Mon.Sep 10, 2018

article thumbnail

In a Few Days, Credit Freezes Will Be Fee-Free

Krebs on Security

Later this month, all of the three major consumer credit bureaus will be required to offer free credit freezes to all Americans and their dependents. Maybe you’ve been holding off freezing your credit file because your home state currently charges a fee for placing or thawing a credit freeze, or because you believe it’s just not worth the hassle.

Access 217
article thumbnail

British Airways Faces Class-Action Lawsuit Over Data Breach

Data Breach Today

GDPR Privacy Law Lets Breach Victims Seek 'Non-Material Damage' Compensation British Airways has been threatened with a class-action lawsuit in U.K. court after warning that a hacker stole payment card data associated with 380,000 transactions. A law firm says that under GDPR, the airline should compensate victims for "inconvenience, distress and misuse of their private information.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Simplify and accelerate your compliance projects

IT Governance

Anyone who is working on a compliance project, whether for the EU GDPR (General Data Protection Regulation) or ISO 27001 certification, will understand how time-consuming, complex and lengthy the process can be. Simplify and accelerate your compliance project and alleviate some of the stress – book a free demo to see how Vigilant Software’s tools can help you and your project at any stage. vsRisk.

article thumbnail

Russian Charged in JPMorgan Chase Hack Extradited to US

Data Breach Today

Andrei Tyurin Perpetrated Biggest Bank Customer-Data Heist in History, Feds Say Russian national Andrei Tyurin, who's been accused of hacking into JPMorgan Chase's network in 2014 and stealing details for more than 83 million customers, has been extradited to the U.S. He was allegedly part of a group that hacked into brokerages, news firms, a risk intelligence company and others.

Risk 150
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Hackers Can Steal a Tesla Model S in Seconds by Cloning Its Key Fob

WIRED Threat Level

Weak encryption in the cars' key fobs allows all-too-easy theft, but you can set a PIN code on your Tesla to protect it.

IT 108

More Trending

article thumbnail

Mirai and Gafgyt target Apache Struts and SonicWall to hit enterprises

Security Affairs

Security experts with Unit 42 at Palo Alto Networks have discovered new variants of the Mirai and Gafgyt IoT malware targeting enterprises. Both botnets appear very interesting for two main reasons: The new Mirai variant targets the same Apache Struts vulnerability exploited in the 2017 Equifax data breach. The vulnerability affects the Jakarta Multipart parser upload function in Apache and could be exploited by an attacker to make a maliciously crafted request to an Apache web server.

IoT 78
article thumbnail

Going Beyond a 'Walled-Garden' Approach

Data Breach Today

Security technology innovations entering the market are getting attached as features to an infrastructure that is fundamentally broken and an enforcement model that cannot operate in real time, says Matthew Moynahan, CEO at Forcepoint.

Marketing 100
article thumbnail

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Security Affairs

Security experts observed the LuckyMouse APT group using a digitally signed 32- and 64-bit network filtering driver NDISProxy in recent attacks. Security experts from Kaspersky have observed the LuckyMouse APT group (aka Emissary Panda , APT27 and Threat Group 3390) using a digitally signed 32- and 64-bit network filtering driver NDISProxy in recent attacks.

article thumbnail

The Equifax Breach One Year Later: 6 Action Items for Security Pros

Dark Reading

The Equifax breach last September was the largest consumer breach in history. We talked to experts about lessons learned and steps companies can take to prevent and minimize future breaches.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Other 3,700 MikroTik Routers compromised in cryptoJacking campaigns

Security Affairs

Thousands of unpatched MikroTik Routers are involved in new cryptocurrency mining campaigns. The exploit code for the CVE-2018-14847 vulnerabilities is becoming a commodity in the hacking underground, just after its disclosure crooks started using it to compromise MikroTik routers. Thousands of unpatched devices are mining for cryptocurrency at the moment.

Mining 62
article thumbnail

Updating NARA’s Format Guidance Bulletin

National Archives Records Express

We released two bulletins on transferring electronic records to NARA. Bulletin 2018-01: Updating NARA Bulletin 2014-04, Format Guidance for the Transfer of Permanent Electronic Records streamlines the process for future updates to the format tables in our transfer guidance. We are also releasing the updated Bulletin 2014-04 and Appendix A: Tables of File Formats , which lists preferred and acceptable formats for different categories of electronic records.

article thumbnail

A growing number of iOS apps collect and sell location data

Security Affairs

A growing number of iOS apps currently collect location data, WiFi network IDs and other data, from iPhone users and sell them to monetization firms. A group of security researchers that developed the popular Guardian mobile firewall app revealed that a growing number of iOS apps currently collect location data, WiFi network IDs and other data, from iPhone users and sell them to advertising companies.

Privacy 56
article thumbnail

Three Trend Micro Apps Caught Collecting MacOS User Data

Dark Reading

After researchers found the security apps collecting and uploading users' browser histories, Apple removed the apps from its macOS app store and Trend Micro removed the apps' browser history collection capability.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Poll Shows GDPR Compliance Lacking

Adam Levin

Only 34.5 % of the approximately 500 professionals responsible for compliance to the European Union (EU) General Data Protection Regulation (GDPR) report maintaining practices that are in keeping with the regulation, a recent Deloitte poll. According to the poll, one-third of respondents (32.7 %) hope to be compliant within 2018. And, 11.7% plan to take a “wait and see” approach amid uncertainty over how EU regulators in various countries will enforce the new regulation.

GDPR 51
article thumbnail

Russian National Extradited for 2014 JP Morgan Hack

Dark Reading

Andrei Tyurin was arrested for his involvement in a hacking campaign targeting US financial institutions, financial news publishers, brokerage firm, and other companies.

51
article thumbnail

Are organizations ready to embrace AI security mitigation?

Information Management Resources

As organizations continue to accumulate sensitive information, risks for high-cost breaches grow, and privacy regulations tighten, a robust data governance strategy is crucial.

article thumbnail

The internal view: Engineering success

OpenText Information Management

Meet Vasuki, Principal Software Engineer from Bangalore, India. In this post, Vasuki talks about his love for engineering and how he contributes to the success of OpenText™. Tell us a little bit about your role here at OpenText I joined OpenText from the GXS acquisition in 2014. I work for the Product Development team as a Lead … The post The internal view: Engineering success appeared first on OpenText Blogs.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

ITALY: Data Protection law integrating the GDPR in place

DLA Piper Privacy Matters

Italian privacy law integrating the GDPR is finally in place, but a number of provisions remain unclear, but need immediate action. After having spent the well-deserved summer break, Italians are back to work and the legislative decree integrating the GDPR has been finally published on the Official Gazette and will be binding with effect from the 19th of September 2018.

GDPR 49
article thumbnail

My Health Record lets down those who could use it the most | Mike McRae

The Guardian Data Protection

Some diseases are judged more worthy than others. People with mental health issues, addiction and obesity know it It seemed like such a good idea: a digital vault for all of our health records accessible by a variety of healthcare providers. But for all of their promise, digital systems like My Health Record risks letting down the very people it could help most unless we acknowledge what makes a disease a disease.

IT 49
article thumbnail

Tor Brings Onion Browser to Android Devices

Threatpost

In parts of the developing world, dissidents and journalists face hostile governments and other threats -- and mobile is their only access to the internet.

article thumbnail

Why FINRA Regulatory Notice 17-18 Demands Dynamic, Interactive Web Preservation: Part 2

Hanzo Learning Center

As a securities professional, you’re good at shepherding your static communications through the complex maze of laws, rules, and regulations that dictate how you can communicate with investors and what you can—and can’t—tell them. You’ve mastered your advertising and marketing, focused on honest communications with clients, and deployed comprehensive record retention policies—at least, if we’re talking about hard-copy documents and structured database information, including standard corresponden

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Plustek to Unveil New GlobalSearch Enabled Capture Integration at Encompass 2018

Info Source

NEW HAVEN, CONN., September 10, 2018 – Square 9 Softworks, a leading provider of award-winning Enterprise Content Management solutions, has announced that Plustek will be releasing a new integration between their eScan enabled devices and Square 9’s GlobalSearch platform. Plustek, Inc., a manufacturer of consumer, prosumer and professional imaging and security devices, plans to unveil this new document capture integration at Square 9’s Encompass 2018 End User and Reseller Conference, being

article thumbnail

Fallout exploit kit appeared in the threat landscape in malvertising campaigns

Security Affairs

At the end of August, security experts discovered a new exploit kit called Fallout that is being used to distribute the GandCrab ransomware. At the end of August, the threat analyst nao_sec discovered a new exploit kit called Fallout that is being used to distribute the GandCrab ransomware and other malicious codes, including droppers and potentially unwanted programs (PUPs).

article thumbnail

Protecting Against the 7 Vulnerabilities of Meltdown and Spectre

eSecurity Planet

The biggest security vulnerabilities of 2018 are the Meltdown and Spectre flaws. What are they and what should you do to keep your organization safe?

article thumbnail

i-SIGMA Board to Consider Addition of Solid State Drive Erasure to Certification

IG Guru

After more than a year of planning and postponements related to the recent merger, the i-SIGMA Board of Directors will decide whether or not Solid State Device (SSD) erasure operations are included within the scope of overall NAID AAA Certification of Sanitization Operations. According to i-SIGMA CEO Bob Johnson, though pressure from service providers and […].

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

What the future holds ? the student view

CILIP

What the future holds ? the student view. Biddy Casselden shares the key findings from a small survey that she conducted of current postgraduate library students in the UK. Last term during my sabbatical, I undertook a small-scale survey of postgraduate students in the UK. The survey asked how postgraduate LIS students felt about the state of the library profession and what they hoped a postgraduate qualification would do for their careers.

article thumbnail

Podcast Episode 111: Click Here to Kill Everybody and CyberSN on Why Security Talent Walks

The Security Ledger

In this week’s podcast (episode #111), sponsored by CyberSN: what happens when the Internet gets physical? Noted author and IBM security guru Bruce Schneier joins us to talk about his new book on Internet of Things risk: Click Here to Kill Everybody. Also: everyone knows that cyber security talent is hard to come by, and even harder to keep. Read the whole entry. » Related Stories Spotlight Podcast: CSS on why Crypto Agility is the Key to Securing Internet of Things Identities Spotlig

article thumbnail

GAO Says Equifax Missed Flaws, Intrusion in Massive Breach

Dark Reading

A report from the Government Accountability Office details the issues found and opportunities missed in the huge 2017 Equifax data breach.