Mon.Jan 06, 2020

article thumbnail

Protecting your data in 2020: How to identify web attacks

Information Management Resources

It can be overwhelming to navigate the sheer number of attacks and attack types targeting applications, APIs and microservices. However, most attempts can be narrowed down to three types.

IT 39
article thumbnail

The Hidden Cost of Ransomware: Wholesale Password Theft

Krebs on Security

Organizations in the throes of cleaning up after a ransomware outbreak typically will change passwords for all user accounts that have access to any email systems, servers and desktop workstations within their network. But all too often, ransomware victims fail to grasp that the crooks behind these attacks can and frequently do siphon every single password stored on each infected endpoint.

Passwords 188
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

1. Brace yourself (for export turbulence). 2020 could well be a year of data export turmoil – so brace yourself! The Court of Justice of the European Union (CJEU) will determine the validity of the EU Standard Contractual Clauses (SCCs) ( Data Protection Commissioner v Facebook Ireland Limited, Maximillan Schrems ) whilst the General Court of the EU will consider the future of Privacy Shield (La Quadrature du Net v Commission).

Privacy 52
article thumbnail

Client-Side JavaScript Risks & the CCPA

Dark Reading

How California's new privacy law increases the liability for securing Web-facing user data, and what enterprises can do to mitigate their risk.

Risk 48
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Lawsuit Filed in Wake of Ransomware Attack

Data Breach Today

Ryuk Attack on DCH Health System Disrupted Patient Care Last Fall A lawsuit filed against DCH Health System in the wake of a ransomware attack that disrupted medical services for several days alleges that the Alabama-based organization failed "to properly maintain and safeguard its computer systems and data.

More Trending

article thumbnail

FBI Investigating How Town Defrauded of $1 Million: Report

Data Breach Today

Imposter Posing as Contractor Reportedly Tricked Erie, Colo., Officials Into Wire Transfer The FBI and local police are investigating how scammers posing as a contractor for a local bridge project tricked officials in a small Colorado town into electronically transferring over $1 million to a fraudulent account, according to the Denver Post.

189
189
article thumbnail

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

1. Brace yourself (for export turbulence). 2020 could well be a year of data export turmoil – so brace yourself! The Court of Justice of the European Union (CJEU) will determine the validity of the EU Standard Contractual Clauses (SCCs) ( Data Protection Commissioner v Facebook Ireland Limited, Maximillan Schrems ) whilst the General Court of the EU will consider the future of Privacy Shield (La Quadrature du Net v Commission).

Privacy 85
article thumbnail

Iran's Cyber Response: 'They're Going to Unleash the Hounds'

Data Breach Today

Following the U.S. assassination of Iran's Maj. Gen. Qasem Soleimani last week, security experts have warned of possible retaliatory cyber strikes. Tom Kellermann of VMware believes those attacks are imminent. "The period of mourning is over, and I think the holy war in American cyberspace is yet to begin.

Security 162
article thumbnail

Information Advantage for Financial Services in 2020

OpenText Information Management

It’s that time again when we look ahead to the year to come. For 2020, we’re going to see financial services companies accentuate and accelerate the priorities of recent years. And we are going to witness the rise of Platformification as the way to achieve these long-standing goals. Financial Services and Insurance organizations will continue … The post Information Advantage for Financial Services in 2020 appeared first on OpenText Blogs.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Global Cyber Alliance President on Iranian Cyber Threat

Data Breach Today

From past roles at the Department of Justice, Department of Homeland Security, Microsoft and Sony, Phil Reitinger has learned more than a thing or two about nation-states and cyber threats. In this exclusive interview, the head of the Global Cyber Alliance discusses how to respond to potential new threats from Iran.

Security 124
article thumbnail

Six steps for effective human-centered design

CGI

Six steps for effective human-centered design. ravi.kumarv@cgi.com. Tue, 01/07/2020 - 00:02. The world is evolving rapidly, and the pace of change is increasing. Organizations are under pressure to transform as their leaders, customers, citizens and other stakeholders demand more. They face many challenges—building long-term relationships with customers, delivering competitive products and services, driving new ways of working, to name a few.

article thumbnail

Microsoft report: around 0.08% of RDP brute-force attacks are successful

Security Affairs

Microsoft published an interesting analysis of RDP brute-force attacks that targeted the 45,000 have analyzed in months of study. Researchers from Microsoft have analyzed several months’ worth of data to investigate RDP brute force attacks occurring across Microsoft Defender ATP customers. The study involved 45,000 machines that had both RDP public IP connections and at least 1 network failed sign-in.

article thumbnail

How Close Is Iran to a Nuclear Weapon? Here's What We Know

WIRED Threat Level

Iran is no longer abiding by many of the restrictions in the landmark 2015 nuclear deal, but that doesn’t mean it’s about to build a bomb, either.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

School software provider Active Network discloses data breach

Security Affairs

The US-based School management software provider Active Network disclosed a severe security breach last week. Active Network provides web-based school management software for K-12 schools and districts, last week it announced to have suffered a major security breach. The hackers gained access to Blue Bear , a cloud school accounting software customized especially for K-12 schools and districts to help manage and simplify schools’ activity fund accounting.

article thumbnail

New Year?s message from the CILIP CEO

CILIP

New Year?s message from the CILIP CEO. On behalf of all of us at CILIP, I would like to send you our best wishes for a happy and prosperous 2020. Last year, I enjoyed meeting CILIP members in all four nations and across more than 20 industry sectors. It was great to welcome 800 new members to CILIP in 2020 and to see hundreds of people successfully completing or revalidating their professional registration.

article thumbnail

HappyHotel, popular search engine for love hotels in Japan discloses data breach

Security Affairs

HappyHotel , a Japanese search engine used to find and book rooms in “love hotels,” announced to have suffered a security breach in December. HappyHotel is a popular Japanese search engine for “love hotels,” it is used by married couples and unfaithful spouses, it allows users to book rooms in love hotels in Japan. Almex , the company that operates HappyHotel , published a data breach notice on the website. “Apology and announcement regarding the possibility of leak

article thumbnail

Libraries: don't mess with trust

CILIP

Libraries: don't mess with trust. Libraries: don't mess with trust. The Open Data Institute?s (ODI) mission is to help companies and governments to build an open, trustworthy data ecosystem. Jeni Tennison, CEO of the ODI discusses how libraries could fit into it without damaging themselves. When information professionals and their employers look at their place in the data age, opening and sharing data is often a stumbling block.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

A more sustainable approach to CCPA compliance

Collibra

Now that the January 1, 2020 deadline for California Consumer Privacy Act (CCPA ) compliance passed, organizations are looking to create long-term sustainable compliance programs. It can be tempting to look at CCPA as “just another” compliance project, but that would be a real mistake. CCPA compliance should be an opportunity for organizations to get their overall engagement with personal data on the right footing.

article thumbnail

What Tools Will Find Misconfigurations in My AWS S3 Cloud Buckets?

Dark Reading

Misconfigured cloud buckets leak sensitive data. Here's how to keep your Amazon Web Services (AWS) Simple Server Storage (S3) buckets secured.

Cloud 59
article thumbnail

Mailbox Master Keys

Schneier on Security

Here's a physical-world example of why master keys are a bad idea. It's a video of two postal thieves using a master key to open apartment building mailboxes. Changing the master key for physical mailboxes is a logistical nightmare, which is why this problem won't be fixed anytime soon.

IT 66
article thumbnail

Facebook Revamps Its Privacy Checkup Feature in Time for CES

WIRED Threat Level

Forget Portal. This year, Facebook is marketing itself as a privacy crusader.

Privacy 69
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Top trends to expect in cybersecurity and artificial intelligence

Information Management Resources

Looking at both the threat landscape and the emergence of innovative defenses, here are five trends we see developing in the new year.

article thumbnail

Malicious Google Play Apps Linked to SideWinder APT

Dark Reading

The active attack involving three malicious Android applications is the first exploiting CVE-2019-2215, Trend Micro researchers report.

50
article thumbnail

Magecart Hits Parents and Students via Blue Bear Attack

Threatpost

The latest attack takes aim at a vertical-specific e-commerce platform.

article thumbnail

US Government Publishing Office Website Defaced

Dark Reading

The Federal Depository Library Program (FDLP) website was attacked by a group of hackers claiming to represent the government of Iran.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Indiana County Running out of Storage Space

IG Guru

As reported by the Journal Review, Montgomery County in Indiana keeps their records back to the 1800s and is running out of valuable space keeping records they are legally required to keep. The post Indiana County Running out of Storage Space appeared first on IG GURU.

article thumbnail

Widely Known Flaw in Pulse Secure VPN Being Used in Ransomware Attacks

Dark Reading

New Year's Eve attack on currency exchange service Travelex may have involved use of the flaw.

article thumbnail

New Year?s message from the CILIP CEO

CILIP

New Year?s message from the CILIP CEO. On behalf of all of us at CILIP, I would like to send you our best wishes for a happy and prosperous 2020. Last year, I enjoyed meeting CILIP members in all four nations and across more than 20 industry sectors. It was great to welcome 800 new members to CILIP in 2020 and to see hundreds of people successfully completing or revalidating their professional registration.