Mon.Jul 16, 2018

article thumbnail

FBI: Global Business Email Compromise Losses Hit $12.5 Billion

Data Breach Today

'CEO Fraud' Remains Alive, Well and Underreported Known losses due to business email compromise have exceeded $12.5 billion worldwide, the FBI's Internet Complaint Center reports, adding that fraudsters are increasingly targeting the U.S. real estate sector with such scams.

150
150
article thumbnail

Time to Yank Cybercrime into the Light

Dark Reading

Too many organizations are still operating blindfolded, research finds.

48
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Privacy as a “Fundamental Right” Clouds Smart Regulation

Data Matters

*Originally Published July 12, 2018 by Chambers and Partners Data Protection & Cyber Security 2018. There is a lot going on with privacy around the world. As discussed in the chapters of this book, significant new laws are being adopted or taking effect, important judicial decisions are being decided to interpret existing legal requirements, and citizens are contending with their own expectations about confounding new technologies and business models.

Privacy 74
article thumbnail

‘LuminosityLink RAT’ Author Pleads Guilty

Krebs on Security

A 21-year-old Kentucky man has pleaded guilty to authoring and distributing a popular hacking tool called “ LuminosityLink ,” a malware strain that security experts say was used by thousands of customers to gain unauthorized access to tens of thousands of computers across 78 countries worldwide. The LuminosityLink Remote Access Tool (RAT) was sold for $40 to thousands of customers, who used the tool to gain unauthorized access to tens of thousands of computers worldwide.

Marketing 144
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Companies need CASBs now more than ever — to help secure ‘digital transformation’

The Last Watchdog

When I first wrote about Cloud Access Security Brokers in 2015, so-called CASBs were attracting venture capital by the truckloads — and winning stunning customer testimonials. CASBs (pronounced caz-bees) originally sought to resolve a fast rising security nightmare: Shadow IT. Related podcast: Web gateways emerge as crucial defense layer. Striving to be productive, well-intentioned employees raced out to subscribe to cloud-enabled storage services, collaboration suites and project manageme

More Trending

article thumbnail

RealNetworks Launches Free Facial Recognition Tool for Schools

WIRED Threat Level

A new facial recognition tool by RealNetworks aims to keep kids safe in school. But privacy experts fear the unchecked surveillance of kids could go awry.

Privacy 70
article thumbnail

10 Takeaways: Russian Election Interference Indictment

Data Breach Today

Alleged Playbook Included Phishing, Malware, False Identities, Bitcoin Payments The U.S. Justice Department's indictment of 12 Russian intelligence officers for attempting to interfere in the 2016 U.S. presidential election reveals new details about attackers' tactics - and failures - including using cryptocurrencies in an attempt to hide their tracks.

Phishing 124
article thumbnail

SRA warns about emails falsely claiming to be from a London law firm

IT Governance

The SRA (Solicitors Regulation Authority) has issued a warning about emails that falsely claim to be from London law firm Herbert Smith Freehills LLP. The SRA advised that such emails had been sent to a number of organisations. The emails relate to legal work apparently carried out by the sender and refer to an attached legal expenses invoice. The attachments were reported to include a fee summary and bank details for payment to be made.

article thumbnail

Travel-Related Breaches: Mitigating the Risks

Data Breach Today

Billings Clinic Employee's Email Hacking Incident Highlights Need for Precautions The hacking of an email account of a medical clinic employee during travels overseas demonstrates the risks posed to data when workers travel. Security experts offer insights on mitigating those risks.

Risk 113
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

ZoomEye IoT search engine cached login passwords for tens of thousands of Dahua DVRs

Security Affairs

A security researcher discovered that the IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs. The IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs, the discovery was made by security researcher Ankit Anubhav, Principal Researcher at NewSky Security. Anubhav explained that the passwords are related to Dahua DVRs running very old firmware that is known to be affected by a five-year-old vulnerability tracked as CVE-2013

IoT 60
article thumbnail

14 Million Verizon Customers Affected by Data Compromise

Adam Levin

The personal data for up to 14 million Verizon customers was discovered on an unprotected web server in late June by a cyber risk researcher. The Verizon customer data was posted to a publicly-accessible Amazon Web Server by an employee of Nice Systems, which is an enterprise software company. Included in this data was a wide range of personal information associated with anyone who had contacted Verizon’s customer service representatives over the last several months.

article thumbnail

Cyber Defense Magazine – July 2018 has arrived

Security Affairs

Cyber Defense Magazine July 2018 Edition has arrived. We hope you enjoy this month’s edition…packed with over 140 pages of excellent content. InfoSec Knowledge is Power. We have 6 years of eMagazines online with timeless content. Visit our online library by clicking here. Cyber Defense eMagazine. July 2018 Edition has arrived. We hope you enjoy this month’s edition…packed with 140 pages of excellent content.

article thumbnail

Less Than Half of Cyberattacks Detected via Antivirus: SANS

Dark Reading

Companies are buying next-gen antivirus and fileless attack detection tools but few have the resources to use them, researchers report.

61
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Dynamsoft’s Dynamic Web TWAIN SDK v14.0 Improves Workflow Efficiency with Enhanced Image Viewer

Info Source

VANCOUVER – July 16, 2018 – Dynamsoft has updated its Dynamic Web TWAIN document scanning software development kit (SDK) to version 14.0 with workflow efficiency increases when working with images and uploading files. The SDK is widely used to quickly add an online document scanner component to document management applications running in popular Internet browsers.

article thumbnail

Russian National Vulnerability Database Operation Raises Suspicions

Dark Reading

Recorded Future says Russia's Federal Service for Technical and Export Control has ability to find, weaponize vulnerabilities under cover of doing technology inspections.

51
article thumbnail

Code hosting service GitHub can now scan also for vulnerable Python code

Security Affairs

The code hosting service GitHub added Python to the list of programming languages that it is able to auto-scan for known vulnerabilities. Good news for GitHub users, the platform added Python to the list of programming languages that it is able to auto-scan for known vulnerabilities. In March, the code hosting service GitHub confirmed that the introduction of GitHub security alerts in November allowed obtaining a significant reduction of vulnerable code libraries on the platform.

article thumbnail

OpenText Enterprise World 2018 – Day Three

OpenText Information Management

It’s been an action-packed few days at Enterprise World 2018 in Toronto on the back of the big announcement of the release of next-generation platform OpenText™ OT2. On day one of Enterprise World 2018, Mark J. Barrenechea, Vice Chair, CEO and CTO, OpenText told the 4000 delegates about a “Mundus Novus” new world of challenges … The post OpenText Enterprise World 2018 – Day Three appeared first on OpenText Blogs.

45
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

10 Ways to Protect Protocols That Aren't DNS

Dark Reading

Here's how to safeguard three other network foundation protocols so they don't become weapons or critical vulnerabilities.

51
article thumbnail

Rethinking our approach to open-source data

Preservica

Featured in openforum.com.au this article by Melissa Liberatore discusses the importance of protecting and ensuring usability of open-source data and how Australia needs to take advantage of new technologies as they emerge and re-frame its approach to the security and preservation of open-source data. "Open-source data is built on the foundation of long-term useability, authenticity and reliability.

article thumbnail

Games and Cards

Adam Shostack

Emergynt has created the Emergynt Risk Deck , a set of 51 cards, representing actors, vulnerabilities, targets, consequences and risks. It’s more a discussion tool than a game, but I have a weakness for the word “emergent,” and I’ve added it to my list of security games. Also, Lancaster University has created an Agile Security Game.

Risk 40
article thumbnail

Ephesoft Releases Citizen Developer-Friendly Smart Capture® Integration During Microsoft Inspire 2018

Info Source

IRVINE, Calif. – July 16, 2018 – Ephesoft, an industry leader in supervised machine learning-based document capture and analytics solutions, announced today the release of its new Swagger/OpenAPI-web services for Ephesoft Transact, a simplified application programming interface (API) enabling the integration of Ephesoft’s document capture solutions into any OpenAPI-compliant application such as Microsoft Flow.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Records Storage Laws: Ensuring You Stay Compliant

Record Nations

Securely storing your important information doesn’t just make business sense—for most records it’s the law. Ranging from financial to healthcare and a range of other industries in between, it’s important to be sure you’re taking steps to stay compliant with laws like HIPAA and GLBA. In this video learn more about general storage necessities, retention […].

article thumbnail

What’s new about the latest release of OpenText RightFax?

OpenText Information Management

The latest release of OpenText™ RightFax™, RightFax 16 Enhancement Pack 4 (EP4) is packed with new features, functionality and add-on-modules designed to simplify your environment, add new visibility to traffic and improve the administrative and user experience. This release: Increases usability for both users and administrators Improves administrative visibility into the health of their RightFax … The post What’s new about the latest release of OpenText RightFax?

article thumbnail

Lenovo Reaches Proposed $8.3 Million Settlement Agreement

Hunton Privacy

On July 11, 2018, computer manufacturer Lenovo Group Ltd. (“Lenovo”) agreed to a proposed $8.3 million settlement in the hopes of resolving consumer class claims regarding pop-up ad software Lenovo pre-installed on its laptops. Lenovo issued a press release stating that, “while Lenovo disagrees with allegations contained in these complaints, we are pleased to bring this matter to a close after 2-1/2 years.” In June of 2014, Lenovo and Superfish, a software development company, entere

article thumbnail

Your Guide to SEC 17a-4 Compliance

Hanzo Learning Center

The SEC 17a-4 Backstory. In 1997, the Securities and Exchange Commission issued Rule 17a-4(f), which authorized broker-dealers to store their required books and records in electronic format. Broker-dealers who elected to store records electronically were required by the rule to retain a third party (D3P, for “Designated Third Party”) who had the ability to independently download electronically-stored information to another acceptable medium for the SEC’s review.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

How Elucd's 'Sentiment Meter' Helps Cops in LA and NYC Understand Their Precincts

WIRED Threat Level

Cops in LA, NYC, and beyond are using software from Elucd to figure out how the sentiments of the people they protect.

article thumbnail

India Telecom Regulator: Users Have Primary Data Rights

Dark Reading

Organizations 'should be restrained from using metadata to identify individual users,' says the Telecom Regulatory Authority of India.

article thumbnail

No Evidence of GandCrab Leveraging SMB Exploit – Yet

Threatpost

Researchers found a new version of GandCrab - but no evidence that the ransomware is using the same SMB exploit as Wannacry.