Krebs on Security

SEPTEMBER 27, 2018

The U.S. Secret Service is warning financial institutions about a recent uptick in a form of ATM skimming that involves cutting cupcake-sized holes in a cash machine and then using a combination of magnets and medical devices to siphon customer account data directly from the card reader inside the ATM. According to a non-public alert distributed to banks this week and shared with KrebsOnSecurity by a financial industry source, the Secret Service has received multiple reports about a complex form

Communications 234

Communications Security IT 234

Data Breach Today

SEPTEMBER 27, 2018

Cybersecurity Unit Would Be Part of a Center of Excellence for Digital Health The Food and Drug Administration plans to launch a new digital health "center of excellence" that includes a cybersecurity unit. The new unit would not only deal with cyber issues pertaining to new health technologies, but also challenges facing older medical devices.

IT 188

IT Cybersecurity 188

AIIM

SEPTEMBER 27, 2018

With a little more than 3 months left of 2018, many businesses are focusing on what goals they want to achieve in the New Year. While some have talked of digital transformation, there are still an alarming number of workplaces that have yet to fully embrace digitizing paper documents and processing digital documents. Make no mistake- if you want to achieve digital transformation and you've yet to take the leap into capturing documents, the time is now and we're here to help.

Digital transformation 106

Digital transformation Paper IT Information capture 106

IT Governance

SEPTEMBER 27, 2018

It’s time for the month’s list of breaches and cyber attacks, and it’s a big one. Almost 1 billion records were leaked this month – 925,633,824 to be exact. There were also a few more reported ransomware incidents than normal, some of which saw the victims paying the fine – something most security professionals advise against. The list tells me one thing: organisations need to get themselves ready for a data breach.

Data breaches 111

Data breaches Passwords Ransomware Phishing 111

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

Security Affairs

SEPTEMBER 27, 2018

Security experts from ESET have spotted the first UEFI rootkit of ever, the code tracked as LoJax was used in attacks in the wild. Security researchers from ESET have discovered a new piece of a sophisticated malware used by the Russia-linked Sednit group (aka Fancy Bear , APT28 , Pawn Storm , Sofacy Group , and STRONTIUM ) in targeted attacks aimed at government entities in the Balkans as well as in Central and Eastern Europe.

Military 106

Military Manufacturing Government Security 106

Security Affairs

SEPTEMBER 27, 2018

The popular Chinese hacking team Pangu has devised the iOS 12 Jailbreak running on the latest iPhone XS. Users wait for further details. Here we go again to speak about the notorious Chinese hacking team Pangu, the group is time popular for his ability to jailbreak Apple devices. This time the experts presented a jailbreak for iOS 12 running on the latest iPhone XS.

Authentication 98

Authentication Access Security 98

Schneier on Security

SEPTEMBER 27, 2018

Interesting research : In the team's experiments, one WiFi transmitter and one WiFi receiver are behind walls, outside a room in which a number of people are present. The room can get very crowded with as many as 20 people zigzagging each other. The transmitter sends a wireless signal whose received signal strength (RSSI) is measured by the receiver.

Paper 87

Paper IT 87

Security Affairs

SEPTEMBER 27, 2018

Experts from Talos continues to monitor the evolution of the VPNFilter malware, it is more powerful than previously thought. In May, security firm Talos along with other cybersecurity firms and law enforcement agencies have uncovered a huge botnet dubbed VPNFilter , composed of more than 500,000 compromised routers and network-attached storage (NAS) devices.

Communications 88

Communications Encryption Access Cybersecurity 88

Thales Cloud Protection & Licensing

SEPTEMBER 27, 2018

Companies in every sector have embraced digital transformation, backed by IoT initiatives, as the silver bullet to gain a competitive edge. IoT projects have the potential to streamline operations, create new revenue streams, and improve customer service through collection and analysis of data from a variety of IoT devices. But if organizations aren’t able to trust their devices or the data they produce, is there really a point to collecting this data in the first place?

IoT 79

IoT Digital transformation Security Authentication 79

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

HL Chronicle of Data Protection

SEPTEMBER 27, 2018

This is the fourth installment in Hogan Lovells’ series on the California Consumer Privacy Act. This post discusses litigation exposure that businesses collecting personal information about California consumers should consider in the wake of the California Legislature’s passage of the California Consumer Privacy Act of 2018 (CCPA). For several years, the plaintiffs’ bar increasingly has relied on statutes like the Confidentiality of Medical Information Act, Cal.

Privacy 81

Privacy Data breaches Insurance IT 81

National Archives Records Express

SEPTEMBER 27, 2018

On September 10, 2018, we posted our draft regulations for digitizing temporary records on the Federal Register. Instructions for leaving a comment can be found in the posting. Comments will be accepted until November 9, 2018. In tandem, we developed a FAQ document for agencies providing additional information and context about these proposed regulations.

76

76

Schneier on Security

SEPTEMBER 27, 2018

This one is from NIST: " Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks." It's still in draft. Remember, there are many others.

IoT 79

IoT Cybersecurity Privacy Risk 79

Troy Hunt

SEPTEMBER 27, 2018

Home again! Another NDC is down and I talk a little about how the talks were rated and about PubConf (make sure you get to one of these one day!) I've got another couple of weeks at home before any more travel and I'll talk more about the next things as they draw closer. This week, I'm on my new iPhone (which is very similar to my old iPhone), I'm talking about Uber getting fined, Cloudflare introducing some very cool new things, Firefox Monitor launching on top of the HIBP APIs and my newfound

IoT 74

IoT Access IT Security 74

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Threatpost

SEPTEMBER 27, 2018

More than 20 percent of GitHub repositories containing an attack tool or an exploit proof of concept (PoC) are written in Python.

Security 87

Security 87

Jamf

SEPTEMBER 27, 2018

As you may have heard, Jamf acquired Orchard & Grove, the makers of NoMAD. Have questions about what this means for you? Read this for answers to frequently asked questions.

71

71

IT Governance

SEPTEMBER 27, 2018

Big numbers this week: we discuss a data breach affecting 6.42 million SHEIN customers, a potential £30 million FCA fine for Tesco Bank, the UK’s new £250 million cyberwarfare unit, and a $148 million settlement for Uber. Hello and welcome to the IT Governance podcast for Friday, 28 September. Here are this week’s stories. The online fashion retailer SHEIN (I’ve probably pronounced that wrong) has said that it suffered a data breach from June to August this year involving the personal info

Data breaches 70

Data breaches Passwords Military Retail 70

Dark Reading

SEPTEMBER 27, 2018

Chronicle, the cybersecurity business under Alphabet, releases a major update to VirusTotal geared toward corporate threat hunters.

Cybersecurity 82

Cybersecurity 82

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

IBM Big Data Hub

SEPTEMBER 27, 2018

Daniel Hernandez, VP, IBM Analytics, shares news about IBM's Hortonworks partnership and why OpenShift, IBM Cloud Private, and IBM Cloud Private for Data are gaining momentum.

Cloud 69

Cloud Analytics 69

WIRED Threat Level

SEPTEMBER 27, 2018

For the first time, a so-called UEFI rootkit has been spotted in the wild. And it appears to come from Russia.

IT 88

IT Security 88

IT Governance

SEPTEMBER 27, 2018

If you suffer a data breach, compliance with the EU GDPR (General Data Protection Regulation) will help lessen the impact. But what happens if you’re not GDPR compliant? Below we compare the different stages of a breach for #BreachReady and non-#BreachReady organisations. . You suffer a breach . A staff member accidentally sends an email using Cc instead of Bcc , a criminal hacker gets into your system and steals data , or a disgruntled ex-employee deletes customer information on their last

Data breaches 67

Data breaches GDPR Compliance Risk 67

Dark Reading

SEPTEMBER 27, 2018

In the data-driven enterprise, myriad types of data have become a new form and flow of currency. Why, then, hasn't the CISO achieved parity with the CFO?

71

71

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

eSecurity Planet

SEPTEMBER 27, 2018

Vendors and industry associations put out a steady stream of research reports. What do 10 recent reports say about the state of IT security?

Risk 73

Risk Cybersecurity Security IT 73

Dark Reading

SEPTEMBER 27, 2018

The advanced persistent threat group's LoJax can install malware capable of surviving both OS reinstallation and hard disk replacement.

76

76

HL Chronicle of Data Protection

SEPTEMBER 27, 2018

Yesterday, the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) issued a Request for Comments (RFC) on a new consumer privacy approach that is designed to focus on outcomes instead of prescriptive mandates. The RFC presents an important opportunity for organizations to provide legal and policy input to the administration, and comments are due October 26.

Privacy 63

Privacy Data collection Risk Access 63

Dark Reading

SEPTEMBER 27, 2018

The year-long bug could have compromised interactions between customers and businesses, the social media firm reports.

81

81

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Threatpost

SEPTEMBER 27, 2018

A lack of authentication in Apple's Device Enrollment Program could allow attackers to scoop up Wi-Fi passwords and VPN configurations.

MDM 72

MDM Access Passwords Authentication 72

IT Governance

SEPTEMBER 27, 2018

Computer hackers are given a bad name by the media, usually portrayed as good-for-nothing criminals who sit in darkened rooms drinking gallons of Coke. Meanwhile, the few good guys are apparently oddballs and outsiders. They appear intermittently, typing furiously and spouting pseudo-tech babble to the hero, who replies: “English, please?!”. Hackers are important.

Access 61

Access Security 61

Andrew Hay

SEPTEMBER 27, 2018

If you’ve been in the information security field for at least a year, you’ve undoubtedly heard your organization defend the lack of investment in, change to or optimization of a cybersecurity policy, mitigating control or organizational belief. This “It hasn’t happened to us so it likely won’t happen” mentality is called optimism bias, and it’s an issue in our field that predates the field itself.

Cybersecurity 61

Cybersecurity Information Security Security IT 61