Mon.Oct 08, 2018

article thumbnail

Super Micro Trojan: US and UK Back Apple and Amazon Denials

Data Breach Today

Government Agencies Have 'No Reason to Doubt' Supply Chain Tampering Refutation U.S. and U.K. government agencies have said they have "no reason to doubt" strong denials issued by Amazon and Apple that hardware hackers had successfully implanted tiny chips in their servers that provided a backdoor for Chinese spies.

article thumbnail

MY TAKE: Cyber attacks on industrial controls, operational technology have only just begun

The Last Watchdog

“May you live in interesting times.” The old Chinese proverb–some consider it a blessing and others a curse–certainly describes the modern-day cyber landscape. Related: 7 attacks that put us at the brink of cyber war. In today’s geopolitical terrain, nation-state backed cyber criminals are widening their targets and starting to zero in on their adversaries’ business and industrial sectors, using more and more sophisticated weaponry to do so.

Military 120
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

CEO Fraud: Barriers to Entry Falling, Security Firm Warns

Data Breach Today

Access to Valuable Business Email Accounts Starts at $150 on Black Market Barriers to getting into the business email compromise - aka CEO fraud - game continue to fall, with security vendor Digital Shadows finding that compromised email accounts for a company's finance department can typically be purchased via the black market for just $150 to $500.

Security 157
article thumbnail

6 tools to help you prevent and respond to data breaches

IT Governance

There are few things organisations fear more than data breaches. They cause immediate delays, cost money to put right and could lead to long-term reputational damage. The stakes were raised with the introduction of the EU GDPR (General Data Protection Regulation) in May 2018. It outlines the best practices for preventing a data breach and has been widely publicised – as has the potential to levy large fines against non-compliant organisations.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Preventing a 'Doomsday' Healthcare Cyber Event

Data Breach Today

The healthcare sector needs to continue upping its ante in cybersecurity to prevent potentially catastrophic "doomsday" events that could devastate regional healthcare systems, says Erik Decker, CISO of the University of Chicago Medicine. He's helping draft a guide to mitigating five key cyber threats.

More Trending

article thumbnail

Amazon Employee Fired for Leaking Customer Data, Exposing a Search Flaw or Both?

Adam Levin

Amazon revealed a breach of customer data last week, but it wasn’t a data breach of the usual variety. Rather than falling prey to a cyberattack or having hackers exploit unsecured code, customer emailed addresses were leaked by an employee to an online reseller in exchange for money. What you need to know: 1.) A crime was committed, and 2.) It still counts as a data compromise.

Sales 83
article thumbnail

Google was aware of a flaw that exposed over 500,000 of Google Plus users, but did not disclose it

Security Affairs

This is a very bad news for Google that suffered a massive data breach that exposed the private data of over 500,000 of Google Plus users to third-party developers. As a consequence of the data exposure, the company is going to shut down the social media network Google+. The root cause of the data breach is a security vulnerability affecting one of Google+ People APIs that allowed third-party developers to access data for more than 500,000 users.

IT 83
article thumbnail

Teach Your AI Well: A Potential New Bottleneck for Cybersecurity

Dark Reading

Artificial intelligence (AI) holds the promise of easing the skills shortage in cybersecurity, but implementing AI may result in a talent gap of its own for the industry.

article thumbnail

Kaspersky shed lights on the overlap of operations conducted by Turla and Sofacy

Security Affairs

Researchers from Kaspersky Lab collected evidence that demonstrates overlaps between the activity of Russian APT groups Turla and Sofacy. . In March, during the Kaspersky Security Analyst Summit held in Cancun, Kurt Baumgartner, Kaspersky principal security researcher, revealed the activity associated with Sofacy APT group appears to overlap with campaigns conducted by other cyber espionage groups.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Breach and Attack Simulation: Find Vulnerabilities before the Bad Guys Do

eSecurity Planet

This new IT security testing technology continually monitors networks and systems to help organizations determine how secure their environment is.

article thumbnail

How Secure Are Bitcoin Wallets, Really?

Security Affairs

Purchasers of Bitcoin wallets usually have one priority topping their lists: security. What’s the truth about the security of these wallets? When buying conventional wallet coins and paper money, people often prioritize characteristics like the size, color, shape, and number of compartments. However, purchasers of Bitcoin wallets — the software programs that facilitate storing someone’s cryptocurrency-related wealth — usually have one priority topping their lists: security.

article thumbnail

Defeating the "Deal or No Deal" Arcade Game

Schneier on Security

Two teenagers figured out how to beat the "Deal or No Deal" arcade game by filming the computer animation than then slowing it down enough to determine where the big prize was hidden.

IT 74
article thumbnail

WECON PI Studio HMI software affected by code execution flaws

Security Affairs

Security experts discovered several vulnerabilities in WECON’s PI Studio HMI software, the company has verified the issues but has not yet released patches. Researchers Mat Powell and Natnael Samson discovered several vulnerabilities in WECON’s PI Studio HMI software, a software widely used in critical manufacturing, energy, metallurgy, chemical, and water and wastewater sectors.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Vizio Agrees to $17M Settlement to Resolve Smart TV Class Action Suit

Hunton Privacy

Vizio, Inc. (“Vizio”), a California-based company best known for its internet-connected televisions, agreed to a $17 million settlement that, if approved, will resolve multiple proposed consumer class actions consolidated in California federal court. The suits’ claims, which are limited to the period between February 1, 2014 and February 6, 2017, involve data-tracking software Vizio installed on its smart TVs.

article thumbnail

Empowering business users with automated decision management

IBM Big Data Hub

When Vallourec adopted IBM Operational Decision Manager to automate decision management, it add value to its end-to-end SAP ERP implementation.

IT 74
article thumbnail

EDPB Adopts Opinions on National DPIA Lists in the EU

Hunton Privacy

The European Data Protection Board (“EDPB”) recently published 22 Opinions on the draft lists of Supervisory Authority (“SAs”) in EU Member States regarding which processing operations are subject to the requirement of conducting a data protection impact assessment (“DPIA”) under the EU General Data Protection Regulation (“GDPR”). National DPIA Lists.

GDPR 65
article thumbnail

Which ISO 27001 implementation bundle is right for you?

IT Governance

Hopefully your organisation understands the importance of ISO 27001 by now. It’s the international standard for information security, and its framework can be used to reduce the risk of data breaches, ensure that your data protection practices are as efficient as possible and persuade potential customers that their information is safe with you. IT Governance offers four implementation bundles to help organisations with different needs achieve ISO 27001 compliance.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Google+ Shuts Down Over Breach as Google Offers New Privacy Features

WIRED Threat Level

Google got caught hiding a privacy issue affecting 500,000 users on the same day it rolled out privacy protections.

Privacy 65
article thumbnail

3 lies you’ve been told about ISO 27001

IT Governance

It shouldn’t come as a surprise to learn that there’s a lot of misinformation swirling around the Internet. This includes ‘facts’ about ISO 27001 , the international standard for information security, which we’ve addressed here. 1) “ Implementing ISO 27001 is expensive”. One of the big sticking points for organisations contemplating ISO 27001 is that it’s too expensive, but it’s possible to implement the Standard for as little as £2,850. .

article thumbnail

California Consumer Privacy Act: The Challenge Ahead – Four Key Considerations for Health and Life Sciences Companies

HL Chronicle of Data Protection

This is the sixth installment in Hogan Lovells’ series on the California Consumer Privacy Act. The California Consumer Privacy Act of 2018 (CCPA) adds another set of privacy requirements for health and life sciences companies. Managing the interaction of these new requirements with existing obligations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), California’s Confidentiality of Medical Information Act (CMIA), and other health privacy laws will continue to be an

Privacy 45
article thumbnail

Google Shuts Down Google+ Social Platform After Security Fail

Adam Levin

Google announced that it will be shutting down consumer use of the long-ailing social platform Google+ after it was revealed that a security bug dating back more than six months was not disclosed by the company. According to the Wall Street Journal , Google may have opted not to disclose the bug at least in part to avoid regulatory scrutiny, though the platform, originally launched to compete against Facebook, has had lackluster adoption among users and may well have been slated for the digital

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Open research needs library support

CILIP

Open research needs library support. Open research needs library support. LIBRARIANS and researchers from across the world are working together on a project that could help unify Open Scholarship for the digital age. The Open Scholarship Strategy brings together HE librarians and researchers to look at opportunities and challenges in Open Research ?

article thumbnail

California Consumer Privacy Act: The Challenge Ahead – Four Key Considerations for Health and Life Sciences Companies

HL Chronicle of Data Protection

This is the sixth installment in Hogan Lovells’ series on the California Consumer Privacy Act. The California Consumer Privacy Act of 2018 (CCPA) adds another set of privacy requirements for health and life sciences companies. Managing the interaction of these new requirements with existing obligations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), California’s Confidentiality of Medical Information Act (CMIA), and other health privacy laws will continue to be an

Privacy 40
article thumbnail

Lloyd v Google – putting the brakes on English data breach litigation?

Data Protection Report

A judgment handed down today by the English High Court will be welcomed by UK data controllers. Lloyd v Google [2018] EWHC 2599 represents a corollary to recent case law expanding the circumstances in which litigation may be brought in relation to breaches of data protection legislation. Most notably, the case: reinforces the need for “damage” to be proven by claimants before compensation can be obtained in these circumstances; and. makes clear that the courts will not permit representative clai

article thumbnail

California Consumer Privacy Act: The Challenge Ahead – Four Key Considerations for Health and Life Sciences Companies

HL Chronicle of Data Protection

This is the sixth installment in Hogan Lovells’ series on the California Consumer Privacy Act. The California Consumer Privacy Act of 2018 (CCPA) adds another set of privacy requirements for health and life sciences companies. Managing the interaction of these new requirements with existing obligations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), California’s Confidentiality of Medical Information Act (CMIA), and other health privacy laws will continue to be an

Privacy 40
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

White House, industry reveal more details on US privacy framework

IG Guru

via IAPP 9/25/2018 Jedidiah Bracy, CIPP/E, CIPP/US Movement toward a U.S. privacy framework is gaining steam this week as lobbying efforts in Washington intensify ahead of the release of White House document outlining an initial approach to consumer privacy and a highly anticipated Congressional hearing Wednesday in which privacy professionals from several major tech companies […].

Privacy 40
article thumbnail

Here’s a Webcast to Help You Get a “Clue” Regarding Your eDiscovery Process: eDiscovery Webcasts

eDiscovery Daily

As evidenced by some high-profile recent eDiscovery disasters, managing eDiscovery projects is more complex than ever. Not only have the volume and variability of ESI data sources increased dramatically, but there are often more stakeholders in eDiscovery projects today than characters on the board game Clue ©. Successful eDiscovery today means not only meeting your obligations, but also making sure that each stakeholder in the process succeeds as well.

article thumbnail

Girl’s Own Paper

Archives Blogs

This post is part of our series celebrating American Archives Month. Last week, Special Collections & Archives did a Twitter Takeover of the @fsulibraries feed for #AskAnArchivist day so be sure to check out those conversations. . The Digital Library Center has been busy loading material into DigiNole , and one of the most recent additions is the Girl’s Own Paper.

Paper 32