Wed.Dec 11, 2019

article thumbnail

Toys “R” Us Is Back—Now With More Surveillance!

WIRED Threat Level

Reports about the toy store using cameras to track shoppers caused an uproar, but the companies behind the tech insist their systems are trained to ignore kids.

Privacy 78
article thumbnail

5 Tips for Keeping Your Security Team on Target

Dark Reading

In nearly every security environment, competing priorities are a constant battleground. Here's how to keep the focus on what's important.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Don’t gift cyber attackers access to your organisation this Christmas

IT Governance

Stock up on sprouts, hang the decorations and prepare for a barrage of cyber attacks, because the Christmas season is in full swing. December is a busy time for cyber criminals, as they look to take advantage of understaffed IT departments and employees who are distracted by tight deadlines, Christmas parties and the upcoming break. Let’s take a look at some of the most common mistakes organisations make and how to address them.

Access 95
article thumbnail

The Great $50M African IP Address Heist

Krebs on Security

A top executive at the nonprofit entity responsible for doling out chunks of Internet addresses to businesses and other organizations in Africa has resigned his post following accusations that he secretly operated several companies which sold tens of millions of dollars worth of the increasingly scarce resource to online marketers. The allegations stemmed from a three-year investigation by a U.S.

Marketing 169
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Intel Chips Vulnerable to 'Plundervolt' Attack

Data Breach Today

Dropping Voltage to CPUs Can Force Sensitive Data Disclosure Intel issued a firmware update on Tuesday to mitigate an attack developed by researchers, dubbed Plundervolt, which uses voltage fluctuations to reveal secrets such as encryption keys. The findings are the latest bad news for Intel as researchers have dug deep into its chip architecture.

More Trending

article thumbnail

Health Data Breach Tally: Trends in 2019

Data Breach Today

Hacking Attacks, Business Associate Incidents Were Common The federal tally of health data breaches shows that hacking attacks and incidents involving business associates dominated this year. Here's an analysis of all the latest trends.

article thumbnail

Unsecured AWS bucket exposes over 750,000 birth certificate applications

Security Affairs

A massive data leak made the headlines, over 750,000 birth certificate applications have been exposed online due to an unsecured AWS bucket. Penetration testing firm Fidus Information Security discovered over 752,000 birth certificate applications that have been exposed online due to an unsecured AWS bucket. . The huge trove of personal data has been exposed online by an unnamed company that allows its customers to get copies of their birth and death records from state governments in the United

article thumbnail

Joker's Stash Celebrates Turkey Day With Stolen Card Data

Data Breach Today

Fraudsters Invited to Dine Out on 460,000 Stolen Turkish Payment Cards The notorious Joker's Stash carder marketplace has recently listed for sale 460,000 records, including four "Turkey-Mix" batches that feature never-before-seen payment card data that traces to Turkey's 10 largest banks, says cybersecurity firm Group-IB.

Sales 173
article thumbnail

Microsoft fixes CVE-2019-1458 Windows Zero-Day exploited in NK-Linked attacks

Security Affairs

Microsoft’s December 2019 Patch Tuesday updates fix a total of 36 flaws, including CVE-2019-1458 Windows zero-day exploited in North Korea-linked attacks. Microsoft’s December 2019 Patch Tuesday updates address a total of 36 flaws, including a Windows zero-day, tracked as CVE-2019-1458 exploited in attacks linked to North Korea. The vulnerability could be exploited to execute arbitrary code in kernel mode. “An elevation of privilege vulnerability exists in Windows when the Win32k component

Sales 62
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Five Charged in $722 Million Cryptomining Ponzi Scheme

Data Breach Today

Prosecutors: Defendants Falsely Promised Big Returns The Justice Department has charged five individuals with running a high-tech Ponzi scheme that allegedly fleeced investors out of $722 million by falsely promising clients big returns as part of a cryptomining operation.

147
147
article thumbnail

More than 460,000 payment card details offered for sale on a black market

Security Affairs

More than 455,000 Turkish payment card details are available for sale on a popular forum. Group-IB , a Singapore-based cybersecurity company that specializes in preventing cyberattacks, has detected a massive upload of debit and credit card records mostly related to the largest Turkish banks on one of the most popular underground cardshops. More than 460,000 records in total were uploaded between Oct. 28 and Nov. 27.

Sales 61
article thumbnail

McAfee Considers Purchase of NortonLifeLock: Report

Data Breach Today

Former Symantec Consumer Business Unit Continues to Attract Interest McAfee's ownership team is exploring a deal to acquire NortonLifeLock, the renamed, publicly traded firm that was formerly the consumer and small business security division of Symantec, according to the Wall Street Journal, which cites "people familiar with the matter.

Security 147
article thumbnail

Seniors Targeted in Penny Stock Scam

Security Affairs

A penny stock is a security issued by a small company, generally for less than $5 per share, let’s see how crooks attempt to exploit them for scam s. A penny stock is a security issued by a small company, generally for less than $5 per share. They’re also sometimes called micro-cap or nano-cap stocks. The low price per share makes penny stocks attractive.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Data Leak Exposes Birth Certificate Info of 750k

Adam Levin

The personal data of more than 752,000 applicants filed to obtain copies of birth and death certificates was found on an unprotected Amazon Web Services database. . The leaked data has been tracked back to a company that provides the online request forms for copies of birth and death certificates to state governments. States contracting with the company include California, New York, and Texas.

article thumbnail

PlunderVolt attack hijacks Intel SGX Enclaves by tweaking CPU Voltage

Security Affairs

A team of researchers devised a new attack technique, dubbed PlunderVolt, to hijack Intel SGX enclave by tweaking CPU voltage. A group of security researchers (Kit Murdock, David Oswald, Flavio D Garcia (The University of Birmingham) , Jo Van Bulck, Frank Piessens ( imec -DistriNet, KU Leuven) , Daniel Gruss (Graz University of Technology) ) demonstrated a new attack technique, dubbed PlunderVolt, to hijack the Intel SGX enclave by tweaking.

article thumbnail

The Next Security Silicon Valley: Coming to a City Near You?

Dark Reading

The high cost of doing business in California's San Francisco Bay Area is just one factor driving infosec companies - established and and startups, alike - to pursue their fortunes elsewhere. Here's where many are going.

article thumbnail

What is Cloud Storage and How Does It Work?

Record Nations

When it comes to digital storage, the cloud continues to prevail as an essential part of the process. Cloud storage is a secure way to digitally store files online, and it’s composed of a network of servers which allows you to gain access from anywhere. There are many other storage options, including hard drives, flash […]. The post What is Cloud Storage and How Does It Work?

Cloud 52
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Conversations with Everteam Leadership: JD Sillion on the unexpected opportunities in privacy protection and regulatory requirements

Everteam

As another year draws to a close, Everteam is taking stock of some of the biggest information governance challenges facing our community. As we learned in Part One of an interview with Everteam Chief Revenue Officer JD Sillion, regulations like GDPR, CCPA, and NYDFS have changed consumer expectations, spawned new business practices, and put a premium on privacy protection.

Privacy 52
article thumbnail

Software Converges with Hardware: Infosource Acquires HSA

Info Source

Leading research firm Infosource expands its breadth with the acquisition of Harvey Spencer Associates. November 19, 2019 (Geneva, Switzerland) – Document hardware market research firm Infosource today announced the acquisition of Harvey Spencer Associates Inc. (HSA), the premier market analyst company for the worldwide Capture Software market. The result is a leading analyst firm covering the breadth of the document hardware and software markets worldwide.

article thumbnail

Insights from information governance practitioners

OpenText Information Management

It’s no secret that “real world” needs and implementations are often very different than hypothetical, “perfect world” simulations. Information governance is often presented as a broad set of challenges; automating the process requires that practitioners move from a solid IT foundation for compliance and risk management to capture, security compliance, and reporting solutions.

article thumbnail

Keys to bridging the IT gender gap

DXC Technology

Today’s global technology industry evolves and moves forward almost daily. But one thing hasn’t changed: women continue to be underrepresented in the IT workforce. What really causes this ongoing gender imbalance, and what can be done to reduce it? The IT gender gap persists—and it may be growing. According to McKinsey, the percentage of female […].

IT 49
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Iran announced it foiled ‘really massive’ foreign cyber attack

Security Affairs

Iran telecommunications minister announced that the Islamic republic had recently thwarted a “highly organized cyber attack” targeting government infrastructure. The Iranian telecommunications minister Mohammad Javad Azari Jahromi, announced today that the Islamic Republic had recently thwarted a “highly organized cyber attack” targeting its government infrastructure.

IT 50
article thumbnail

5 trends that will shape AI investments in 2020

Information Management Resources

So, what do business leaders need to watch out for in 2020? Despite my earlier caveats, let’s try to predict how AI might impact your business in the year ahead.

article thumbnail

Nation-State Attackers May Have Co-opted Vega Ransomware

Dark Reading

The tactics used by the latest version of the Vega cryptolocker program indicates the code may have been stolen from its authors and is now being used for destructive attacks, a new report suggests.

article thumbnail

Modern Intel CPUs Plagued By Plundervolt Attack

Threatpost

The Intel attack uses a similar technique that gamers commonly use to overclock their CPUs.

56
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Intel Issues Fix for 'Plundervolt' SGX Flaw

Dark Reading

Researchers were able to extract AES encryption key using SGX's voltage-tuning function.

article thumbnail

Episode 171: Stopping the 21st Century’s Plumbers – Defending Digital Campaigns from Hackers

The Security Ledger

In this week’s episode of the podcast (#171): as voters go to the polls in the UK and primaries loom here in the U.S., we sit down with Michael Kaiser, the CEO of a new group: Defending Digital Campaigns and Joel Wallenstrom, the CEO of secure collaboration platform Wickr to discuss efforts to extend an information security lifeline to. Read the whole entry. » Related Stories Episode 170: Cyber Monday is for Hackers Spotlight Podcast: Two Decades On, Trusted Computing Group tackles IoT Inse

IoT 40
article thumbnail

Google Chrome Now Automatically Alerts Users on Compromised Passwords

Dark Reading

A series of security enhancements seek to protect users from phishing and warn them when credentials have been compromised.