Tue.Sep 17, 2019

article thumbnail

IoT and Quantum Computing’s Impact on the Federal Government

Thales Cloud Protection & Licensing

As government agencies get back to work after summer barbeques, family vacations and once-in-a-lifetime getaways, the focus is on the priorities for the rest of 2019. Cybersecurity remains one of the top concerns and priorities for our government. The focus on the rest of 2019 and looking ahead to 2020 was very clear when I attended two recent industry events.

IoT 100
article thumbnail

Researchers: Emotet Botnet Is Active Again

Data Breach Today

New Surge in Activity Spotted After Four-Month Absence Emotet, one of the most powerful malware-spreading botnets, is active again after a four-month absence, according to several security researchers who noticed a surge in activity primarily against U.S., U.K. and German targets starting on Monday.

Security 231
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Banks, Arbitrary Password Restrictions and Why They Don't Matter

Troy Hunt

Allow me to be controversial for a moment: arbitrary password restrictions on banks such as short max lengths and disallowed characters don't matter. Also, allow me to argue with myself for a moment: banks shouldn't have these restrictions in place anyway. I want to put forward cases for both arguments here because seeing both sides is important. I want to help shed some light on why this practice happens and argue pragmatically both for and against.

article thumbnail

NIST Issues Draft Guidance for Securing PACS

Data Breach Today

Tips on Keeping Picture Archiving and Communications Systems Secure New draft guidance from the National Institute of Standards and Technology aims to help healthcare organizations improve the security of picture archiving and communications systems, or PACS.

Archiving 190
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Backup files for Lion Air and parent airlines exposed and exchanged on forums

Security Affairs

Tens of millions of records belonging to passengers of two airline companies owned by Lion Air have been exposed and exchanged on forums. Data belonging to passengers of two airline companies owned by Lion Air have been exposed and exchanged on forums. The information was left exposed online on an unsecured Amazon bucket, the records were stored in two databases in a directory containing backup files mostly for Malindo Air and Thai Lion Air.

More Trending

article thumbnail

ISO 27701 unlocks the path to GDPR compliance and better data privacy

IT Governance

We have good news for those looking for help complying with the GDPR (General Data Protection Regulation) : new guidance has been released on how to create effective data privacy controls. ISO 27701 explains what organisations must do to when implementing a PIMS (privacy information management system). The advice essentially bolts privacy processing controls onto ISO 27001 , the international standard for information security, and provides a framework to establish the best practices required by

article thumbnail

Investigation Launched After Ecuadorian Records Exposed

Data Breach Today

Researchers: Unsecured Elasticsearch Database Included Bank Details, Personal Information An unsecured database owned by an Ecuadorian consulting company left over 20 million records on the South American country's citizens exposed to the internet, according to a report from two independent security researchers. An official investigation is underway.

Security 205
article thumbnail

Experts found 125 new flaws in SOHO routers and NAS devices from multiple vendors

Security Affairs

Researchers discovered many flaws in over a dozen small office/home office (SOHO) routers and network-attached storage (NAS) devices. Security experts have discovered multiple vulnerabilities in over a dozen small office/home office (SOHO) routers and network-attached storage (NAS) devices. The research is part of a project dubbed SOHOpelessly Broken 2.0 conducted Independent Security Evaluators (ISE).

IoT 87
article thumbnail

Using Artificial Intelligence to Combat Card Fraud

Data Breach Today

Artificial intelligence is playing an important role in the fight against payment card fraud, says Gord Jamieson, senior director of Canada risk services at Visa. He'll offer a keynote presentation on the latest fraud trends at Information Security Media Group's Cybersecurity Summit in Toronto Sept 24-25.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

The Air Force Will Let Hackers Try to Hijack an Orbiting Satellite

WIRED Threat Level

At the Defcon hacking conference next year, the Air Force will bring a satellite for fun and glory.

Security 111
article thumbnail

Mainframe Security Challenges: An Encroaching Perimeter

Data Breach Today

Even with the uptake of cloud services, many large enterprises still hold data on mainframes, says Philip MacLochlainn of IBM. But the diversity of computing environments around mainframes is rapidly changing, which increases the risk of data breaches, he explains.

article thumbnail

Skidmap Linux miner leverages kernel-mode rootkits to evade detection

Security Affairs

Trend Micro researchers spotted a piece of Linux cryptocurrency miner, dubbed Skidmap that leverages kernel-mode rootkits to evade the detection. Skidmap is a new piece of crypto-miner detected by Trend Micro that target Linux machines, it uses kernel-mode rootkits to evade the detection. This malware outstands similar miners because of the way it loads malicious kernel modules to evade the detection.

Mining 81
article thumbnail

Final California Consumer Privacy Act Amendments Bring Practical Changes (But Your Business May Now Be a California “Data Broker”)

Data Matters

After months of wrangling, the California legislature has finally passed a set of significant amendments to the California Consumer Privacy Act (CCPA), a sweeping data privacy and security law commonly referred to as “California’s GDPR” (Europe’s General Data Protection Regulation). Employee personal information and personal information obtained in business-to-business (B2B) interactions are now mostly out of scope.

Privacy 68
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

A Brutal Murder, a Wearable Witness, and an Unlikely Suspect

WIRED Threat Level

Karen Navarra was a quiet woman in her sixties who lived alone. She was found beaten to death. The neighbors didn't see anything. But her Fitbit did.

Privacy 84
article thumbnail

Understanding macOS Catalina and Jamf Connect

Jamf

Apple introduced changes related to identity that raised confusion regarding how macOS and Jamf Connect will work together going forward. This blog post provides answers.

75
article thumbnail

Impersonation Fraud Still Effective in Obtaining Code Signatures

Dark Reading

Fraudsters continue to attempt to fool certificate authorities into issuing valid digital certificates for legitimate organizations by impersonating an authoritative user. The reward? The ability to sign code with a legitimate signature.

72
article thumbnail

The hybrid career space between business and technology

OpenText Information Management

Christine Cole is a leader, a food lover and a connector of people. She’s also the Director and Product Suite Owner, Digital Workplace at Allstate Insurance Company of Canada. We sat down with her to discuss her approach to leadership, the hybrid career space between business and technology and what she recommends for people starting … The post The hybrid career space between business and technology appeared first on OpenText Blogs.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

MITRE Releases 2019 List of Top 25 Software Weaknesses

Dark Reading

The list includes the most frequent and critical weaknesses that can lead to serious software vulnerabilities.

84
article thumbnail

United States government files civil lawsuit against Edward Snowden

Security Affairs

The United States government sued Edward Snowden , the former CIA employee and NSA contractor, to block payment for his book, Permanent Record. The US DoJ filed a lawsuit against Edward Snowden to prevent the former CIA employee and National Security Agency contractor from receiving the payment for his book, Permanent Record. According to the civil lawsuit , filed in the Eastern District of Virginia, Snowden violated non-disclosure agreements signed when he was an employee at the US intelligence

article thumbnail

Five Common Cloud Configuration Mistakes

Dark Reading

It's a joint responsibility to keep data safe in the cloud. Here's what cloud customers must do to keep their end of the bargain.

Cloud 76
article thumbnail

U.S. government innovates cyber security job fulfillment

Information Management Resources

A number of agencies recently commented on the progress the U.S. government has made in using creative and innovative approaches to hiring individuals for cyber security roles.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

How Intel Unlocks the Powerful Potential of Diversity in Cybersecurity

Dark Reading

Sparking cultural shifts within an organization -- and throughout an entire industry -- can feel like a monumental task, but the juice is well worth the squeeze.

article thumbnail

FAQ: What is a record regarding government or agency websites?

The Texas Record

By law, any information that an elected official, a government employee, or a state employee handles that correlates with the definitions explained in State Agency Bulletin 4 and in Local Government Bulletin D is a record. In other words, the format that an organization uses to distribute or to collect information does not change the fact that they must ensure that those records are retained, accessible, and readable for their full retention period.

article thumbnail

15K Private Webcams Could Let Attackers View Homes, Businesses

Dark Reading

Webcams could be potentially accessed and manipulated by anyone with an Internet connection, researchers say.

Access 78
article thumbnail

Key insights from the IBM Data and AI Forum: DataOps - NYC

IBM Big Data Hub

The IBM DataOps methodology and practice focuses on bringing agility, speed, and scale to analytics through automation, data quality and governance.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Cybercriminal's Black Market Pricing Guide

Dark Reading

Common prices criminals pay one other for products and services that fuel the cybercriminal ecosystem.

article thumbnail

Panda Threat Group Mines for Monero With Updated Payload, Targets

Threatpost

Though harboring unsophisticated payloads, the Panda threat group has updated its tactics - from targets to infrastructure - and successfully mined hundreds of thousands of dollars using cryptomining malware.

Mining 55
article thumbnail

Snowden Sued by US Government Over His New Book

Dark Reading

Civil suit argues the former CIA employee and NSA contractor violated his nondisclosure agreements with the two intel agencies.