Data Breach Today
SEPTEMBER 20, 2018
'Multiple Failures' Cited as Watchdog Levies Maximum Possible Pre-GDPR Fine Credit bureau Equifax has been hit with the maximum possible fine under U.K. law for "multiple failures" that contributed to its massive 2017 data breach, including its failure to act on a critical vulnerability alert issued by the U.S. Department of Homeland Security.
Security Affairs
SEPTEMBER 20, 2018
Sustes Malware doesn’t infect victims by itself, but it is spread via brute-force activities with special focus on IoT and Linux servers. Today I’d like to share a simple analysis based on a fascinating threat that I like to call Sustes (you will see name genesis in a bit). Everybody knows Monero cryptocurrency and probably everybody knows that it has built upon privacy, by meaning It’s not that simple to figure out Monero wallet balance.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Data Breach Today
SEPTEMBER 20, 2018
E-Commerce Site Investigates Malware Attack and Payment Card Data Theft Online retailer Newegg is investigating a malware attack that may have stolen customers' payment card details for more than a month. Security firms have traced the heist to Magecart, a loose affiliation of cybercrime gangs also tied to payment card data breaches at British Airways and Ticketmaster.
Schneier on Security
SEPTEMBER 20, 2018
Of course the ESS ExpressVote voting computer will have lots of security vulnerabilities. It's a computer, and computers have lots of vulnerabilities. This particular vulnerability is particularly interesting because it's the result of a security mistake in the design process. Someone didn't think the security through, and the result is a voter-verifiable paper audit trail that doesn't provide the security it promises.
Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage
Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.
Data Breach Today
SEPTEMBER 20, 2018
Attorney Imran Ahmad on What Organizations Can Expect After Nov. 1 November 1 ushers in a whole new era of breach notification requirements for Canada. What are the new standards, and how prepared are Canadian organizations? Attorney Imran Ahmad shares insights.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Data Breach Today
SEPTEMBER 20, 2018
HHS Slaps Three Boston Hospitals With HIPAA Penalties HIPAA privacy violations can come in many forms. Case in point: Federal regulators have smacked three Boston hospitals with settlements totaling nearly $1 million for allowing crews for the documentary TV show "Boston Med" to film on their premises without obtaining authorization from patients.
Security Affairs
SEPTEMBER 20, 2018
The US State Department confirmed that hackers breached one of its email systems, the attack potentially exposed personal information of some of its employees. The incident seems to have affected less than 1% of employee inboxes, 600-700 employees out of 69,000 people. “The Department recently detected activity of concern in its unclassified email system, affecting less than 1 per cent of employee inboxes.
Hunton Privacy
SEPTEMBER 20, 2018
On August 30, 2018, Apple Inc. announced a June update to its App Store Review Guidelines that will require each developer to provide its privacy policy as part of the app review process, and to include in such policy specific content requirements. Effective October 3, 2018, all new apps and app updates must include a link to the developer’s privacy policy before they can be submitted for distribution to users through the App Store or through TestFlight external testing.
Security Affairs
SEPTEMBER 20, 2018
Cybercriminals have stolen 6.7 billion yen ($60 million) worth of cryptocurrencies from the Japanese digital currency exchange Zaif exchange. According to the Tech Bureau Corp., a Japanese cryptocurrency firm, hackers have compromised its Zaif exchange and have stolen 6.7 billion yen ($60 million) worth of cryptocurrencies, including Bitcoin, Monacoin, and Bitcoin Cash.
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
Dark Reading
SEPTEMBER 20, 2018
Actionable advice for tailoring the National Institute of Standards and Technology's security road map to your company's business needs.
Security Affairs
SEPTEMBER 20, 2018
Cisco released security patches to fix RCE flaws in the Webex Network Recording Player for Advanced Recording Format (ARF). Cisco released security patches to address vulnerabilities in the Webex Network Recording Player for Advanced Recording Format (ARF) (CVE-2018-15414, CVE-2018-15421, and CVE-2018-15422) that could be exploited by an unauthenticated, remote attacker to execute arbitrary code on a vulnerable system.
IT Governance
SEPTEMBER 20, 2018
Small organisations often try to claim exemption from the EU’s GDPR (General Data Protection Regulation) based on their size. In most cases this is in vain, but there is one requirement where they might be justified: the appointment of a DPO (data protection officer). A DPO is an independent expert tasked with overseeing an organisation’s data protection practices.
Adam Levin
SEPTEMBER 20, 2018
An email server containing “sensitive but unclassified” data belonging to the State Department was breached, the government agency announced earlier this month. The information included personally identifiable information of an undisclosed number of employees who have since been notified. While the breach itself is relatively minor, it highlights the relative lack of progress made by the department to enact more rigorous security measures, despite repeated hack attempts and security breaches.
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
OpenText Information Management
SEPTEMBER 20, 2018
In my previous blog, I looked at how Identity and Access Management (IAM) can help with GDPR compliance. This time around, I’d like to go a little deeper into how IAM addresses some of the specific data protection requirements within the new European Union (EU) regulations. GDPR has changed the way that companies with European … The post How Identity and Access Management helps meet the data protection requirements of GDPR appeared first on OpenText Blogs.
Dark Reading
SEPTEMBER 20, 2018
Seasoned red teamers explain the value-add of a red team, how it operates, and how to maximize its effectiveness.
Thales Cloud Protection & Licensing
SEPTEMBER 20, 2018
Now in its 13 th year, our Global Encryption Trends Study that is performed by the Ponemon Institute reveals interesting findings that span a dozen different geographies. This year, we found that multi-cloud use as well as compliance requirements have encouraged organizations around the globe to embrace a more extensive encryption strategy. Our study also found that these two key drivers along with protection of information against specific, identified threats are ushering in a new era of encryp
IT Governance
SEPTEMBER 20, 2018
With stories of data breaches appearing daily, many organisations will be wondering when their time will come. The situation might seem hopeless, with cyber criminals outnumbering overworked and underfunded information security personnel, but there are plenty of ways you can improve your defences, even on a tight budget. This blog outlines some of the free resources IT Governance offers to help organisations prevent, prepare for and respond to data breaches.
Advertisement
“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.
Threatpost
SEPTEMBER 20, 2018
The threat actor's Android-focused cyber-arms package, dubbed Black Rose Lucy, is limited in reach for now, but clearly has global ambitions.
IT Governance
SEPTEMBER 20, 2018
This week, we discuss a record ICO fine for Equifax, cyber attacks on Bristol Airport and Smeg, and the sentencing of the creators of the Mirai botnet. Hello and welcome to the IT Governance podcast for Friday, 21 September. Here are this week’s stories. The Information Commissioner’s Office has fined the credit ratings agency Equifax £500,000 for failing to protect the personal information of up to 15 million UK citizens.
Threatpost
SEPTEMBER 20, 2018
Vulnerability allowed an unauthenticated remote attacker to log in to a device at the time the system initially boots up.
Dark Reading
SEPTEMBER 20, 2018
The incident highlights a broader problem of poor security in cryptocurrency exchanges throughout the country.
Advertisement
If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.
Threatpost
SEPTEMBER 20, 2018
The incident, hard on the heels of the British Airways breach, shows that Magecart is quickly evolving and shows no signs of slowing down.
Dark Reading
SEPTEMBER 20, 2018
A "point-in-time" approach to PCI compliance could be one reason why so many retailers appear to be having a hard time.
Threatpost
SEPTEMBER 20, 2018
The research team said it has shared its findings with law enforcement and victims are being notified.
Dark Reading
SEPTEMBER 20, 2018
What's causing the uptick? Motivation, opportunity, and new capabilities.
Advertisement
Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.
IT Governance
SEPTEMBER 20, 2018
Drafting detailed data protection policies and documentation is vital for improving security for your customers, stakeholders and brand because it shows your understanding and commitment to the PCI DSS (Payment Card Industry Data Security Standard). From policy, to procedure, to configuration standard, a significant proportion of PCI DSS compliance begins with documentation.
Dark Reading
SEPTEMBER 20, 2018
More than three-quarters of ATOs resulted in a phishing email, a new report shows.
The Guardian Data Protection
SEPTEMBER 20, 2018
Commission gives social media company until end of the year to change its terms of service Brussels has warned Facebook it will face sanctions unless it changes what the European commission calls its “misleading” terms and conditions. The EU commissioner in charge of consumer protection, V?ra Jourová, said she had run out of patience with the social network after nearly two years of discussions aimed at giving Facebook’s European users more information about how their data is used.
Expert insights. Personalized for you.
262 
Let's personalize your content