Data Breach Today
SEPTEMBER 25, 2020
CISA: Hacker Apparently Exploited VPN Vulnerabilty The U.S. Cybersecurity and Infrastructure Security Agency has issued a report describing how a threat actor apparently used a well-known VPN vulnerability and compromised Office 365 credentials to gain administrative privileges to a federal agency's network.
Krebs on Security
SEPTEMBER 25, 2020
John Bernard , the subject of a story here last week about a self-proclaimed millionaire investor who has bilked countless tech startups , appears to be a pseudonym for John Clifton Davies , a U.K. man who absconded from justice before being convicted on multiple counts of fraud in 2015. Prior to his conviction, Davies served 16 months in jail before being cleared of murdering his wife on their honeymoon in India.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Data Breach Today
SEPTEMBER 25, 2020
Tribune Publishing Co. Employees Outraged at Phishing Test Teasing a Bonus Training employees to resist phishing emails is key to preventing compromises. But an exercise run by Tribune Publishing Co. created a searing backlash after its phishing exercise tempted employees with bogus bonuses in a year in which they had already endured financial hardships.
Data Matters
SEPTEMBER 25, 2020
After three years of discussions and in a final debate, the Swiss parliament has agreed on the final draft bill of a new and modernized data protection law. In particular, the National Council and the Council of States found a compromise on the these outstanding issues: Definition of the term “profiling” (Article 4 (f) and (fbis) nDPA): The two chambers followed the suggestion of the Council of States to introduce “high risk profiling” in addition to normal “profiling”.
Advertisement
Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.
Data Breach Today
SEPTEMBER 25, 2020
Campaign Designed to Steal Credentials A recently uncovered phishing campaign used the European Union's General Data Protection Regulation as a lure to steal login credentials. The campaign enticed victims with subject lines indicating their email security system was not in compliance with the law, according to Area 1 Security.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Data Breach Today
SEPTEMBER 25, 2020
Lack of Cybersecurity Leadership, Direction Cited by Government Watchdog The U.S. Government Accountability Office is urging Congress to pass legislation to reestablish the White House cybersecurity coordinator role, to coordinate the government's response to online attacks and other cybersecurity challenges facing the nation.
Security Affairs
SEPTEMBER 25, 2020
According to SAM Seamless Network , over 200,000 businesses are using Fortigate VPN with default settings, exposing them to the risk of a hack. In response to the spreading of Coronavirus across the world, many organizations deployed VPN solutions, including Fortigate VPN, to allow their employers to work from their homes. The configuration of the VPN solutions is important to keep organizations secure and to avoid dangerous surprises.
Data Breach Today
SEPTEMBER 25, 2020
Penalty Is Second Largest Ever Issued Premera Blue Cross has agreed to pay a $6.85 million fine, the second largest HIPAA settlement ever announced by federal regulators. The case stems from a 2014 breach, which went undetected for nine months and exposed the information of 10.
Security Affairs
SEPTEMBER 25, 2020
Cisco patched 34 high-severity flaws affecting its IOS and IOS XE software, some of them can be exploited by a remote unauthenticated attacker. Cisco on Thursday released security patches for 34 high-severity vulnerabilities affecting its IOS and IOS XE software. The IT giant issued 25 advisories as part of the September 2020 semiannual IOS and IOS XE Software Security Advisory Bundled Publication.
Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage
Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.
Data Breach Today
SEPTEMBER 25, 2020
Latest Social Media Crackdown Comes As FBI Issues Fresh Warning on Election Interference Facebook is again cracking down on fake accounts and pages linked to a Russian IRA troll farm or the country's military intelligence units that were being used for disinformation campaigns. Meanwhile, the FBI issued a fresh warning that threat actors are attempting to target U.S. voting infrastructure.
Security Affairs
SEPTEMBER 25, 2020
Cybersecurity and Infrastructure Security Agency (CISA) revealed that a hacker breached a US federal agency and exfiltrated data. Cybersecurity and Infrastructure Security Agency (CISA) revealed that a hacker breached a US federal agency and threat actors exfiltrated data. CISA published a detailed incident report related to the incident but didn’t disclose the name of the hacked agency.
Data Breach Today
SEPTEMBER 25, 2020
Attacks Targeting 'Zerologon' Vulnerability Spotted in the Wild Microsoft and the Cybersecurity and Infrastructure Security Agency have issued warnings that a critical vulnerability in Windows Server dubbed "Zerologon" is being actively exploited in the wild. They urge users to immediately apply an available partial patch.
Security Affairs
SEPTEMBER 25, 2020
Twitter is warning developers that their API keys, access tokens, and access token secrets may have been exposed in a browser’s cache. Twitter is sending emails to developers to warn them that their API keys, access tokens, and access token secrets may have been exposed in a browser’s cache. According to the social media firm, the browser used by developers may have cached the sensitive data while accessing certain pages on developer.twitter.com.
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
Data Breach Today
SEPTEMBER 25, 2020
The latest edition of the ISMG Security Report features an analysis on why criminals continue to use darknet markets, despite the risks. Also featured: Hackers target Virgin Mobile KSA; coping with COVID-19 stress.
Security Affairs
SEPTEMBER 25, 2020
Polish police dismantled a major group of hackers that was behind several criminal activities, including ransomware attacks, and banking fraud. Polish authorities have dismantled a major hacker group that was involved in multiple cybercrime activities, including ransomware attacks, malware distribution, SIM swapping, banking fraud, running rogue online stores, and even making bomb threats at the behest of paying customers.
Data Breach Today
SEPTEMBER 25, 2020
Many Vendors of Illegal Drugs, Weapons, Hacking Tools Prefer Markets With so many cybercrime markets continuing to disappear, why haven't encrypted messaging apps stepped in to fill the gap? They might seem to be the perfect solution to admins stealing buyers' and sellers' cryptocurrency - via an exit scam - or police infiltration. But encrypted apps have their own downsides.
Dark Reading
SEPTEMBER 25, 2020
The wide variety of devices attached to the Internet of Things offers a rich target for purveyors of ransomware.
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
Threatpost
SEPTEMBER 25, 2020
Privacy fears are blasting off after Amazon's Ring division unveiled the new Always Home Cam, a smart home security camera drone.
Dark Reading
SEPTEMBER 25, 2020
Until all domain controllers are updated, the entire infrastructure remains vulnerable, the DHS' CISA warns.
Threatpost
SEPTEMBER 25, 2020
An APT group has started heavily relying on cloud services like Azure Active Directory and OneDrive, as well as open-source tools, to obfuscate its attacks.
Dark Reading
SEPTEMBER 25, 2020
The dream of RASP is to empower applications to protect themselves. How close do current implementations get to living the dream? Here's what to know.
Advertisement
“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.
The Guardian Data Protection
SEPTEMBER 25, 2020
Exclusive: proposed rewriting of data protection rules said to put vital cooperation in doubt A radical “pro-tech” plan championed by Dominic Cummings to rewrite Britain’s data protection laws is endangering future cooperation with the EU worth billions to the British economy, Brussels has warned. The government’s newly published national data strategy, promising a “transformation” long sought by Boris Johnson’s chief adviser and the former Vote Leave director, has sparked concern at a sensitive
Dark Reading
SEPTEMBER 25, 2020
At next week's virtual Black Hat Asia, threat intelligence pros will discuss the threats local organizations should prioritize and how they can prepare.
IG Guru
SEPTEMBER 25, 2020
NAGARA’s 2020 Fall Online Forum: ARCHIVES! has been pre-approved for 5.0 CEUs by ARMA International, 5.0 ARCs from ACA, and 5.0 CMPs from ICRM. There’s no better way to maintain your certifications than by attending the 2020 Fall Online Forum! Join us Friday, October 30, 2020 as we celebrate American Archives Month with this one-day virtual event, designed to be enjoyed from the comfort and safety of […].
Dark Reading
SEPTEMBER 25, 2020
Application security in a DevOps world takes more than great teamwork among security, developers, and operations staff.
Advertisement
If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.
Hunton Privacy
SEPTEMBER 25, 2020
In an op-ed recently published by The Richmond Times-Dispatch , former Governor of Virginia and Global Strategy Advisor of the Centre for Information Policy Leadership at Hunton Andrews Kurth Terry McAuliffe discusses why a U.S. federal privacy law is essential to economic recovery in the wake of the COVID-19 pandemic. McAuliffe highlights how the U.S., unlike other countries, lacks a comprehensive privacy law.
Threatpost
SEPTEMBER 25, 2020
The client's default configuration for SSL-VPN has a certificate issue, researchers said.
Schneier on Security
SEPTEMBER 25, 2020
The founder and CEO of the Internet security company NS8 has been arrested and “charged in a Complaint in Manhattan federal court with securities fraud, fraud in the offer and sale of securities, and wire fraud.” I admit that I’ve never even heard of the company before.
Expert insights. Personalized for you.
330 
Let's personalize your content