ForAllSecure

OCTOBER 23, 2019

The realization that software is becoming an essential component of our everyday lives was reflected yet again in this year’s. Black Hat. Even more solutions are being touted to deal with the ever-growing exposure of software to malicious threats. Unfortunately, a lot of the solutions focus on dealing with the symptoms of our current predicament without addressing the fundamental truth - software is built insecurely despite our best efforts.

40

40

Data Breach Today

OCTOBER 23, 2019

Regulators Say Case Involved Series of Violations Federal regulators have smacked Jackson Health System with a $2.1 million civil monetary penalty for a series of HIPAA violations. The case is one of only a handful in which the nation's HIPAA enforcement agency imposed such a penalty, rather than reach a settlement. What can others learn from this case?

140

140

DXC Technology

OCTOBER 23, 2019

Ransomware attacks are showing no signs of letting up. In fact, recent research shows how these attacks are flourishing. The findings are based on more than 230,000 ransomware attack submissions, between April 1 and September 30, 2019, to antivirus firm Emsisoft and ransomware information site ID Ransomware. ID Ransomware is a site that enables anyone […].

Ransomware 74

Ransomware Security 74

Data Breach Today

OCTOBER 23, 2019

Facebook CEO Faces Questions on Privacy, Use of Libra Currency for Crimes A U.S. Congressional committee on Wednesday peppered Facebook CEO Mark Zuckerberg with tough questions about the company's plans for a cryptocurrency called Libra, raising concerns about privacy issues as well as potential use of the currency for money laundering or to finance deals for illegal drugs and weapons.

Privacy 124

Privacy 124

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

IT Governance

OCTOBER 23, 2019

The confusion around Brexit has not cleared up despite the increased urgency and ongoing discussion about what will happen and when. Scammers and attackers are using attention-grabbing headlines about Brexit to try to trick users into handing over personal data or downloading malware. Brexit is clearly a pressing issue for many organisations, but we urge you to exercise caution whenever you receive communications out of the blue relating to the UK’s departure from the EU.

Phishing 61

Phishing Security awareness Education Personal data 61

Thales Cloud Protection & Licensing

OCTOBER 23, 2019

Digital transformation (DX) is fundamentally impacting all aspects of the economy across every industry, and nowhere is this truer than in retail. DX technologies such as cloud, mobile payments, IoT, Big Data and others have fundamentally changed retailers’ business models, not only by opening new channels to reach customers, but also in how they communicate with, serve, and support them.

Retail 54

Retail Cloud Encryption Digital transformation 54

Data Breach Today

OCTOBER 23, 2019

A Customer of Cloud-Based Payment Provider Provides Some Details Billtrust, a cloud-based, business-to-business payment provider, reportedly is continuing to recover from a ransomware attack that crippled its computer systems.

Ransomware 113

Ransomware Cloud IT 113

ForAllSecure

OCTOBER 23, 2019

The realization that software is becoming an essential component of our everyday lives was reflected yet again in this year’s Black Hat. Even more solutions are being touted to deal with the ever-growing exposure of software to malicious threats. Unfortunately, a lot of the solutions focus on dealing with the symptoms of our current predicament without addressing the fundamental truth - software is built insecurely despite our best efforts.

Security 52

Security Cloud Risk IT 52

Data Breach Today

OCTOBER 23, 2019

Al Pascual, former head of fraud and security practices at Javelin Strategy & Research, has taken on a new role as COO of a start-up company, Breach Clarity, which is offering consumers a free tool to determine the severity and implications of a data breach and what steps they should take to mitigate risk.

Data breaches 113

Data breaches Risk Security 113

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Security Affairs

OCTOBER 23, 2019

Boffins disclosed a web attack technique (CPDoS attack) that can poison content delivery networks (CDNs) into caching and then serving error pages. Two researchers from the Technical University of Cologne (TH Koln) have devised a new web attack that can be used by threat actors to poison content delivery networks (CDNs) into caching and then serving error pages instead of the legitimate content.

Paper 54

Paper Access IT Security 54

Data Breach Today

OCTOBER 23, 2019

European Banking Authority Insists EU Nations Take a Consistent Approach to Migration Now that the deadline for all e-commerce card-based transactions in the EU to comply with the new PSD2 "strong customer authentication" requirement has officially been extended to Dec. 31, 2020, authorities are emphasizing the need to make a smooth, uniform migration to the new forms of authentication.

Authentication 113

Authentication 113

Security Affairs

OCTOBER 23, 2019

Flaws in Avast, AVG, and Avira Antivirus could be exploited by an attacker to load a malicious DLL file to bypass defenses and escalate privileges. Security experts at SafeBreach Labs discovered flaws in Avast, AVG, and Avira Antivirus that could be exploited by an attacker to load a malicious DLL file to bypass defenses and escalate privileges. A vulnerability in all versions of Avast Antivirus and AVG Antivirus, tracked as CVE-2019-17093, could be exploited by an attacker with administrative p

Libraries 51

Libraries Security IT Information Security 51

Data Breach Today

OCTOBER 23, 2019

Texas Resident Convicted of Hijacking Court Computers to Send Millions of Phishing Emails A Texas resident has been sentenced to 12 years in federal prison for hacking into the Los Angeles Superior Court computer system and sending out approximately 2 million phishing emails to steal hundreds of credit and payment card numbers.

Phishing 113

Phishing 113

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Dark Reading

OCTOBER 23, 2019

As cyberattacks intensify and the skills gap broadens, it's hard not to wonder how much more those in the industry can take before throwing in the towel.

IT 56

IT Cybersecurity 56

Schneier on Security

OCTOBER 23, 2019

There was a successful attack against NordVPN: Based on the command log, another of the leaked secret keys appeared to secure a private certificate authority that NordVPN used to issue digital certificates. Those certificates might be issued for other servers in NordVPN's network or for a variety of other sensitive purposes. The name of the third certificate suggested it could also have been used for many different sensitive purposes, including securing the server that was compromised in the bre

Encryption 50

Encryption Security IT 50

Daymark

OCTOBER 23, 2019

Impossible travel. Is it sending a human to Saturn or Venus? Well maybe, but in the context of Microsoft Office 365, Impossible Travel is a security feature that is a great indicator of potential hacking attempts. The concept is straightforward. If you login to Office 365 from your office in Boston and then 20 minutes later you try to login from Dallas, or you login from home in Chicago and five hours later from Beijing, Office 365 basically says “wait a minute, that’s impossible” and it denies

Security 49

Security IT Cloud 49

Security Affairs

OCTOBER 23, 2019

A Texas man found guilty of hacking the Los Angeles Superior Court (LASC) computer system and used it to send out phishing emails. A Texas man, Oriyomi Sadiq Aloba (33), was found guilty of hacking the Los Angeles Superior Court (LASC) computer system and abusing it to send out roughly 2 million phishing messages. The phishing campaign aimed at obtaining the victims’ credit card numbers.

Phishing 48

Phishing Passwords Access IT 48

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Dark Reading

OCTOBER 23, 2019

As a result of cybercrime, 69% of small organizations were forced offline for a limited time and 37% experienced financial loss.

56

56

Security Affairs

OCTOBER 23, 2019

The US FBI issued a warning for the US private sector about e-skimming attacks carried out by the Magecart cybercrime groups. The Federal Bureau of Investigation (FBI) has released an alert on e-skimming attacks. E-skimming took place when hackers compromise an e-commerce site and plant a malicious code designed to siphon payment card data or personally identifiable information (PII). “This warning is specifically targeted to small and medium-sized businesses and government agencies that

Education 45

Education Phishing Government Cloud 45

Hunton Privacy

OCTOBER 23, 2019

On October 22, 2019, the Federal Trade Commission announced that, for the first time, it has brought a case against a developer of “Stalking” Apps. The agency alleges that Retina-X Studios, and its owner, James N. Johns, Jr., developed and marketed three apps that allowed purchasers to surreptitiously monitor the movements and online activities of users of devices on which the apps were installed without the knowledge or permission of the device’s user.

Privacy 45

Privacy Manufacturing Marketing Information Security 45

IT Governance

OCTOBER 23, 2019

Clause 4.2 of ISO 27001 is titled “Understanding the needs and expectations of interested parties”. But what is an ‘interested party’? The Standard isn’t as clear as it should be, so let’s rectify that here with this simple guide. What is an interested party? An interested party is essentially a stakeholder – an individual or a group of people affected by your organisation’s activities.

Compliance 45

Compliance Information Security Data breaches Encryption 45

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Security Affairs

OCTOBER 23, 2019

The Japanese hotel chain HIS Group admitted that its in-room robots were vulnerable and could allow hackers to remotely view video footage from the devices. The personnel at the Henn na Hotel managed by the Japanese hotel chain HIS Group is composed of robots that provide hospitality services to the guests. The HIS Group hotel chain has 10 locations in Japan that used robots instead of human personnel to provide some services.

Manufacturing 45

Manufacturing Access Risk Security 45

Threatpost

OCTOBER 23, 2019

A fresh look at the penetration testing tool Metasploit reveals the 15-year old hacking tool still has some tricks up its sleeves, even against modern defenses.

IT 47

IT Security 47

Adam Levin

OCTOBER 23, 2019

Virtual Private Network provider NordVPN announced that it was the target of a successful hack last year. In a statement released on its blog, NordVPN informed users that one of its servers had been compromised in March 2018. The announcement confirmed rumors about the service that had previously been circulating on Twitter. The company placed the blame on a third-party vendor.

Data breaches 40

Data breaches Security IT 40

ForAllSecure

OCTOBER 23, 2019

The realization that software is becoming an essential component of our everyday lives was reflected yet again in this year’s Black Hat. Even more solutions are being touted to deal with the ever-growing exposure of software to malicious threats. Unfortunately, a lot of the solutions focus on dealing with the symptoms of our current predicament without addressing the fundamental truth - software is built insecurely despite our best efforts.

Security 40

Security Cloud Risk IT 40

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Adam Shostack

OCTOBER 23, 2019

I’ve spoken for over a decade against “think like an attacker” and the trap of starting to threat model with a list of attackers. And for my threat modeling book, I cataloged every serious grouping of attackers that I was able to find. And as I was reading “ 12 Ingenious iOS Screen Time Hacks ,” I realized what they’re all missing: kids.

Access 40

Access Security IT 40

ForAllSecure

OCTOBER 23, 2019

The realization that software is becoming an essential component of our everyday lives was reflected yet again in this year’s Black Hat. Even more solutions are being touted to deal with the ever-growing exposure of software to malicious threats. Unfortunately, a lot of the solutions focus on dealing with the symptoms of our current predicament without addressing the fundamental truth - software is built insecurely despite our best efforts.

Security 40

Security Cloud Risk IT 40

IG Guru

OCTOBER 23, 2019

IT leaders agree shadow IT serves as a force of innovation and productivity. End-users simply need more guidance and support. The post Maybe shadow IT isn’t so bad after all, study suggests via ZDNet appeared first on IG GURU.

IT 40

IT Risk Information governance Compliance 40