Data Breach Today
OCTOBER 14, 2022
39 Million Shoppers of Shein and Romwe Weren't Notified of Personal Data Exposure Fast-fashion clothing giant Shein has been fined $1.9 million by the New York state attorney general for multiple failings tied to a massive 2018 data breach, including substandard password security as well as failing to alert users or force password resets in a timely manner.
Security Affairs
OCTOBER 14, 2022
Researchers disclosed details of a now-patched flaw, tracked as CVE-2022-37969, in Windows Common Log File System (CLFS). The CVE-2022-37969 (CVSS score: 7.8) flaw is a Windows Common Log File System Driver Elevation of Privilege Vulnerability. The Common Log File System (CLFS) is a general-purpose logging subsystem that can be used by applications running in both kernel mode and user mode for building high-performance transaction logs, and is implemented in the driver CLFS.sys.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Data Breach Today
OCTOBER 14, 2022
39 Million Shoppers of Shein and Romwe Weren't Notified of Personal Data Exposure Fast-fashion clothing giant Shein has been fined $1.9 million by New York state's attorney general for multiple failings tied to a massive 2018 data breach, including substandard password security, as well as failing to alert users or force password resets in a timely manner.
Data Matters
OCTOBER 14, 2022
*This article first appeared on Law360 on October 14, 2022. A series of coordinated announcements on Oct. 7 lifted the veil on a new trans-Atlantic data transfer mechanism. This announcement has been hotly anticipated since a joint declaration from the U.S. and European Union governments on March 25, that there was an agreement in principle for a new EU-U.S.
Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage
Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.
Data Breach Today
OCTOBER 14, 2022
Redmond Uses Protocol NIST Says Is a "Severe Security Vulnerability" Emails encrypted through Microsoft Office are vulnerable to attacks that can reveal the original content of messages due to shortcomings in the protocol, says WithSecure security researcher Harry Sintonen. Microsoft says it may finally abandon its use of the Electronic Codebook algorithm.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Data Breach Today
OCTOBER 14, 2022
Security flaws in a vital signs monitoring device from a China-based manufacturer could allow hackers to launch an attack that spreads to all other devices connected to the same network. This is among the most serious security issues involving medical devices, says Jason Sinchak of Level Nine.
KnowBe4
OCTOBER 14, 2022
With ransomware gangs making so much money and then dropping off the face of the earth, what’s the motivation to come back to life and potentially risk getting caught?
Data Breach Today
OCTOBER 14, 2022
Also: ISMG Southeast Summit Highlights; Binance's Response to a Cross-Chain Attack In the latest weekly update, ISMG editors discuss the trending themes from the 2022 ISMG Southeast Summit, plans by cryptocurrency exchange Binance to implement security measures to shore up cross-chain vulnerabilities, and the viability of a proposed data flow agreement between the U.S. and Europe.
Dark Reading
OCTOBER 14, 2022
Once overloaded, our brains can't process information effectively, performance decreases, and even the simplest of tasks seem foreign.
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
Data Breach Today
OCTOBER 14, 2022
Consumerization of IT Has Brought CIAM Methods, Technologies to Workforce IAM Space Perennial leaders ForgeRock, Ping Identity and IBM, along with a surging Okta, set themselves apart from the pack of CIAM vendors in the latest report by KuppingerCole analysts. Ping Identity leapfrogged ForgeRock to capture the gold in product leadership, and IBM once again took the bronze.
Security Affairs
OCTOBER 14, 2022
Experts released the PoC exploit code for the authentication bypass flaw CVE-2022-40684 in FortiGate firewalls and FortiProxy web proxies. A proof-of-concept (PoC) exploit code for the authentication bypass vulnerability CVE-2022-40684 (CVSS score: 9.6) in FortiGate firewalls and FortiProxy web proxies has been released online. The vulnerability impacts FortiOS versions from 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1.
Data Breach Today
OCTOBER 14, 2022
Medibank Group Says No Evidence of Data Compromise Australian health insurer Medibank Group says it has found no evidence of data compromise following its Wednesday detection of unusual network activity. The company, which serves nearly 4 million Australians, restored access to its policy websites on Friday.
KnowBe4
OCTOBER 14, 2022
Under the guise of determining applicant eligibility for a U.S. federal government job, this latest phishing attack plants the seed for a future attack on the victim organization.
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
Data Breach Today
OCTOBER 14, 2022
Zscaler Researchers Probe File System Base Log File to Expose Flaw Probe deep enough into a once-obscure subsystem in the Windows operating system called the Common Log File System and you might come out the other end with system privileges. Researchers on Zscaler’s ThreatLabz research team say the root cause of a recent CLFS zero-day resides in base file metadata.
eSecurity Planet
OCTOBER 14, 2022
In a BNB Chain blog post in early October, the authors announced that about two million BNB crypto tokens were stolen. The value? It was over a whopping $560 million. At the time, the BNB Chain had $5.45 billion in DeFi (decentralized finance) assets. The platform is a part of Binance, the world’s largest cryptocurrency. The vulnerability was in the cross-chain bridge.
Data Breach Today
OCTOBER 14, 2022
Stopping Cyberattacks by Moving Away From Password-Based Authentication The January memorandum from President Biden’s Office of Management and Budget calls for adopting multifactor authentication that includes the verification of device-based security controls, continuous monitoring, and authentication and mandates a switch to phishing-resistant MFA by January 2023.
eSecurity Planet
OCTOBER 14, 2022
Patch management is all about helping organizations manage the process of patching software and applications. It encompasses functions such as testing patches, prioritizing them, deploying them, verifying that they are installed in all endpoints, and in general looking after every aspect of patching. But patching can be a time-consuming – and ineffective – task.
Advertisement
“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.
Hunton Privacy
OCTOBER 14, 2022
On October 11, 2022, the Biden-Harris Administration released an informational statement about the current Administrations’ progress in strengthening America’s national cybersecurity. The statement provides detail into several new initiatives and sets goals for America’s future in cybersecurity: The following are some example of the Administration’s current or planned actions in cybersecurity: .
Dark Reading
OCTOBER 14, 2022
The authentication bypass flaw in FortiOS, FortiProxy and FortiSwitchManager is easy to find and exploit, security experts say.
The Security Ledger
OCTOBER 14, 2022
In this episode of the Security Ledger podcast, brought to you by ReversingLabs, we interview Danny Adamitis (@dadamitis) of Black Lotus Labs about the discovery of ZuoRAT, malware that targets SOHO routers – and is outfitted with APT-style tools for attacking the devices connected to home networks. As always, you can check our full. Read the whole entry. » Click the icon below to listen.
Dark Reading
OCTOBER 14, 2022
The default email encryption used in Microsoft Office's cloud version is leaky, which the company acknowledged but said it wouldn't fix.
Advertisement
If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.
Record Nations
OCTOBER 14, 2022
In the post-COVID world, commuting and traditional work models have changed. Though many companies have returned to on-site work, it is now more common to have a combination of remote, on-site, and hybrid employees. With the many benefits of being able to work remotely, there are new challenges when it comes to keeping your data […]. The post 4 Tips to Protect Your Data While Commuting appeared first on Record Nations.
Dark Reading
OCTOBER 14, 2022
New York AG fines Shein and Romwe parent company for failure to protect customer data and downplaying the 2018 compromise of 46 million shopper records.
Data Matters
OCTOBER 14, 2022
*This article first appeared on Law360 on October 14, 2022. A series of coordinated announcements on Oct. 7 lifted the veil on a new trans-Atlantic data transfer mechanism. This announcement has been hotly anticipated since a joint declaration from the U.S. and European Union governments on March 25, that there was an agreement in principle for a new EU-U.S.
KnowBe4
OCTOBER 14, 2022
The recent arrest demonstrates how very small and unsophisticated a cybercriminal team can be to launch a very successful phishing campaign that takes victims for millions.
Advertisement
Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.
Dark Reading
OCTOBER 14, 2022
Microsoft highlighted emerging confidential computing offerings for Azure during its Ignite conference.
Schneier on Security
OCTOBER 14, 2022
This is a current list of where and when I am scheduled to speak: I’m speaking at the World Ethical Data Forum , online, October 26-28, 2022. I’m speaking at the 24th International Information Security Conference in Madrid, Spain, on November 17, 2022. The list is maintained on this page.
Hunton Privacy
OCTOBER 14, 2022
On October 13, 2022, the Interactive Advertising Bureau (“IAB”) released for public comment an updated version of its contractual framework and new U.S. State Signals (“Signals”) specifications to help the digital advertising industry comply with the comprehensive state privacy laws of California, Virginia, Colorado, Utah and Connecticut. The proposed contractual framework, IAB Privacy’s Multi-State Privacy Agreement (“MSPA”), updates the IAB’s Limited Service Provider Agreement first released i
Expert insights. Personalized for you.
265 
Let's personalize your content