Thu.Jan 16, 2020

article thumbnail

Phishing Today, Deepfakes Tomorrow: Training Employees to Spot This Emerging Threat

Dark Reading

Cybercriminals are evolving their tactics, and the security community anticipates voice and video fraud to play a role in one of the next big data breaches -- so start protecting your business now.

article thumbnail

Alarming Trend: More Ransomware Gangs Exfiltrating Data

Data Breach Today

Criminals Increasingly Leak Stolen Data to Force Bitcoin Payoff As if ransomware wasn't already bad enough, more gangs are now exfiltrating data from victims before leaving systems crypto-locked. Seeking greater leverage against non-paying victims, Maze and Sodinokibi attackers are not just threatening to leak stolen data; they're also following through.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Twitter axes Grindr following “insane violation” of user privacy

IT Governance

Twitter has suspended the dating app Grindr from its ad platform after discovering ‘insane violations’ of the GDPR (General Data Protection Regulation). According to a study by the NCC (Norwegian Consumer Council), Grindr shared significant amounts of sensitive personal data with advertisers without the explicit consent of users. The app’s “vague” privacy policy skirted the GDPR’s requirements about sharing information with third parties, and appeared to shift accountability for data processing

Privacy 52
article thumbnail

Satan Ransomware Reborn to Torment Businesses

Threatpost

A hellish mix of features shows the 5ss5c ransomware to be the son of Satan.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Congress Hears Warnings of Iranian Cyberthreats

Data Breach Today

Experts Tell House Committee Federal Agencies Must Shore Up Defenses Iranian-led disinformation campaigns and other cyberthreats against the U.S. are likely to surge in the aftermath of Iranian Major General Qasem Soleimani's death, security and political experts told a House committee Wednesday. That's why federal agencies need to shore up their defenses.

Security 147

More Trending

article thumbnail

Senators Field Legislation to Build Huawei 5G Alternatives

Data Breach Today

Proposed Fund Would Drive More Than $1 Billion Into Western-Based Alternatives One gaping hole in the U.S. government's push to counter Chinese-built 5G telecommunications gear remains the lack of alternatives. But a bipartisan group of senators is seeking a $1 billion fund to create trusted, Western-built options.

article thumbnail

Breaking Down Brazil’s 1st Data Protection Law

Data Matters

* This article first appeared in Law360 on January 14, 2020. After two years in the Brazilian Congress, the General Law of Data Protection was signed on Aug. 18, 2018, by then Brazilian President, Michel Temer, who also signed an executive order (Medida Provisória n. 869, from Dec. 27, 2018). Read More. The post Breaking Down Brazil’s 1st Data Protection Law appeared first on Data Matters Privacy Blog.

Privacy 88
article thumbnail

Cloud Security: Overcoming Roadblocks

Data Breach Today

While secure coding has always been an imperative, in a cloud-based environment, BMC Software's Rick Bosworth says it is especially critical since the liability does not rest with cloud services providers for secure configuration.

Cloud 113
article thumbnail

A Windows 10 Vulnerability Was Used to Rickroll the NSA and Github

WIRED Threat Level

A researcher demonstrated the attack less than a day after Microsoft disclosed one of the most critical Windows vulnerabilities ever. .

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Two PoC exploits for CVE-2020-0601 NSACrypto flaw released

Security Affairs

Researchers published proof-of-concept (PoC) code exploits for a recently-patched CVE-2020-0601 flaw in the Windows operating system reported by NSA. Security researchers have published two proof-of-concept (PoC) code exploits for the recently-patched CVE-2020-0601 vulnerability that has been reported to Microsoft by the US National Security Agency (NSA).

article thumbnail

Scale data strategies globally with IBM Cloud Pak for Data and CockroachDB

IBM Big Data Hub

Cloud Pak for Data, IBM’s leading data and AI platform, partners with Cockroach to solve multicloud and compliance challenges so organizations can scale their data strategies across the globe.

Cloud 76
article thumbnail

The case for. cities where you're the sensor, not the thing being sensed

The Guardian Data Protection

Imagine your smartphone knew everything about the city – but the city didn’t know anything about you. Wouldn’t that be ‘smarter’ than our current surveillance dystopia? Guardian Cities is concluding with ‘The case for.”, a series of opinion pieces exploring options for radical urban change. Read our editor’s farewell here “Smart city” is one of those science fiction phrases seemingly designed to make you uneasy, like “neuromarketing” or “pre-crime”.

IT 75
article thumbnail

Hundreds of million users installed Android fleeceware apps from Google Play

Security Affairs

Security experts from Sophos discovered 25 Android apps on the official Google Play that were involved in financial fraud, 600 million affected. Security researchers from Sophos discovered a set of so-called fleeceware apps that have been installed by more than 600 million Android users. Fleeceware apps are malicious applications uploaded to the official Google Play Store that were involved in fraudulent activities, these apps offer a short free trial period and if users don’t cancel the “subscr

Risk 70
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

This Apple-FBI Fight Is Different From the Last One

WIRED Threat Level

In 2016, the iPhone encryption debate ended in a draw. Don't count on 2020's scuffle over the Pensacola shooter's devices to play out the same way.

article thumbnail

Critical auth bypass issues affect InfiniteWP Client and WP Time Capsule WordPress plugins

Security Affairs

WP Time Capsule and InfiniteWP WordPress plugins are affected by security flaws that could be exploited to take over websites running the popular CMS. Experts at security firm WebArx have ethically disclosed vulnerabilities in WP Time Capsule and InfiniteWP plugins, both were patched earlier this month by the developer Revmakx. The flaws in WP Time Capsule and InfiniteWP WordPress plugins could be exploited to take over websites running the popular CMS that are more than 320,000. “ we foun

CMS 69
article thumbnail

Cryptographic Excitement

Adam Shostack

In the last few days, we’ve seen two big stories in the realm of cryptography. The first is that SHA-1 breaks are now practical , and those practical breaks impact things like PGP and git. If you have code that depends on SHA-1, its time to fix that. If you have a protocol that uses SHA1, you need to rapidly version cycle. Thinking a bit more strategically, SHA-1 was designed by the NSA, and published in 1993.

article thumbnail

With International Tensions Flaring, Cyber Risk is Heating Up for All Businesses

Dark Reading

Risks of nation-state attacks go beyond Iran, and the need for awareness and security don't stop at any national border.

Risk 79
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Expert released PoC exploits for recently disclosed Cisco DCNM flaws

Security Affairs

A researcher has publicly released some proof-of-concept (PoC) exploits and technical details for flaws in Cisco’s Data Center Network Manager (DCNM). Early this month, Cisco released security updates for its Cisco’s Data Center Network Manager (DCNM) product that address several critical and high-severity vulnerabilities. All the vulnerabilities were reported to Cisco through Trend Micro’s Zero Day Initiative (ZDI) and Accenture’s iDefense service by the security researcher Steven Seeley of So

article thumbnail

New Attack Campaigns Suggest Emotet Threat Is Far From Over

Dark Reading

Malware described by the DHS as among the worst ever continues to evolve and grow, researchers from Cisco Talos, Cofense, and Check Point Software say.

63
article thumbnail

CNIL Publishes Draft Recommendations on How to Get Users’ Consent for Cookies

Hunton Privacy

On January 14, 2020, the French Data Protection Authority (the “CNIL”) published its draft recommendations on the practical modalities for obtaining users’ consent to store or read non-essential cookies and similar technologies on their devices (the “Recommendations”). The CNIL also published a set of questions and answers on the Recommendations (“FAQs”).

Privacy 58
article thumbnail

Consultation paper published on Hong Kong’s data protection law

Data Protection Report

Written by Partner Anna Gamvros and Associate Libby Ryan, both based in the Hong Kong office. Earlier this week, Hong Kong’s Panel on Constitutional Affairs (the Panel ) released its discussion paper ( LC Paper. No. CB(2) 512/19-20(03 ) (the Paper ) seeking views on changes to Personal Data (Privacy) Ordinance (Cap.486) (the PDPO ). The Paper was released as part of an agenda for the upcoming Panel meeting which will be held on Monday, 20 th January 2020, and follows proposals by the Privacy Com

Paper 56
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

PoC Exploits Published For Microsoft Crypto Bug

Threatpost

Two proof-of-concept exploits were publicly released for the major Microsoft crypto-spoofing vulnerability.

article thumbnail

2020: The year of digital products

Information Management Resources

The convergence of advanced tech that ushered in the era of digital business continues to develop at accelerated rates. By 2030, this tech evolution will have reshaped every product we use today.

article thumbnail

Securing Tiffany's Move

Schneier on Security

Story of how Tiffany & Company moved all of its inventory from one store to another. Short summary: careful auditing and a lot of police.

article thumbnail

Top trends to expect in cloud computing, data science and AI

Information Management Resources

Last year could be referred to as the year of the cloud. In 2020, however, cloud deployments will become more popular as organizations look to reap the benefits of hybrid-cloud models.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Critical Cisco Flaws Now Have PoC Exploit

Threatpost

The flaws affect a key tool for managing its network platform and switches.

IT 59
article thumbnail

Record Manager and Employee awarded $4 Million to settle whistle-blower lawsuit in California via SF Chronicle

IG Guru

December 17, 2019 – Two employees complained and won a lawsuit over records were being destroyed in violation of federal and California law. “Their complaints to superiors were met with retaliation and records were destroyed” according to the article. Check out the full article here. The post Record Manager and Employee awarded $4 Million to settle whistle-blower lawsuit in California via SF Chronicle appeared first on IG GURU.

article thumbnail

Consultation paper published on Hong Kong’s data protection law

Data Protection Report

Written by Partner Anna Gamvros and Associate Libby Ryan, both based in the Hong Kong office. Earlier this week, Hong Kong’s Panel on Constitutional Affairs (the Panel ) released its discussion paper ( LC Paper. No. CB(2) 512/19-20(03 ) (the Paper ) seeking views on changes to Personal Data (Privacy) Ordinance (Cap.486) (the PDPO ). The Paper was released as part of an agenda for the upcoming Panel meeting which will be held on Monday, 20 th January 2020, and follows proposals by the Privacy Com

Paper 40