IT Governance

AUGUST 23, 2019

Anyone looking for guidance on the basic steps they should take to keep their organisation secure should follow Cyber Essentials. This UK government scheme sets out five controls that can protect organisations from the most common types of cyber attack. It doesn’t have the same in-depth focus as ISO 27001 , the international standard for information security, but it’s a perfect solution for those who want to ensure that the fundamentals are being covered.

GDPR 76

GDPR Phishing Passwords Risk 76

Data Breach Today

AUGUST 23, 2019

Bona Fide Hacktivism Plummets, While Nation-State False-Flag Operations Continue Where have all the hacktivists gone? While the likes of Anonymous, AntiSec and LulzSec became household names in the early 2010s, in the past three years the number of website hacks, defacements and information leaks tied to bona fide hacktivists has plummeted.

217

217

AIIM

AUGUST 23, 2019

There is a growing disconnect in organizations between their desire for process automation and the information that is needed to drive those processes. 54% of the information needed within a particular business application is stored within the application itself rather than within a dedicated content repository, a percentage that has remained remarkably consistent over the past five years.

ECM 111

ECM Customer Experience Digital transformation Paper 111

Data Breach Today

AUGUST 23, 2019

Indictment Describes Fraud Schemes Involving Theft of Millions Eighty suspects, most of them Nigerian nationals, have been indicted on charges of running global business email compromise and romance scams that led to millions of dollars in fraud and allegedly involved a complex money-laundering operation.

205

205

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Security Affairs

AUGUST 23, 2019

Hackers are exploiting recently disclosed flaws in enterprise virtual private network (VPN) products from Fortinet and Pulse Secure. The popular cybersecurity expert Kevin Beaumont has observed threat actors attempting to exploit the CVE-2018-13379 in the FortiOS SSL VPN web portal and CVE-2019-11510 flaw in Pulse Connect Secure. Fortigate Fortinet SSL VPN is being exploited in the wild since last night at scale using 1996 style././ exploit – if you use this as a security boundary, you wan

Security 109

Security Access Cybersecurity IT 109

WIRED Threat Level

AUGUST 23, 2019

The threat of cyberwar looms over the future: a new dimension of conflict capable of leapfrogging borders and teleporting the chaos of war to civilians thousands of miles beyond its front.

IT 106

IT Security 106

Data Breach Today

AUGUST 23, 2019

FireEye Describes How Groups Are Gathering Data Chinese advanced persistent threat groups are targeting cancer research organizations across the globe with the goal of stealing their work and using it to help the country address growing cancer rates among its population, according to researchers at cybersecurity company FireEye.

Cybersecurity 181

Cybersecurity IT 181

Security Affairs

AUGUST 23, 2019

The Ukrainian Secret Service is investigating the case of employees at a nuclear power plant that connected its system online to mine cryp tocurrency. The Ukrainian Secret Service (SBU) launched an investigation after employees at a local nuclear power plant connected some systems of the internal network to the Internet to mine cryptocurrency. The incident was first reported by the Ukrainian news site UNIAN.

Mining 101

Mining Military Security Access 101

Data Breach Today

AUGUST 23, 2019

The latest edition of the ISMG Security Report analyzes the ransomware attack on Texas municipalities as part of a broader trend. Also featured: An initiative designed to safeguard the 2020 presidential elections and a CIO's third-party risk management efforts.

Ransomware 169

Ransomware Risk Security 169

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Security Affairs

AUGUST 23, 2019

Researchers at Pen Test Partners (PTP) discovered a privilege-escalation vulnerability in Lenovo Solution Centre (LSC) tracked as CVE-2019-6177. Security experts at Pen Test Partners (PTP) discovered a privilege-escalation vulnerability in Lenovo Solution Centre (LSC) that exists since 2011. “A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege esca

Authentication 91

Authentication Access Security IT 91

Data Breach Today

AUGUST 23, 2019

Account takeover continues to be a lucrative path for fraudsters across all industry sectors. But Scott Olson of iovation says there are different levels of defense that can be deployed, based on the risk of specific types of transactions.

Risk 160

Risk 160

Schneier on Security

AUGUST 23, 2019

There was a DefCon talk by someone with the vanity plate "NULL." The California system assigned him every ticket with no license plate: $12,000. Although the initial $12,000-worth of fines were removed, the private company that administers the database didn't fix the issue and new NULL tickets are still showing up. The unanswered question is: now that he has a way to get parking fines removed, can he park anywhere for free?

90

90

Data Breach Today

AUGUST 23, 2019

Virtualization and Cloud Giant Also Buying Pivotal VMware is acquiring cloud security firm Carbon Black in a $2.1 billion cash deal to bolster the virtualization giant's security portfolio. It's also acquiring Pivotal, a company that focuses on helping its customers build applications in the cloud as well as through new technologies such as containers.

Security 153

Security Cloud IT 153

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Dark Reading

AUGUST 23, 2019

Ransomware writers are now targeting cloud service providers with network file encryption attacks as a way to hold hostage the maximum number of customers that they can, notes Chris Morales, head of security analytics for Vectra. He also discusses Vectra's new ransomware report, which offers tips for protecting against virtual hostage taking.

Ransomware 89

Ransomware Cloud IT Analytics 89

Security Affairs

AUGUST 23, 2019

Mastercard disclosed a data breach that impacted customer data from the company’s Priceless Specials loyalty program. The American multinational financial services corporation noti f ied the data breach to the German and Belgian Data Protection Authorities. The data leaked online includes customers’ names, payment card numbers, email addresses, home addresses, phone numbers, gender, and dates of birth. “ The Belgian Data Protection Authority (DPA) as well as the Hessian autho

Data breaches 87

Data breaches Financial Services Passwords Security 87

Dark Reading

AUGUST 23, 2019

Lots of re-used code, cost pressures and long lead times for application software all lead to porous security where application software is concerned, says Chris Eng, Chief Research Officer for Veracode. But an emerging role he calls a "security champion" can help circumvent those problems and make apps safer for everyone.

Security 80

Security 80

Security Affairs

AUGUST 23, 2019

Experts at Trend Micro discovered a new variant of the Asruex Trojan that exploits old Microsoft Office and Adobe vulnerabilities to infect systems. Malware researchers at Trend Micro discovered a new variant of the Asruex Trojan that exploits old Microsoft Office and Adobe vulnerabilities to infect Windows and Mac systems. Asruex first appeared in the threat landscape 2015, researchers linked it to the spyware used by the DarkHotel APT group. “However, when we encountered Asruex in a PDF

File names 85

File names Phishing Encryption Security 85

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Dark Reading

AUGUST 23, 2019

The following hardware and software options will amplify your know-how about artificial intelligence and how to apply it to security - without busting any budgets.

Artificial Intelligence 83

Artificial Intelligence Security IT 83

Threatpost

AUGUST 23, 2019

From a backdoor placed in the Webmin utility to vulnerability disclosure drama around zero-days in Valve's Steam gaming clients, Threatpost breaks down this week's top stories.

Data Privacy 77

Data Privacy Privacy Security 77

OpenText Information Management

AUGUST 23, 2019

The terms environmental social governance, enterprise risk management and corporate social responsibility (CSR) are phrases that have been prominent in business over the past few years. But what do these terms mean for the average company, and how do they apply to enterprise software? These are some of the questions our CEO and CTO Mark … The post It’s not just about doing more good, it’s also about doing less bad appeared first on OpenText Blogs.

Government 70

Government Risk Digital transformation 70

Threatpost

AUGUST 23, 2019

Researchers warn users of several plugins to update as vulnerabilities are being actively exploited to redirect website visitor traffic.

Security 75

Security 75

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Dark Reading

AUGUST 23, 2019

Knowing the methods of the attacker, as laid out in the federal indictment, allow us to prevent similar attacks.

Security 81

Security 81

Threatpost

AUGUST 23, 2019

Security researchers at Pen Test Partners have found a privilege escalation flaw in the much-maligned Lenovo Solution Center software.

Security 73

Security Privacy 73

Dark Reading

AUGUST 23, 2019

A group of mostly Nigerian nationals attempted to steal $46 million through business email compromise and romance scams, the FBI reports.

70

70

Security Affairs

AUGUST 23, 2019

Cisco provided updates for security advisories for three flaws affecting Cisco Small Business 220 Series Smart Switches patched in early August. Cisco has updated security advisories for three vulnerability in Cisco Small Business 220 Series Smart Switches that have been patched in early August. The three vulnerabilities were reported by the security researcher Pedro Ribeiro, aka ‘ bashis ‘, via Cisco’s VDOO Disclosure Program.

Authentication 56

Authentication Security IT Information Security 56

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Dark Reading

AUGUST 23, 2019

Containers, virtual machines, and the advent of DevOps as a software creation tool all put new pressures on organizations' security strength, according to Dan Hubbard, CEO of Lacework. Cloud's ability to offer scale, capacity, and processing power may even exacerbate the vulnerabilities unless properly managed, he adds.

Security 59

Security Cloud 59

Adam Levin

AUGUST 23, 2019

MoviePass confirmed a data breach that exposed customer data on an unprotected database. The incident included credit card numbers. Researchers discovered the database online on a subdomain of MoviePass with no password protection. The subdomain contained 161 million records. At least 58,000 records on the database contained customer card and credit card information, as well as names, email addresses, and what appears to be password data from failed login attempts. .

Data breaches 50

Data breaches Passwords Access Security 50

Dark Reading

AUGUST 23, 2019

Techniques too tough for quantum computing solutions will be part of public cloud and tape storage encryption.

Encryption 76

Encryption Cloud 76