Thu.Aug 20, 2020

article thumbnail

So You Want to Build a Vulnerability Disclosure Program?

Data Breach Today

Bug Bounty Pioneer Katie Moussouris on Challenges, Sustainability, Election Security To build a successful vulnerability disclosure program, avoid thinking of it as quick-fix "bug bounty Botox," and instead focus on building positive relationships with the security community, hiring top-notch talent and "building a sustainable ecosystem," says Luta Security's Katie Moussouris.

Security 364
article thumbnail

Cruise ship operator Carnival crippled by ransomware

IT Governance

Carnival has suffered a ransomware attack, putting the personal data of both customers and staff at risk. The Florida-based cruise operator says that the incident, which was discovered on 15 August, affected the IT systems of one of its brands – which include Cunard, P&O, AIDA and Princess – although it hasn’t specified which one. In a statement , the organisation says that it “does not believe the incident will have a material impact on its business, operations or financial results”.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Medical Records Exposed via GitHub Leaks

Data Breach Today

Report: 9 Leaks Account for Exposure of PHI for at Least 150,000 Patients Never store hardcoded credentials in code uploaded to public-facing GitHub repositories, and make sure none of your business associates are doing that. Those are just two takeaways from a new report that describes how nine organizations were inadvertently exposing health records for at least 150,000 patients.

363
363
article thumbnail

What Is Enterprise Architecture (EA)? – Definition, Methodology & Best Practices

erwin

Enterprise architecture (EA) is a strategic planning initiative that helps align business and IT. It provides a visual blueprint, demonstrating the connection between applications, technologies and data to the business functions they support. In this post: What Is Enterprise Architecture? Think City Planning. Why Is Enterprise Architecture Important?

Big data 140
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Dozens Arrested in ATM Cash-Out Scheme

Data Breach Today

Suspected Fraudsters Targeted Santander Bank Branches in 3 States Dozens of suspects have reportedly been arrested in connection with an ATM cash-out scheme that targeted Santander Bank branches in New Jersey, New York and Connecticut.

315
315

More Trending

article thumbnail

How Fraudsters Are Circumventing AI-Based Prevention Efforts

Data Breach Today

Criminals are devising ways to circumvent fraud-fighting measures that use artificial intelligence, says Avivah Litan, a vice president at Gartner Research, who discusses mitigation strategies.

article thumbnail

Smart-Lock Hacks Point to Larger IoT Problems

Dark Reading

Two recent reports on smart-locks vulnerabilities show that IoT vendors have a bigger job to do in ensuring their products are safely deployed and configured.

IoT 134
article thumbnail

Experian Breach in South Africa Affects 24 Million Consumers

Data Breach Today

Data on 800,000 Businesses Also Exposed A data breach affecting the South African branch of credit reporting company Experian exposed information on 24 million consumers and almost 800,000 businesses, according to the South African Banking Risk Information Center. But Experian says no consumer credit or financial information was exposed.

article thumbnail

Experian South Africa discloses data breach, 24 million customers impacted

Security Affairs

The South African branch of consumer credit reporting agency Experian disclosed a data breach that impacted 24 million customers. The South African branch of consumer credit reporting agency Experian disclosed this week a data breach that impacted 24 million customers. The company revealed that only personal information was exposed in the data breach, no financial or credit-related information was compromised.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

IBM Finds Flaw in Millions of Thales Wireless IoT Modules

Data Breach Today

Insulin Pumps Could Be Manipulated and Smart Meters Could Be Wrecked, IBM Warns A patching effort has been underway for six months to upgrade Thales wireless communication modules that are embedded in millions of IoT devices, including insulin pumps and smart meters. Left unpatched, a vulnerability in the modules could allow attackers to control devices, IBM warns.

IoT 262
article thumbnail

Senate Bill Would Expand Facial-Recognition Restrictions Nationwide

Threatpost

The proposed law comes as police departments around the country for their use of facial recognition to identify allegedly violent Black Lives Matter protesters.

article thumbnail

CISA, FBI Warn of Malware Tied to North Korean Hackers

Data Breach Today

Joint Alert Says BlindingCan RAT Targets Defense Industry Workers The FBI and the Cybersecurity and Infrastructure Security Agency have issued a warning about a new malware strain tied to North Korean hackers that's being used in fake job posting messages sent to defense industry employees.

article thumbnail

NIST Publishes Proposed Principles for “Explainable” AI Systems

Hunton Privacy

On August 18, 2020, the U.S. National Institute of Standards and Technology (“NIST”) published a draft report, Four Principles of Explainable Artificial Intelligence (Draft NISTIR 8312 or the “Draft Report”), which sets forth four proposed principles regarding the “explainability” of decisions made by Artificial Intelligence (“AI”) systems. Explainability refers to the idea that the reasons behind the output of an AI system should be understandable.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Cisco Critical Flaw Patched in WAN Software Solution

Threatpost

Cisco has issued a fix for a critical flaw in its Virtual Wide Area Application Services (vWAAS), software for optimizing WAN on virtual private cloud infrastructure.

Cloud 110
article thumbnail

MFA Mistakes: 6 Ways to Screw Up Multifactor Authentication

Dark Reading

Fearful of messing up its implementation, many enterprises are still holding out on MFA. Here's what they need to know.

article thumbnail

Copying a Key by Listening to It in Action

Schneier on Security

Researchers are using recordings of keys being used in locks to create copies. Once they have a key-insertion audio file, SpiKey's inference software gets to work filtering the signal to reveal the strong, metallic clicks as key ridges hit the lock's pins [and you can hear those filtered clicks online here ]. These clicks are vital to the inference analysis: the time between them allows the SpiKey software to compute the key's inter-ridge distances and what locksmiths call the "bitting depth" of

IT 144
article thumbnail

e-Records 2020 Call for Presentations

The Texas Record

This year the annual e-Records conference is online! The conference dates and times are the afternoon of Wednesday, November 18 and the morning of Thursday, November 19. Our theme is Records Are Virtually Everywhere. This event is organized by the Texas State Library and Archives Commission (TSLAC) and co-sponsored with the Texas Department of Information Resources (DIR) to promote electronic records management in Texas government.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Migration to cloud content management now vital

OpenText Information Management

In the COVID-19 world, digital transformation is essential for business continuity and resilience. While modernizing cloud content management is a critical step in this transformation, new Forrester research reveals that most content today is still stored on-premises. OpenText recently commissioned a study with Forrester Consulting to explore the use of the cloud for content storage, … The post Migration to cloud content management now vital appeared first on OpenText Blogs.

Cloud 98
article thumbnail

Google fixed email spoofing flaw 7 hours after public disclosure

Security Affairs

Google addressed an email spoofing vulnerability affecting Gmail and G Suite a few hours after it was publicly disclosed. Google addressed an email spoofing vulnerability affecting its Gmail and G Suite products a few hours after it was publicly disclosed, but the IT giant was ware of the flaw since April. On Wednesday, the researcher Allison Husain published technical details of the email spoofing vulnerability in a blog post, which also includes a proof-of-concept (PoC) code.

article thumbnail

Driving operational excellence through automation in the utilities sector

DXC Technology

At a time when energy commodity prices are at all-time lows, operational excellence has become a necessity for utilities to remain competitive. Tight profit margins combined with recent significant shifts in power system supply and demand fundamentals have increased the urgency for utilities to invest in automation with an aim to achieving operational excellence.

article thumbnail

Microsoft Out-of-Band Security Update Fixes Windows Remote Access Flaws

Threatpost

The unscheduled security update addresses two "important"-severity flaws in Windows 8.1 and Windows Server 2012.

Access 121
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

MPs criticise privacy watchdog over NHS test-and-trace data

The Guardian Data Protection

UK information commissioner ‘must ensure government uses public’s data safely and legally’ Coronavirus – latest updates See all our coronavirus coverage A cross-party group of more than 20 MPs has accused the UK’s privacy watchdog of failing to hold the government to account for its failures in the NHS coronavirus test-and-trace programme. The MPs have urged Elizabeth Denham, the information commissioner, to demand that the government change the programme after it admitted failing to conduct a l

Privacy 93
article thumbnail

Twitter Hack: The Spotlight that Insider Threats Need

Dark Reading

The high profile attack should spur serious board-level conversations around the importance of insider threat prevention.

115
115
article thumbnail

Microsoft Out-of-Band security patch fixes Windows privilege escalation flaws

Security Affairs

Microsoft released an Out-of-Band security update to address privilege escalation flaws in Windows 8.1 and Windows Server 2012 R2 systems. Microsoft released this week an out-of-band security update for Windows 8.1 and Windows Server 2012 R2 systems that address two privilege escalation vulnerabilities in Windows Remote Access. Both vulnerabilities were addressed by Microsoft in August, the August 2020 Patch Tuesday security updates fixed the flaws in Windows 10, Windows 7, and Windows Server 20

article thumbnail

IBM AI-Powered Data Management Software Subject to Simple Exploit

Threatpost

A low-privileged process on a vulnerable machine could allow data harvesting and DoS.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Banks and the New Abnormal

Dark Reading

Banks have hesitated to adopt many strong security practices, and for understandable reasons. But now is the time to be bold.

article thumbnail

IBM Settles Lawsuit Over Weather Channel App Data Privacy

Threatpost

The lawsuit alleged that the IBM-owned Weather Channel mobile app did not let users know it was selling their geolocation data.

article thumbnail

Black Hat USA 2020 Musings: Weird and Wonderful Virtual Events are Here to Stay

Dark Reading

Black Hat USA 2020 was nothing like an in-person event, but it was incredibly useful for all involved, providing even the most grizzled industry veterans with fresh perspectives.

IT 73