Wed.Dec 05, 2018

article thumbnail

GUEST ESSAY: Atrium Health data breach highlights lingering third-party exposures

The Last Watchdog

The healthcare industry has poured vast resources into cybersecurity since 2015, when a surge of major breaches began. While the nature of these breaches has evolved over the last four years, the growth in total healthcare incidents has unfortunately continued unabated. Related: How to get of HIPAA hit list. The recent disclosure from Atrium Health that more than 2.65 million patients had significant amounts of PII exposed by the healthcare provider’s third-party billing vendor, AccuDoc Solutio

article thumbnail

Phishing, Ransomware Attacks Continue to Menace Healthcare

Data Breach Today

Arizona Cancer Center a Recent Victim of Major Phishing Attack As the year winds down, phishing and ransomware attacks continue to plague the healthcare sector, as illustrated by recent breach reports. A hospital owned by Cancer Treatment Centers of America is among the latest phishing victims.

Phishing 188
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

CVE-2018-15982 Adobe zero-day exploited in targeted attacks

Security Affairs

Adobe released security updates for Flash Player that address two vulnerabilities, including a critical flaw, tracked as CVE-2018-15982, exploited in targeted attacks. Adobe fixed two flaws including a critical use-after-free bug, tracked as CVE-2018-15982, exploited by an advanced persistent threat actor aimed at a healthcare organization associated with the Russian presidential administration.

Archiving 104
article thumbnail

Black Hat Europe: The Power of Attribution

Data Breach Today

Estonia's Marina Kaljurand Calls for Greater Cyberattack Accountability To combat cyberattacks, more nations must not only hold nation-state attackers accountable, but better cooperate by backing each other's attribution, said Estonian politician Marina Kaljurand, who chairs the Global Commission on the Stability of Cyberspace, in her opening keynote speech at Black Hat Europe 2018.

179
179
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

A Shift from Cybersecurity to Cyber Resilience: 6 Steps

Dark Reading

Getting to cyber resilience means federal agencies must think differently about how they build and implement their systems. Here's where to begin.

More Trending

article thumbnail

Financial Services Data – More at risk than you’d believe

Thales Cloud Protection & Licensing

One of the top findings from the 2018 Thales Data Threat Report, Financial Services Edition was that data breaches in U.S. financial services organizations are increasing at an alarming rate. Not only are breaches at record highs – with 65% of U.S. IT security pros in financial services organizations reporting that their organization already had a data breach – but breaches are increasing at alarming rates.

article thumbnail

Facebook discussed cashing in on user data, emails suggest

The Guardian Data Protection

Social network staff apparently conversed about removing data restrictions for big ad spenders Facebook staff in 2012 discussed selling access to user data to major advertisers, before ultimately deciding to restrict such access two years later, according to a tranche of internal emails released by the UK parliament. The internal emails were obtained by the Commons digital, culture, media and sport (DCMS) committee last month after they had been disclosed, under seal, by Facebook as part of a la

Access 78
article thumbnail

How to create a risk assessment matrix

IT Governance

To comply with ISO 27001 , the international standard for information security, you need to know how to perform a risk assessment. This process is at the core of your compliance measures, as it helps you identify the threats you face and the controls you need to implement. To complete this process, you need a risk assessment matrix. What is a risk assessment matrix?

Risk 76
article thumbnail

Mozilla Releases Annual Privacy Guide to Holiday Shopping

Adam Levin

The Mozilla Foundation has released the second installation of *Privacy Not included, the organization’s annual privacy guide to internet-connected gifts. The list was started to promote the idea that privacy and security by design can and should be a major selling point. Mozilla is the non profit organization behind the popular open source Firefox web browser.

Privacy 75
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

3 business experts, 3 use cases on business-ready data

IBM Big Data Hub

Most businesses, independent of their business model, are concerned with compliance and profit. The business must comply with the law, regulations and conduct guidelines, and to be sustainable, the business must remain profitable.

article thumbnail

Toyota Builds Open-Source Car-Hacking Tool

Dark Reading

'PASTA' testing platform specs will be shared via open-source.

111
111
article thumbnail

14 Questions Robert Mueller Knows the Answer To

WIRED Threat Level

The Russia investigation's known unknowns give valuable hints about the special counsel's next moves.

article thumbnail

6 Ways to Strengthen Your GDPR Compliance Efforts

Dark Reading

Companies have some mistaken notions about how to comply with the new data protection and privacy regulation - and that could cost them.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

AOL Successor Agrees to Pay $4.95 Million in COPPA Enforcement Action

Hunton Privacy

On December 4, 2018, the New York Attorney General (“NY AG”) announced that Oath Inc., which was known as AOL Inc. (“AOL”) until June 2017 and is a subsidiary of Verizon Communications Inc., agreed to pay New York a $4.95 million civil penalty following allegations that it had violated the Children’s Online Privacy Protection Act (“COPPA”) by collecting and disclosing children’s personal information in conducting online auctions for advertising placement.

Privacy 61
article thumbnail

Starwood Breach Reaction Focuses on 4-Year Dwell

Dark Reading

The unusually long dwell time in the Starwood breach has implications for both parent company Marriott International and the companies watching to learn from.

71
article thumbnail

Quora data breach affects 100 million accounts

IT Governance

The question and answer site Quora has released information about a data breach it recently suffered. A post on its website reads: “We recently discovered that some user data was compromised as a result of unauthorized access to one of our systems by a malicious third party.”. Data affected. According to Quora, approximately 100 million users might have been affected.

article thumbnail

Google Cloud Security Command Center Now in Beta

Dark Reading

The beta release of Google Cloud SCC will include broader coverage across the cloud platform and more granular access controls, among other features.

Cloud 72
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

What machine learning means for software development

Information Management Resources

Machine learning is poised to change the nature of software development in fundamental ways, perhaps for the first time since the invention of FORTRAN and LISP.

article thumbnail

The Case for a Human Security Officer

Dark Reading

Wanted: a security exec responsible for identifying and mitigating the attack vectors and vulnerabilities specifically targeting and involving people.

article thumbnail

Improving engineer productivity at SMS group with OpenText Exceed TurboX

OpenText Information Management

As part of a global workforce of 13,500 employees, SMS group engineers perform countless complex calculations and simulations when designing and constructing solutions for clients. Historically, SMS group was reliant on expensive workstations, and urgently needed a more efficient, flexible and collaborative way to get things done. “In order to prepare finite element calculations, our … The post Improving engineer productivity at SMS group with OpenText Exceed TurboX appeared first on Open

58
article thumbnail

Windows 10 Security Questions Prove Easy for Attackers to Exploit

Dark Reading

New research shows how attackers can abuse security questions in Windows 10 to maintain domain privileges.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

White House Facial Recognition Pilot Raises Privacy Alarms

Threatpost

The facial recognition pilot will identify “subjects of interest" around the White House.

Privacy 79
article thumbnail

FTC Seeks Public Comment on Identity Theft Rules

Hunton Privacy

On December 4, 2018, the Federal Trade Commission published a notice in the Federal Register indicating that it is seeking public comment on whether any amendments should be made to the FTC’s Identity Theft Red Flags Rule (“Red Flags Rule”) and the duties of card issuers regarding changes of address (“Card Issuers Rule”) (collectively, the “Identity Theft Rules”).

Retail 50
article thumbnail

Symantec Intros USB Scanning Tool for ICS Operators

Dark Reading

ICSP Neural is designed to address USB-borne malware threats security.

article thumbnail

Kubernetes Flaw is a “Huge Deal,” Lays Open Cloud Deployments

Threatpost

Hackers can steal data, sabotage cloud deployments and more.

Cloud 70
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Former Estonian Foreign Minister Urges Cooperation in Cyberattack Attribution, Policy

Dark Reading

Nations must band together to face nation-state cyberattack threats, said Marina Kaljurand.

63
article thumbnail

New China Guideline for Internet Personal Information Security Protection

Data Protection Report

Introduction. On 30 November 2018 the Cyber Security Protection Bureau, under the auspices of the PRC Ministry of Public Security (the “MPS”), issued a draft Guideline for Internet Personal Information Security Protection (the “Guideline”) along with a request for public comments. Even though, upon reaching final form and taking effect, the Guideline will not be a mandatory regulation, it nonetheless has a key implementing role in relation to the PRC Cyber Security Law (the “CSL”) and the Admini

article thumbnail

Researchers: GDPR Already Having Positive Effect on Cybersecurity in EU

The Security Ledger

The General Data Privacy Regulation (GDPR) seems to already be having a positive effect on the state of cybersecurity in Europe less than seven months after it was enacted, showing that policy indeed can have a direct effect on organizations' security practices, security researchers said. The post Researchers: GDPR Already Having Positive Effect. Read the whole entry. » Related Stories Massive Marriott Breach Underscores Risk of overlooking Data Liability Data Breach Exposes Records of 114

GDPR 40