Tue.Jan 28, 2020

article thumbnail

Lessons from Data Privacy Day: Aspiration vs. action

Information Management Resources

Data protection challenges have evolved and become more complex due to the variety and volume of data and the massively increased number of people who need access to it.

article thumbnail

MTTD and MTTR: Two Metrics to Improve Your Cybersecurity

Threatpost

While there are dozens of metrics available to determine success, there are two key cybersecurity performance indicators every organization should monitor.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How will Cyber Essentials changes affect you?

IT Governance

In April, there will be a major change to the way the Cyber Essentials scheme is administered. From 1 April 2020, in a move to standardise the requirements for Cyber Essentials certification, the National Cyber Security Centre (NCSC) will drop four of its accreditation bodies in favour of the IASME Consortium (IASME), which will operate as the sole accreditation body for the Cyber Essentials scheme.

article thumbnail

CCPA: Cut From the Same Cloth as PCI DSS

Dark Reading

Finally, some good news about CCPA: If you've built your security infrastructure to PCI DSS standards, you may be already covered by California's new data protection rules

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Wawa Breach May Have Compromised More Than 30 Million Payment Cards

Krebs on Security

In late December 2019, fuel and convenience store chain Wawa Inc. said a nine-month-long breach of its payment card processing systems may have led to the theft of card data from customers who visited any of its 850 locations nationwide. Now, fraud experts say the first batch of card data stolen from Wawa customers is being sold at one of the underground’s most popular crime shops, which claims to have 30 million records to peddle from a new nationwide breach.

Sales 297

More Trending

article thumbnail

How to Keep Your Information Safe for Data Privacy Day 2020

Thales Cloud Protection & Licensing

January 28, 2020 marks the 13th iteration of Data Privacy Day. An extension of the celebration for Data Protection Day in Europe, Data Privacy Day functions as the signature event of the National Cyber Security Centre’s ongoing education and awareness efforts surrounding online privacy. Its aim is to foster dialogue around the importance of privacy.

article thumbnail

Why Was Electronic Health Records Vendor Fined $145 Million?

Data Breach Today

Prosecutors Cite Drug Company Kickbacks, HITECH Act Violations Federal prosecutors say Practice Fusion - a unit of Allscripts - will pay $145 million to settle civil and criminal investigations related to its electronic health records system. The case includes a kickback scheme involving opioids as well as false claims regarding HITECH Act certification compliance.

article thumbnail

Jamf named most popular device security tool by Okta

Jamf

Okta’s 2020 Business @ Work report recognizes Jamf Pro as the most popular device security tool and one of the fastest growing solutions in the enterprise. Learn more.

Security 105
article thumbnail

UK Government Proposes IoT Security Measures

Data Breach Today

Rules Would Strengthen Password Protection and Vulnerability Reporting With the number of installed internet of things devices expected to surpass 75 billion by 2025, the U.K. government is taking the first steps toward creating new security requirements for manufacturers to strengthen password protections and improve how vulnerabilities are reported.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

LoRaWAN Encryption Keys Easy to Crack, Jeopardizing Security of IoT Networks

Threatpost

New research from IOActive has found that “blindly” trusting the encryption of the widely adopted device protocol can lead to DDoS, sending of false data and other cyber attacks.

article thumbnail

Making Sure You're PCI DSS 3.2 Compliant? MFA to the Rescue

Data Breach Today

Taking a Closer Look at the PCI DSS 3.2 Standard Here's a close look at the critical components of the Payment Card Industry Data Security Standard, version 3.2, and some advice on how to comply with its authentication requirements.

article thumbnail

A new piece of Snake Ransomware targets ICS processes

Security Affairs

The recently discovered Snake Ransomware has been targeting processes and files associated with industrial control systems (ICS). Security experts from SentinelOne reported that the recently discovered Snake Ransomware has been targeting processes and files associated with industrial control systems (ICS). The Snake ransomware is written in the Golang programming language and has been used in targeted attacks against businesses worldwide.

article thumbnail

Faster, more efficient early case assessment and analysis

OpenText Information Management

In litigation, investigations and regulatory compliance, there’s no doubt that eDiscovery technology has delivered exceptional cost savings and efficiencies for legal teams that need to collect, cull, process, review, analyze and produce vast amounts of data. However, the lack of integration between point solutions remains a top challenge for many legal organizations.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Managing financial services model risk in an age of big data and AI

IBM Big Data Hub

Any financial services firm using AI must revisit its approach to model risk management. The reason is that AI models are evolving faster than the rules-based models that were standard previously. If AI models perform inadequately, major operational losses can grow quickly. Watson OpenScale helps organizations validate and monitor AI models to enhance compliance with regulations, provide fair and explainable outcomes, and mitigate business risk.

article thumbnail

A vulnerability in Zoom platform allowed miscreants to join Zoom meetings

Security Affairs

A vulnerability in the Zoom online meeting system could be exploited to join meetings and view all content shared by participants. . The popular video conferencing Zoom is affected by a vulnerability that could be exploited to join meetings and view all content shared by participants. The issue allowed anyone to remotely eavesdrop on unprotected active meetings, potentially exposing private audio, video, and documents shared throughout the session.

article thumbnail

Using the online marketplace to enhance customer experience

CGI

Using the online marketplace to enhance customer experience. dharini.s@cgi.com. Tue, 01/28/2020 - 05:20. Faced with fierce competition from pure players (with Amazon leading the pack), brick-and-mortar brands cannot and should not attempt to compete in the digital space. They should instead focus on what sets them apart, namely their physical network and brand power.

article thumbnail

Top 10 reasons to upgrade Documentum

OpenText Information Management

Software upgrades are vital for organizations to improve performance. To maintain a competitive advantage, internal resource efficiency and service levels, organizations must ensure they are running the most up-to-date versions of their enterprise software portfolio. OpenText™ Documentum™ is a mature product with a long release history. Documentum 5.0 was released in 2002, version 6.0 followed … The post Top 10 reasons to upgrade Documentum appeared first on OpenText Blogs.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Magento 2.3.4 addresses three critical Code execution flaws

Security Affairs

Magento has released version 2.3.4 to address multiple vulnerabilities, some of them are critical code execution issues. Magento version 2.3.4 has addressed several vulnerabilities in its e-commerce platform, come of them are critical code execution issues. The vulnerabilities affect Magento Commerce ( 2.3.3 /2.2.10 and below), Open Source ( 2.3.3 /2.2.10 and below), Enterprise Edition (1.14.4.3 and earlier), and Community Edition (1.9.4.3 and earlier). “Magento has released updates for Ma

Risk 73
article thumbnail

The US Space Force Has a Rough Launch on the Internet

WIRED Threat Level

From controversy over camo print to Star Trek comparisons, the new military branch can't buy a break online.

article thumbnail

Ring Doorbell App for Android Caught Sharing User Data with Facebook, Data-Miners

Threatpost

The Amazon-owned video doorbell uses third-party trackers to serve up rich data to marketers without meaningfully notifying users.

article thumbnail

Is this the year of the patient-centric business model for healthcare?

OpenText Information Management

You can’t deliver tomorrow’s innovation if you’re still using yesterday’s business models. For Healthcare 4.0, that means designing services and solutions around patients and empowering them to take more control, becoming partners in their own healthcare. In 2020, we’ll see a patient-centric approach finally take root throughout the life science and healthcare sectors.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Google Receives Geofence Warrants

Schneier on Security

Sometimes it's hard to tell the corporate surveillance operations from the government ones: Google reportedly has a database called Sensorvault in which it stores location data for millions of devices going back almost a decade. The article is about geofence warrants , where the police go to companies like Google and ask for information about every device in a particular geographic area at a particular time.

article thumbnail

Uncovering Vulnerabilities in Open Source Libraries

ForAllSecure

Introduction. In recent articles, ForAllSecure has discussed how we were able to use our next-generation fuzzing solution, Mayhem, to discover previously unknown vulnerabilities in several open source projects, including Netflix DIAL reference , Das U-Boot , and more. In this post, we will follow up on a prior article on using Mayhem to analyze stb and MATIO by reviewing three additional vulnerabilities found in another open source library.

article thumbnail

Privacy 2040: An Initiative for Collaboration between Policymakers and Businesses

HL Chronicle of Data Protection

We are announcing the launch today of Privacy 2040, Hogan Lovells’ initiative aimed at shaping the future of privacy and cybersecurity frameworks and practices to support innovation and protect humanity. It’s a big aim, so this is an ambitious, long-term project. Let us explain. Why Privacy 2040? The tension between the unstoppable evolution of technology and the efforts by legislators, regulators and the courts to safeguard people’s privacy in the data economy creates an oppo

Privacy 58
article thumbnail

Uncovering Vulnerabilities In Open Source Libraries (CVE-2019-13499)

ForAllSecure

Introduction. In recent articles, ForAllSecure has discussed how we were able to use our next-generation fuzzing solution, Mayhem, to discover previously unknown vulnerabilities in several open source projects, including Netflix DIAL reference , Das U-Boot , and more. In this post, we will follow up on a prior article on using Mayhem to analyze stb and MATIO by reviewing three additional vulnerabilities found in another open source library.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Arup Library: 60 years

CILIP

Arup Library: 60 years. Arup Library: 60 years. OVE Arup & Partners (Arup) is an independent firm of designers, engineers, architects, planners, consultants and technical specialists working across every aspect of the built environment. It was founded in 1946 by engineer Ove Arup, who was born in Newcastle to Danish parents. Headquartered in London, Arup now numbers almost 16,000 specialists, working across over 90 disciplines in more than 33 countries.

article thumbnail

Uncovering Vulnerabilities In Open Source Libraries (CVE-2019-13499)

ForAllSecure

Introduction. In recent articles, ForAllSecure has discussed how we were able to use our next-generation fuzzing solution, Mayhem, to discover previously unknown vulnerabilities in several open source projects, including Netflix DIAL reference , Das U-Boot , and more. In this post, we will follow up on a prior article on using Mayhem to analyze stb and MATIO by reviewing three additional vulnerabilities found in another open source library.

article thumbnail

5 top data management tips for legal hold and document retention

Information Management Resources

With the growing surge of risk and concern around new privacy laws, legal, compliance and information governance teams are realizing they may need to remodel their legal holds and data retention programs.