Tue.Aug 13, 2019

article thumbnail

Patch Tuesday, August 2019 Edition

Krebs on Security

Most Microsoft Windows (ab)users probably welcome the monthly ritual of applying security updates about as much as they look forward to going to the dentist: It always seems like you were there just yesterday, and you never quite know how it’s all going to turn out. Fortunately, this month’s patch batch from Redmond is mercifully light, at least compared to last month.

article thumbnail

Report: SEC Investigates First American Data Exposure

Data Breach Today

Title and Settlement Company Exposed Hundreds of Millions of Data Records The U.S. Securities and Exchange Commission is investigating the exposure of personal and mortgage-related records from First American Financial Corp., according to Brian Krebs. First American spent $1.7 million on the incident in its second quarter, but investigations and lawsuits are looming.

Security 211
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Payments and Security: Putting security where your money is

Thales Cloud Protection & Licensing

Originally published in Payments Journal on July 31, 2019. There’s a very tough question on the table that no one can afford to ignore: If more than half of global IT and security executives say they actively fear the exposure of payment card data and other personal identifiable information, why are 70% of them not deploying measures such as encryption to maintain security?

Security 115
article thumbnail

Elon Musk Wants to Hack Your Brain

Data Breach Today

Neuralink Pursues a Brain-Computer Interface; What Could Go Wrong? The news that serial entrepreneur Elon Musk and scientists have unveiled Neuralink - a neuroscience startup that's been in stealth mode for two years and aims to create a new computer/brain interface - might make you ask: What took him so long? Before signing up, just make sure it's immune to ransomware.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Google hacker discloses 20-year-old Windows flaw still unpatched

Security Affairs

Tavis Ormandy, white hat hacker at Google’s Project Zero Team, disclosed technical details of a 20-year-old Windows vulnerability that is still unpatched. The popular cyber security expert Tavis Ormandy, white hat hacker at Google’s Project Zero Team disclosed technical details of 20-year-old vulnerability that is still unpatched. The vulnerability, rated as high-severity, affects all versions of Microsoft Windows from Windows XP.

More Trending

article thumbnail

Flaws in 4G Routers of various vendors put millions of users at risk

Security Affairs

Security expert discovered multiple flaws in 4G routers manufactured by several companies, some of them could allow attackers to take over the devices. G Richter, a security researcher at Pen Test Partners discovered multiple vulnerabilities 4G routers manufactured by different vendors. The issue includes information leak flaws and code execution vulnerabilities.

Risk 95
article thumbnail

Health Data Breaches Involving Unencrypted Devices Reported

Data Breach Today

Despite the Decline of Such Incidents, Recent Breaches Serve as Reminders of Risks While health data breaches stemming from the loss or theft of unencrypted devices have nosedived in recent years, a handful of recent incidents serve as a reminder that these devices still can pose risks to patient data.

article thumbnail

How to manage content chaos

OpenText Information Management

ILTACON has been a staple for legal and IT professionals for over 40 years, and this year’s conference promises not to disappoint. The agenda is packed with sessions on collaboration, technological advancements and tangible takeaways that address the challenges law firms and corporate legal clients face on a daily basis. Spend less time searching for … The post How to manage content chaos appeared first on OpenText Blogs.

IT 90
article thumbnail

Cerberus, a new banking Trojan available as malware-as-a-service in the underground

Security Affairs

Security experts analyzed a new interesting Android banking Trojan, dubbed Cerberus, that is offered for rent by its author. A new malware-as-a- service dubbed Cerberus has emerged in the threat landscape, it is an Android RAT developed from scratch that doesn’t borrow the code from other malware. According to researchers at Threat Fabric who analyzed the threat, Cerberus implements features similar to other Android RAT, it allows operators to full control over infected devices.

Access 92
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Exploiting GDPR to Get Private Information

Schneier on Security

A researcher abused the GDPR to get information on his fiancee: It is one of the first tests of its kind to exploit the EU's General Data Protection Regulation (GDPR) , which came into force in May 2018. The law shortened the time organisations had to respond to data requests, added new types of information they have to provide, and increased the potential penalty for non-compliance.

GDPR 89
article thumbnail

How a 'NULL' License Plate Landed One Hacker in Ticket Hell

WIRED Threat Level

Security researcher Joseph Tartaro thought NULL would make a fun license plate. He's never been more wrong.

Security 111
article thumbnail

British Airways E-Ticketing Flaw Exposes Passenger Flight, Personal Data

Threatpost

A vulnerability in British Airways' e-ticketing system could enable a bad actor to view passengers' personal data or change their booking information.

article thumbnail

Moving on Up: Ready for Your Apps to Live in the Cloud?

Dark Reading

Among the complications: traditional security tools work poorly or not at all in the cloud, and if a company screws up, the whole Internet will know.

Cloud 80
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Adobe Patch Tuesday for August 2019 fixed 119 flaws in 8 products

Security Affairs

Adobe Patch Tuesday security updates for August 2019 addressed a total of 119 vulnerabilities affecting multiple products. Adobe Patch Tuesday security updates for August 2019 addressed 119 flaws in several products, including Effects, Character Animator, Premiere Pro, Prelude, Creative Cloud, Acrobat and Reader, Experience Manager, and Photoshop products. “Adobe has published security bulletins for Adobe After Effects CC ( APSB19-31 ), Adobe Character Animator CC ( APSB19-32 ), Adobe Prem

Cloud 69
article thumbnail

Microsoft Patches Wormable RCE Vulns in Remote Desktop Services

Dark Reading

Similar to the now-patched 'BlueKeep' vulnerability, two flaws fixed today could let malware spread across vulnerable computers.

85
article thumbnail

Cloud migration a longer, harder journey than most organizations expect

Information Management Resources

Accenture's Siki Giunta discusses the results of a new study on cloud migration efforts, and why so many organizations say they are disappointed with the results.

Cloud 71
article thumbnail

Does Personality Make You Vulnerable to Cybercrime?

Dark Reading

A new study explores the connections between personality traits and susceptibility to different cyberattacks.

84
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Employee experience drives customer experience

OpenText Information Management

The 2019 Financial Brand report showed that ‘removing friction from the customer journey’ is one of the key priorities within retail banking this year. For companies across finance to succeed, this focus on the customer must be matched with a focus on employees. Let me explain. How do you make yourself attractive to Millennials and … The post Employee experience drives customer experience appeared first on OpenText Blogs.

article thumbnail

The California Consumer Privacy Act's Hidden Surprise Has Big Legal Consequences

Dark Reading

The CCPA's provision devoted to 'reasonable' cybersecurity procedures and policies could trip up your business. Get ready now.

Privacy 78
article thumbnail

Monzo bank tells customers to change their PINs after security

IT Governance

The digital bank Monzo has told 480,000 customers to change their PINs after it discovered an error that allowed unauthorised staff to view sensitive information. Monzo said that it normally stored PINs in a “particularly secure” part of its systems that only select employees can access. However, on Friday, 2 August, it learned that it had been recording some people’s PINs in a different part of its system.

article thumbnail

700K Guest Records Stolen in Choice Hotels Breach

Dark Reading

Cybercriminals reportedly stole the information from an exposed MongoDB database on a third-party server.

85
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Say hello to Jamf Now Custom Profiles

Jamf

Custom Profiles gives you the benefit of unlimited configurations without sacrificing the simplicity of Jamf Now. Learn more.

71
article thumbnail

History Doesn't Repeat Itself in Cyberspace

Dark Reading

The 10th anniversary of the US Cyber Command is an opportunity to prepare for unknowns in the rapidly changing cybersecurity landscape.

article thumbnail

Say hello to Jamf Now Custom Profiles

Jamf

Custom Profiles gives you the benefit of unlimited configurations without sacrificing the simplicity of Jamf Now. Learn more.

71
article thumbnail

Orgs Doing More App Security Testing but Fixing Fewer Vulns

Dark Reading

On average, US organizations took nearly five months to fix critical vulnerabilities according to WhiteHat Security's annual vulnerability report.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

3 Tips to Ensure KORA Compliance

Gimmal

There has been a spotlight on the Kansas Open Records Act (KORA) in the media lately, largely due to recent violations. Under KORA, any individual can request public records from government bodies. If all requested records are not provided within in a specific timeframe, these organizations are subject to significant repercussions. This is merely one example of a ‘ sunshine law ’.

article thumbnail

Apple's New Bounty Program Has Huge Incentives, Big Risks

Dark Reading

Industry observers applaud the program's ability to find exploits but fear unintended consequences.

Risk 81
article thumbnail

7 trends impacting commercial and industrial IoT data

Information Management Resources

Here's a look at seven top trends that are driving this space, from compute size, to the value of true edge computing, to closed-loop edge to cloud machine learning.

IoT 60