never made their phone numbers public via any source. The research team said they usually received an unsolicited call every 8.42 days, but most of the robocall traffic came in sudden surges they called "storms" that happened at regular

Honeypots 102
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Reported Breach Count for H1 2020 Lowest in Five Years

Dark Reading

While reported breach numbers are down, a handful of "mega" breaches resulted in more data records being exposed than ever before, analysis shows.

94
article thumbnail

Missed the ARMA conference early bird deadline? Save money with the exclusive IG GURU promo code

IG Guru

When you sign up for ARMA InfoCon enter code IGGURU2020 and save $200 on your registration! The post Missed the ARMA conference early bird deadline? Save money with the exclusive IG GURU promo code appeared first on IG GURU.

article thumbnail

Should I Segment my IoT Devices Onto Their Own Networks?

Dark Reading

Understanding the criticality and importance of the device determines the level of segmentation.

IoT 98