Krebs on Security

AUGUST 17, 2018

On Sunday, Aug. 12, KrebsOnSecurity carried an exclusive : The FBI was warning banks about an imminent “ATM cashout” scheme about to unfold across the globe, thanks to a data breach at an unknown financial institution. On Aug. 14, a bank in India disclosed hackers had broken into its servers, stealing nearly $2 million in fraudulent bank transfers and $11.5 million unauthorized ATM withdrawals from more than two dozen cash machines across multiple countries.

Data breaches 182

Data breaches Access Insurance Phishing 182

Data Breach Today

AUGUST 17, 2018

Leading the latest edition of the ISMG Security Report: Chris Morales of the cybersecurity firm Vectra discusses how the industrial internet of things is changing the nature of industrial espionage and disruption.

Risk 124

Risk Cybersecurity Security 124

Thales Cloud Protection & Licensing

AUGUST 17, 2018

In this blog, I will present a new and efficient approach to reconciling security vulnerabilities and FIPS 140 security certifications, led by Thales eSecurity in collaboration with NIST/CMVP and FIPS 140 evaluation laboratories. A quick and efficient patch also needs a quick and efficient certification. To maintain security over a product’s lifetime, it is a best practice for companies to implement a vulnerability management process.

Security 86

Security Manufacturing Libraries Risk 86

Data Breach Today

AUGUST 17, 2018

Defense Attorney Says His Young Client Dreamed of Working for iPhone Giant An Australian teenager was such a fan of Apple that he hacked into the technology giant's mainframe, according to media reports. The teen has pleaded guilty to stealing 90 GB of sensitive information. But Apple says no customers' personally identifiable information was exposed.

113

113

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Dark Reading

AUGUST 17, 2018

Simply applying file-based tools and expectations to fileless attacks is a losing strategy. Security teams must also understand the underlying distinctions between the two.

Security 76

Security 76

IT Governance

AUGUST 17, 2018

IR (incident response) plans are the most effective way of mitigating the damage of data breaches, Ponemon Institute has found. Its 2018 Cost of a Data Breach Study revealed that the average cost of a data breach for organisations without an IR plan was $148 (about £116) per record, which is approximately $14 (about £11) more than those with an IR plan.

Data breaches 74

Data breaches Encryption Government IT 74

Data Breach Today

AUGUST 17, 2018

Gerry Sillars of Skybox on How to Operationalize It Threat analytics involves understanding where threats to key data assets exist and planning your mitigation strategy around that, says Skybox's Gerry Sillars.

Analytics 100

Analytics IT 100

WIRED Threat Level

AUGUST 17, 2018

Concerned social scientists turned their analytical skills onto one of their most widely used research tools this week: Amazon's Mechanical Turk.

Analytics 64

Analytics Security 64

Data Breach Today

AUGUST 17, 2018

Verizon's Ashish Thapar Shares Tips and Techniques Malware detection needs to shift to detecting anomalous behavior, rather than depending on signature-based detection technologies to deal with such threats as sandbox-evading malware, says Verizon's Ashish Thapar.

100

100

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

IT Governance

AUGUST 17, 2018

In our first #BreachReady blog for schools series , we asked you to consider the types of breaches your school has experienced, what caused them, and steps your school can take to prevent them from happening again. In this blog, we’ll consider situational analysis, how to assess what’s happening in the school and how to support staff to protect the data in their care.

GDPR 56

GDPR Encryption Data breaches Compliance 56

Data Breach Today

AUGUST 17, 2018

RSA's CTO, Zulfikar Ramzan, Shares His View of the Challenges Ahead The best way to take a holistic approach to the current threat landscape is to define security issues as business problems and then put the problem before the solution - not the other way around, contends RSA CTO Zulfikar Ramzan.

Security 100

Security 100

Security Affairs

AUGUST 17, 2018

According to Australian media, a teen hacker broke into Apple mainframe and downloaded 90GB of secure files. He dreams to work for the Tech Giant. I believe it is time for Apple to hire an Australian 16-year old schoolboy who hacked its computer systems. Yes, it is not a joke, according to Australian media the teen hacker broke into Apple mainframe and downloaded 90GB of secure files.

Security 55

Security Personal data Access IT 55

Data Breach Today

AUGUST 17, 2018

IBM Security's Paul Garvey on Taking the Right Approach While IT and OT integration has brought about new levels of operational efficiency, it has also introduced serious cyber risks that conventional IT security approaches might fail to address, says IBM Security's Paul Garvey.

Risk 100

Risk IT Security 100

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

IT Governance

AUGUST 17, 2018

This week, we discuss a new flaw affecting Intel processors, a $13.5 million cyber attack on an Indian bank, the release of version 1.3 of the Transport Layer Security protocol and the highlights from this month’s Microsoft patches. Hello and welcome to the IT Governance podcast for Friday, 17 August. Here are this week’s stories. Researchers from the universities of Leuven, Michigan and Adelaide have identified a new vulnerability affecting Intel processors , which could allow attackers “

Communications 53

Communications Encryption Cloud Information Security 53

Record Nations

AUGUST 17, 2018

Well-maintained records management programs help businesses to remain compliant with record keeping regulations, avoid security risks, and improve their workflow and productivity. As you turn to evaluating your own records management, questions to ask yourself include what are the greatest weaknesses in your system,c and what steps can you take to improve your overall records […].

Records Management 52

Records Management Risk Security 52

Schneier on Security

AUGUST 17, 2018

Interesting research on web tracking: " Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies : Abstract : Nowadays, cookies are the most prominent mechanism to identify and authenticate users on the Internet. Although protected by the Same Origin Policy, popular browsers include cookies in all requests, even when these are cross-site.

Paper 51

Paper Authentication 51

Hunton Privacy

AUGUST 17, 2018

As reported in BNA Privacy Law Watch , a California legislative proposal would allocate additional resources to the California Attorney General’s office to facilitate the development of regulations required under the recently enacted California Consumer Privacy Act of 2018 (“CCPA”). CCPA was enacted in June 2018 and takes effect January 1, 2020. CCPA requires the California Attorney General to issue certain regulations prior to the effective date, including, among others, (1) to update the categ

Privacy 49

Privacy Compliance Government IT 49

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

OpenText Information Management

AUGUST 17, 2018

Prioritized Review for eDiscovery: Something we can all agree on It’s rare these days to find common ground that everyone can agree on – even more so in the argumentative world of legal services – but the benefits of using machine learning to prioritize the identification of important docs seems to be a no-brainer. In … The post Prioritized Review with AI Endorsed by Federal Court appeared first on OpenText Blogs.

49

49

Security Affairs

AUGUST 17, 2018

Linux kernel maintainers have rolled out security updates for two DoS vulnerabilities tracked as SegmentSmack and FragmentSmack. Linux kernel maintainers have released security patches that address two vulnerabilities, tracked as two bugs are known as SegmentSmack (CVE-2018-5390) and FragmentSmack (CVE-2018-5391). potentially exploitable to trigger a DoS condition.

Security 49

Security Cloud 49

OpenText Information Management

AUGUST 17, 2018

On August 13, 2018, Check Point Research published an article regarding a security flaw in HP all-in-one devices. According to HP, two security vulnerabilities affect certain HP Inkjet printers where a maliciously crafted file sent to an affected device can cause a stack or static buffer overflow, which could allow remote code execution. HP has … The post OpenText fax solutions remain a secure and trusted form of communication appeared first on OpenText Blogs.

Communications 45

Communications Security 45

Security Affairs

AUGUST 17, 2018

Researchers discovered a new modular downloader, tracked as Marap malware, that is being used in large campaigns targeting financial institutions. Researchers from Proofpoint have spotted a new modular downloader in large campaigns targeting financial institutions, experts believe the malicious code could be used to deliver additional malware in future attacks.

Passwords 46

Passwords Communications IT Security 46

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Dark Reading

AUGUST 17, 2018

Drawing from a recent study by SophosLabs, Principal Research Scientist Chester Wisniewski highlights a shift to the rise of more targeted and sophisticated ransomware threats, such as SamSam.

Ransomware 45

Ransomware 45

Troy Hunt

AUGUST 17, 2018

Made it to 100! And by pure coincidence, it aligned with the week where I've tuned out more than I ever have since gaining my independence which means there's really not much to talk about. But I did want to share a little about the snow in Australia (turns out it's not all beaches) and some thoughts on gov initiatives in the news following my time with the Australia Cyber Security Centre in Canberra last week.

IT 44

IT Security 44

Dark Reading

AUGUST 17, 2018

A group of researchers from Georgia Tech have discovered a method for pulling encryption keys from mobile devices without ever touching the phones, themselves.

Encryption 48

Encryption 48

Threatpost

AUGUST 17, 2018

An analysis of the world's most-visited websites shows that vulnerable software, too much active content and large amounts of code execution open visitors to a raft of potential dangers.

Security 44

Security 44

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Dark Reading

AUGUST 17, 2018

Endgames Mark Dufresne says SOCs can achieve better results within their existing staff and budget constraints with AI- and visualization-empowered, unified defense across the MITRE ATT&CK matrix.

44

44

Threatpost

AUGUST 17, 2018

Cryptocurrency angel investor Michael Terpin seeks damages for "gross negligence" by the carrier, alleging it turned a blind eye to store employees' malicious activities.

IT 43

IT Privacy Security 43

Dark Reading

AUGUST 17, 2018

Ofer Maor of Synopsys Software Integrity Group describes how automated testing can non-intrusively pinpoint where developers may be inadvertently exposing data and/or violating compliance mandates.

Compliance 43

Compliance Security 43