Fri.Dec 13, 2019

article thumbnail

Is your Organization Suffering From Third-Party "Compliance Drift"?

Data Breach Today

Countermeasures to Keep your Compliance On Track and as Originally Designed Third-party vendors accessing your most critical systems and networks can also bring in security incidents along with all those wonderful things they promised in the sales presentation.

article thumbnail

Flaws in Siemens SPPA-T3000 control system expose power plants to hack

Security Affairs

Experts discovered tens of flaws in the Siemens SPPA-T3000 control systems that could be exploited to attack fossil and renewable power plants. Siemens informed customers that the SPPA-T3000 Application Server is affected by 19 vulnerabilities and the SPAA-T3000 MS3000 Migration Server is impacted by 35 security issues. Some of the vulnerabilities have been rated as critical and could be exploited by attackers to trigger a denial-of-service (DoS) condition or to execute arbitrary code on the ser

Access 82
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Securing the 2020 Election

Data Breach Today

Brigadier General (retired) Francis X. Taylor Says 'Check Your Politics at the Door' In 2016, Retired Brigadier General Francis X. Taylor had a front-row seat to the election interference threat picture. Today, as a leader of U.S. CyberDome, what's his view on how well the U.S. is prepared to protect the 2020 federal election?

Security 147
article thumbnail

VISA warns of cyber attacks on PoS systems of fuel dispenser merchants

Security Affairs

VISA is warning of ongoing targeted cyber attacks conducted by crooks on point-of-sale (POS) systems of North American fuel dispenser merchants. According to a security alert published by VISA, the PoS systems of North American fuel dispenser merchants are under attack. Visa Payment Fraud Disruption (PFD) reported that at least three attacks took place this summer, crooks aimed at infecting the PoS systems with malware to scrape payment card data.

Sales 66
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

North Korean Hackers Tapping Into TrickBot: Report

Data Breach Today

Researchers See Connections Between Lazarus Group and Crimeware Developers New research finds that hackers linked to the North Korean government are now renting the botnet created by TrickBot malware, as well as access to a highly customized malicious framework, to help further their goals - including targeting payment systems.

More Trending

article thumbnail

Georgia Wire Manufacturer Struck by Ransomware

Data Breach Today

Southwire Says It's Bringing Systems Back Online A large Atlanta-area manufacturer of wire and cable says it has brought some systems back online after what appears to be a ransomware infection. Southwire Co., based in Carrollton, Georgia, tweeted on Thursday that "we are doing all we can to minimize and resolve this disruption.

article thumbnail

To stay ahead, CIOs must think far ahead

DXC Technology

Technology change can be incremental or transformational. Organizations that embrace the latest cool tech toy without regard to how it fits into overall business strategies and goals are doomed to incremental change — which, in the dynamic digital economy, can sometimes be a death sentence. Transformational change, in contrast, requires a long-term view of technology […].

article thumbnail

Analysis: A Better Approach to Cyber Defense

Data Breach Today

The latest edition of the ISMG Security Report discusses why cyber defense teams need to think more like attackers. Plus, a case study on cross-border payment fraud, and an expert's take on security for the 2020 elections.

Security 113
article thumbnail

Gartner identifies 10 top trends impacting infrastructure and operations for 2020

Information Management Resources

Automation, scaling DevOps agility, the distributed cloud and hybrid digital infrastructure management are among the trends that analysts say I&O leaders must start preparing for.

Cloud 65
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

SEC Charges Shopin Founder with fraud over unregistered $42M ICO

Security Affairs

Shopin founder charged by SEC for running $42 million scam cryptocurrency ICO. The US Securities and Exchange Commission (SEC) has charged the founder of Shopin , Eran Eyal, for allegedly running $42 million scam ICO. T he Securities and Exchange Commission today charged a digital-asset entrepreneur and his company with defrauding investors in an initial coin offering (ICO) that raised more than $42 million from hundreds of investors.” reads the press release published by SEC.

Retail 58
article thumbnail

Weekly Update 169

Troy Hunt

I recorded this right before heading out for my final conference talk of the year at YOW! Melbourne where I was due to do the closing keynote of the event. That's now done, questions answered and beers drunk and I left the event feeling great. One of the things I get the most pleasure out of at conferences is hanging around talking to people so a big thanks to everyone who made the time today to stay back on a Friday evening and cap a very busy year of conferences off in this fashion.

article thumbnail

A flaw in outdated versions of Beaver Builder and Elementor plugins allows hacking WordPress sites

Security Affairs

WordPress sites running outdated versions of “Ultimate Addons for Beaver Builder,” or “Ultimate Addons for Elementor” plugins are exposed to hack. Security experts from MalCare discovered a critical easy-to-exploit authentication bypass vulnerability in “Ultimate Addons for Beaver Builder,” or “Ultimate Addons for Elementor.” The vulnerability resides in the way the plugins let WordPress account holders, including administrators, authenticate via F

article thumbnail

EDPB Publishes Guidelines on the Right to Be Forgotten in Search Engine Cases

Hunton Privacy

On December 11, 2019, the European Data Protection Board (“EDPB”) published its draft guidelines 5/2019 (the “Guidelines”) on the criteria of the right to be forgotten in search engine cases under the EU General Data Protection Regulation (“GDPR”). The Guidelines aim to provide guidance on: (1) the grounds on which individuals can rely for submitting a request for the right to be forgotten in relation to links to web pages containing their personal data; and (2) the exceptions to the right to be

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Holiday Shopping Weekend Data: Suspicious Transactions Rose 29%

Rippleshot

Midway through December, data indicates holiday fraud is rising sharply as expected. The latest data from Digital Transactions indicates that over the five-day holiday shopping period there was a 29% increase in suspected fraud when compared with the same time period in 2018. This uptick in fraud comes with increased holiday spending, particularly online.

Sales 52
article thumbnail

Teaching the Teacher: Professional Development with iPad and Jamf

Jamf

Introducing technology into a classroom can be a challenge. At this year’s Jamf Nation User Conference (JNUC), Taylor Bell of Maryville University of St. Louis, suggested leading with professional development.

52
article thumbnail

'Motivating People Who Want the Struggle': Expert Advice on InfoSec Leadership

Dark Reading

Industry veteran and former Intel security chief Malcolm Harkins pinpoints three essential elements for leaders to connect with their employees and drive business objectives.

article thumbnail

EFF on the Mechanics of Corporate Surveillance

Schneier on Security

EFF has published a comprehensible and very readable "deep dive" into the technologies of corporate surveillance, both on the Internet and off. Well worth reading and sharing. Boing Boing post.

Privacy 73
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

6 trends that will impact IoT strategies in 2020

Information Management Resources

From data analytics to IoT adoption, enterprises have acknowledged these technologies are essential to not only kick start, but also maintain digital transformation initiatives.

IoT 55
article thumbnail

Star Wars Episode 9 is a week away!

Adam Shostack

Emily Asher-Perrin has some of the most interesting writing on the Star Wars universe. I like her analysis of where Rey may come from in Rey Should Choose to Adopt the Skywalker Name, Not Be Retconned Into the Family. I half look forward to the day when Disney assimilates her into the official writing team. The stories will get better, and we’ll lose her analysis.

49
article thumbnail

Lessons Learned from 7 Big Breaches in 2019

Dark Reading

Capital One, Macy's, FEMA, and others: key takeaways from the year's most notable breaches.

88
article thumbnail

Insights about the first five years of Right to Be Forgotten requests at Google

Elie

In-depth research publications, industry talks and blog posts about Google security, research at Google and cybersecurity in general in open-access.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

GitLab Doles Out Half a Million Bucks to White Hats

Threatpost

The DevOps lifecycle management said that response to its year-old bug-bounty program has been robust.

IT 55
article thumbnail

Endpoint Protection: Dark Reading Caption Contest Winners

Dark Reading

Trojans, knights, and medieval wordplay. And the winners are.

65
article thumbnail

Pairing Privacy and Security with Digital Identities in Retail

Threatpost

Omnichannel views of customers are a competitive edge -- but they have to be appropriately implemented.

Retail 53
article thumbnail

Software analysts see more volatility in an uncertain 2020

Information Management Resources

Despite a potential risk to stock multiples, one securities firm expects software demand to remain robust next year, particularly in the sub-sectors of cybersecurity and cloud computing.

Cloud 42
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

FIN8 Targets Card Data at Fuel Pumps

Threatpost

Paying at the pump has landed in the sights of the notorious PoS-skimming group.

Sales 59
article thumbnail

Do you have a Verifiable Audit Trail for your Documents?

Archive Document Data Storage

You pride yourself on your organisational skills. Each month, or perhaps even at the end of each week, you diligently file away your important business documents. You may even have a meticulously labelled filing cabinet system to help keep you organised. Great – you’re a step ahead of most of your industry colleagues and competitors! Unfortunately, storage is only one piece – albeit an important piece – of records management.

article thumbnail

TURKEY: THE DEADLINE FOR COMPLYING WITH THE DATA CONTROLLERS’ REGISTRY REQUIREMENT IS DECEMBER 31, 2019.

DLA Piper Privacy Matters

Under the Law on Protection of Personal Data no. 6698 (“ DPL ”), there are certain obligations which are similar to those contained in the GDPR, and which are relatively easy to comply with. On the other hand, some DPL obligations will likely be foreign to data controllers in the EU and overseas. One such requirement is the requirement to register with the Data Controllers’ Registry (“ VERBIS ”).