Fri.Jul 24, 2020

article thumbnail

Thinking of a Cybersecurity Career? Read This

Krebs on Security

Thousands of people graduate from colleges and universities each year with cybersecurity or computer science degrees only to find employers are less than thrilled about their hands-on, foundational skills. Here’s a look at a recent survey that identified some of the bigger skills gaps, and some thoughts about how those seeking a career in these fields can better stand out from the crowd.

article thumbnail

Garmin Tight-Lipped About Cause of Outage

Data Breach Today

Some Employees Reportedly Say Ransomware Likely Involved Garmin has not yet announced what caused an outage of its Garmin Connect fitness tracking service as well as its website. But some employees reportedly are attributing the outage to ransomware.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Rise of the Robots: How You Should Secure RPA

Dark Reading

Robotic Process Automation (RPA) is the next big thing in innovation and digital strategy. But what security details are overlooked in the rush to implement bots?

Security 120
article thumbnail

NSA, CISA Warn of Threats to US Critical Infrastructure

Data Breach Today

Remote Access by Decentralized Workforce Creates Risks The NSA and CISA issued a joint warning that U.S. critical infrastructure is increasingly becoming a hacking target and organizations need to guard against attacks. The alert notes that remote access to OT systems by a decentralized workforce creates risk.

Risk 291
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Spanish state-owned railway infrastructure manager ADIF infected with ransomware

Security Affairs

ADIF, a Spanish state-owned railway infrastructure manager under the responsibility of the Ministry of Development, was hit by REVil ransomware operators. Administrador de Infraestructuras Ferroviarias (ADIF) , a Spanish state-owned railway infrastructure manager was hit by REVil ransomware operators. ADIF ( Administrador de Infraestructuras Ferroviarias ) is charged with the management of most of Spain’s railway infrastructure, that is the track, signaling and stations.

More Trending

article thumbnail

EDPB Publishes FAQs on Implications of the Schrems II Case

Hunton Privacy

On July 24, 2020, the European Data Protection Board (the “EDPB”) published a set of Frequently Asked Questions (the “FAQs”) on the judgment of the Court of Justice of the European Union (the “CJEU”) in the Schrems II case ( case C-311/18 ). In its judgment, the CJEU concluded that the Standard Contractual Clauses (the “SCCs”) issued by the European Commission for the transfer of personal data to data processors established outside of the EU are valid, but it struck down the EU-U.S.

article thumbnail

COVID-19: The Impact of 'Uncontrolled Spread'

Data Breach Today

Pandemic Expert Regina Phelps on Virus Trends, Vaccine Trials and How to Plan Realistically for 2021 Trending Better. Caution Warranted. Trending Poorly. Uncontrolled Spread. These are the four categories on the latest COVID-19 U.S. map. Pandemic expert Regina Phelps explains how the latest trends should guide our plans for business, education and healthcare in the fall.

Education 213
article thumbnail

Russia's GRU Hackers Hit US Government and Energy Targets

WIRED Threat Level

A previously unreported Fancy Bear campaign persisted for well over a year—and indicates that the notorious group has broadened its focus.

article thumbnail

How Criminals Are Using PPE as a Money-Laundering Tool

Data Breach Today

Sizing Up Emerging Fraud Trends During the COVID-19 Crisis Money launderers are devising new tactics during the COVID-19 pandemic. For example, some are coming up with ways to use personal protective equipment, or PPE, as a form of currency, says Debra Geister, CEO of Section 2 Financial Intelligence Solutions.

201
201
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Resilience and innovation in the face of insecurity

OpenText Information Management

Switch knows data. As a world leader in data center ecosystems with 100% uptime, the Las Vegas company powers connection and safeguards data for Amazon, Disney, Google and other global enterprises. When it came to protecting and accessing its own data for legal requests and investigations common to all large companies, Switch faced some challenges. … The post Resilience and innovation in the face of insecurity appeared first on OpenText Blogs.

Access 105
article thumbnail

Medical Devices: Mitigating Cyber Risks

Data Breach Today

As ransomware and other cyberattacks on healthcare organizations surge, the potential risks to medical devices are growing, says Kelly Rozumalski, director of secure connected health initiatives at the consulting firm Booz Allen Hamilton, who discusses risk mitigation efforts.

Risk 159
article thumbnail

EDPB Publishes FAQs on Recent Schrems II Judgment

Data Matters

On July 23, 2020, the European Data Protection Board (the “ EDPB ”) published a set of important responses to a set of 12 frequently asked questions put forward to supervisory authorities regarding the recent Court of Justice of the European Union (“ CJEU ”) decision in Case C-311/18 – Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems (“ Schrems II ”) (“ FAQs ”).

article thumbnail

Hackers Target UK Sports Sector to Steal Millions

Data Breach Today

Report Describes Vulnerabilities in Sports Organizations' Cybersecurity A Premier League football club that was one of many UK sports organizations targeted by cybercriminals over the last 12 months was nearly bilked out of $1.2 million in a business email compromise scam, according to a new report that describes a variety of cyber schemes.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

CVE-2020-3452 flaw in Cisco ASA/FTD exploited within hours after the disclosure

Security Affairs

Cisco fixed CVE-2020-3452 high-severity path traversal flaw in its firewalls that can be exploited by remote attackers to obtain sensitive files from the targeted system. Cisco addressed a high-severity path traversal vulnerability in its firewalls, tracked as CVE-2020-3452, that can be exploited by remote attackers to obtain potentially sensitive files from the targeted system.

IT 103
article thumbnail

NSA Urgently Warns on Industrial Cyberattacks, Triconex Critical Bug

Threatpost

Power plants, factories, oil and gas refineries and more are all in the sights of foreign adversaries, the U.S. warns.

article thumbnail

Twitter revealed that hackers accessed DM Inboxes in July attack

Security Affairs

Twitter confirmed that hackers accessed the direct message (DM) inboxes of some of the accounts that were recently compromised. Last week, the social media giant Twitter revealed that hackers compromised 130 accounts in the attack that took place on July 15 and downloaded data from eight of them. Attackers breached a number of high-profile accounts, including those of Barak Obama, US presidential candidate Joe Biden, Amazon CEO Jeff Bezos, Bill Gates, Elon Musk, Uber, and Apple.

Access 93
article thumbnail

The future of business: How to work from anywhere

Jamf

In the webinar, The Future of Business: How to Work from Anywhere , we'll help you make technology decisions today that strengthen your business tomorrow.

97
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Email Security Features Fail to Prevent Phishable 'From' Addresses

Dark Reading

The security features for verifying the source of an email header fail to work together properly in many implementations, according to a team of researchers.

Security 131
article thumbnail

Malicious ‘Blur’ Photo App Campaign Discovered on Google Play

Threatpost

Twenty-nine bad mobile apps with a combined 3.5 million downloads bombard users with out-of-context ads.

Security 113
article thumbnail

Banning TikTok Won't Solve Our Privacy Problems

Dark Reading

Preventing the use of an apps based solely on its country of origin (no matter how hostile) is merely a Band-Aid that won't fully address all privacy and security concerns.

Privacy 94
article thumbnail

Weekly Update 201

Troy Hunt

I love this setup! A huge amount of research went into this but the PC, screens, cameras lights and all the other bits are working really well together. I did my first interview with this setup today and I think I'm actually going to be sticking with the mood lighting for most on-video events now: Fun @InfosecWhiskey interview this morning. I’m running with this lighting setup, just a couple of Hue Go lights and the screens, a beautiful pic from the camera setup.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Remote Work Could Help Cybersecurity's Diversity Problem - But Will It?

Dark Reading

Job market data from the second quarter suggests there are increasing opportunities for women and minorities in the world of remote work, but long-standing biases may provide resistance.

article thumbnail

NYDFS Files First Cybersecurity Enforcement Action

Hunton Privacy

On Wednesday, July 22, the New York Department of Financial Services (the “NYDFS”) announced that it had filed administrative charges against First American Title Insurance Co. under the NYDFS Cybersecurity Regulation , marking the agency’s first enforcement action since the rules went into effect in March 2017. The Statement of Charges (the “Statement”) alleges that First American failed to fix a vulnerability on its public-facing website, resulting in the exposure of millions of documents cont

article thumbnail

DJI Drone App Riddled With Privacy Issues, Researchers Allege

Threatpost

The DJI GO 4 application open users’ sensitive data up for the taking, researchers allege.

Privacy 108
article thumbnail

Update on NIST's Post-Quantum Cryptography Program

Schneier on Security

NIST has posted an update on their post-quantum cryptography program: After spending more than three years examining new approaches to encryption and data protection that could defeat an assault from a quantum computer, the National Institute of Standards and Technology (NIST) has winnowed the 69 submissions it initially received down to a final group of 15.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Garmin Takes App & Services Offline After Suspected Ransomware Attack

Dark Reading

Wearables company Garmin shut down its website, app, call centers, and other services in the aftermath of a security incident.

article thumbnail

BlueZone Web: Multi-factor authentication

Rocket Software

With the COVID-19 pandemic remodelling the global IT workforce to a ‘work from home’ approach, CTO’s from all sectors are now asking questions about how secure their critical business applications actually are. . It’s no secret that major data breaches cost corporations millions of dollars and leaves them with a tarnished reputation. In 2018, the largest fine imposed for a high-profile data breach was British Airways shelling out £183 Million due to customers affected by ‘Poor Security Arrangeme

article thumbnail

Access to Internal Twitter Admin Tools Is Widespread

Dark Reading

More than 1,000 individuals have access to tools that could have aided the attackers in the recent Twitter attack on high-profile accounts.

Access 81