Data Breach Today
FEBRUARY 15, 2021
States Would Join 3 Others That Have Already Enacted Laws Five states are making progress this year toward passing privacy legislation along the lines of California's Consumer Privacy Act, according to the International Association of Privacy Professionals. Here's a status report.
Krebs on Security
FEBRUARY 15, 2021
As a total sucker for anything skimming-related, I was interested to hear from a reader working security for a retail chain in the United States who recently found Bluetooth-enabled skimming devices placed over top of payment card terminals at several stores. Interestingly, these skimmers interfered with the terminal’s ability to read chip-based cards, forcing customers to swipe the stripe instead.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Data Breach Today
FEBRUARY 15, 2021
Supply Chain Attack Likely Continues, He Tells '60 Minutes' More than 1,000 developers likely worked on rewriting code for the massive SolarWinds supply chain attack that affected many companies and U.S. government agencies, Microsoft President Brad Smith said in a Sunday interview, pointing out the attack is most likely continuing.
The Last Watchdog
FEBRUARY 15, 2021
Cybersecurity training has steadily gained traction in corporate settings over the past decade, and rightfully so. In response to continuing waves of data breaches and network disruptions, companies have made a concerted effort and poured substantial resources into promoting data security awareness among employees, suppliers and clients. Safeguarding data in workplace settings gets plenty of attention.
Advertisement
Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.
Data Breach Today
FEBRUARY 15, 2021
Business Associate Breaches Affect Millions Many of the major health data breaches added to the federal tally so far this year involve business associates, continuing a trend in recent years. The largest of those is an incident reported by a children's health and dental insurance plan provider involving a website hosting vendor.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Data Breach Today
FEBRUARY 15, 2021
Bitcoin Tracking Identified Members of Egregor Operation, French Media Reports Individuals suspected of providing hacking, logistical and financial support to the Egregor ransomware-as-a-service operation have been arrested by police in Ukraine as part of a joint operation with French cybercrime police coordinated by Europol, according to a French media report.
Security Affairs
FEBRUARY 15, 2021
Microsoft says it found 1,000-plus developers’ fingerprints on the SolarWinds attack. Microsoft’s analysis of the SolarWinds supply chain attack revealed that the code used by the threat actors was the work of a thousand developers. Microsoft president Brad Smith provided further details about the investigation of the SolarWinds supply chain attack, the company’s analysis of the malicious code involved in the hack suggests it was the work of a thousand developers.
Data Breach Today
FEBRUARY 15, 2021
Incident Occurred After System Admin Granted Unauthorized Access Russian-Dutch multinational e-commerce company Yandex sustained a data breach in which 4,887 customer accounts were compromised after an employee with systems admin privileges gave unauthorized access to attackers.
Data Protection Report
FEBRUARY 15, 2021
It has been some months since we wrote about the ePrivacy Regulation and some years since the first draft was proposed. Since then, we have seen numerous delays in achieving an agreed form of legislation, caused in part by strong views on how privacy and confidentiality shape the development of electronic communications services and passionate industry lobbying by both the AdTech industry and privacy organisations.
Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage
Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.
Data Breach Today
FEBRUARY 15, 2021
SentinelOne and Tenable Also Make Notable Acquisitions Security firms Herjavec Group, SentinelOne and Tenable were all involved in merger and acquisition activity this past week, continuing a consolidation wave within the cybersecurity industry.
Security Affairs
FEBRUARY 15, 2021
French agency ANSSI attributes a series of attacks targeting Centreon servers to the Russia-linked Sandworm APT group. The French security agency ANSSI is warming of a series of attacks targeting Centreon monitoring software used by multiple French organizations and attributes them to the Russia-linked Sandworm APT group. The first attack spotted by ANSSI experts dates back to the end of 2017 and the campaign continued until 2020.
Data Breach Today
FEBRUARY 15, 2021
Julie Conroy of Aite Group and Shai Cohen and Lee Cookman of TransUnion analyze a new report that explains why synthetic identity fraud poses a long-term threat.
Schneier on Security
FEBRUARY 15, 2021
At the virtual Engima Conference , Google’s Project Zero’s Maggie Stone gave a talk about zero-day exploits in the wild. In it, she talked about how often vendors fix vulnerabilities only to have the attackers tweak their exploits to work again. From a MIT Technology Review article : Soon after they were spotted, the researchers saw one exploit being used in the wild.
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
WIRED Threat Level
FEBRUARY 15, 2021
A French security agency warns that the destructively minded group has exploited an IT monitoring tool from Centreon.
Schneier on Security
FEBRUARY 15, 2021
The US Cyber Command has released a series of ten Valentine’s Day “Cryptography Challenge Puzzles.” Slashdot thread. Reddit thread. (And here’s the archived link, in case Cyber Command takes the page down.).
IG Guru
FEBRUARY 15, 2021
Joe Shepley, PhD, CIPP/US present Information ArchitectureWhat is Information Architecture and why does your company need one?What approaches for building an Information Architecture? Which one is the right one for your organization?What tools are available to help build manage and maintain Information Architecture?What are some tactical, valuable next steps for Information Architecture at your organization?
Security Affairs
FEBRUARY 15, 2021
VMware released security patches for a potentially serious vulnerability affecting the vSphere Replication product. VMware has recently released security patches to address a serious command injection vulnerability, tracked as CVE-2021-21976 , in its vSphere Replication product. VMware vSphere Replication is an extension to VMware vCenter Server that provides hypervisor-based virtual machine replication and recovery. vSphere Replication is an alternative to storage-based replication. .
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
Adam Shostack
FEBRUARY 15, 2021
Abhay Bhargav has a really excellent post on Better OKRs for Security through Effective Threat Modeling. I really like how he doesn’t complain about the communication issues between security and management, but offers up a concrete suggestion for improvement. Key quote: “Effective Threat Modeling by itself can ensure that your OKRs and AppSec Program are not only in great tactical shape, but also help define a strategic roadmap for your AppSec Program.” I like the post so much
Threatpost
FEBRUARY 15, 2021
The number of people being targeted by fake relationship-seekers has spiked during the COVID-19 pandemic.
Dark Reading
FEBRUARY 15, 2021
Users' distrust of corporate security teams is exposing businesses to unnecessary vulnerabilities.
CILIP
FEBRUARY 15, 2021
Chartership - a new route for KM practitioners. Rory Huston is Global Head of Knowledge for engineering consultancy, Cundall. He was one of the first Knowledge Management professionals to sign up for CILIP?s new KM Chartership and here he speaks to Rob Green about how and why he decided to invest in his professional development by becoming a Chartered KM practitioner.
Advertisement
“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.
The Security Ledger
FEBRUARY 15, 2021
In this episode of the Security Ledger Podcast (#203) we talk about the apparent hack of a water treatment plant in Oldsmar Florida with Frank Downs of the firm BlueVoyant. In our second segment: is infosec’s lack of diversity a bug or a feature? Tennisha Martin of Black Girls Hack joins us to talk about the many obstacles that black women face. Read the whole entry. » Related Stories Episode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware!
Information Matters
FEBRUARY 15, 2021
The FT has reported that Brussels looks likely to allow data to continue to flow freely between the EU and UK. This follows the European Commission’s draft decision on the Read more. The post Data flows between UK and EU to continue appeared first on Information Matters.
Dark Reading
FEBRUARY 15, 2021
Consumer banks, exchanges, payment firms, and card issuing companies around the globe were among those hit.
IG Guru
FEBRUARY 15, 2021
In many offices, IM policies are long and confusing, and no one reads them. Worse, they often sound like angry parents scolding naughty children. Adults bristle at disrespectfully worded statements, making compliance a battle. The reality is that the policy writers wanted to sound strict rather than disrespectful, but they paid more attention to the […].
Advertisement
If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.
Dark Reading
FEBRUARY 15, 2021
Have a new idea, a lesson learned, or a call to action for your fellow cybersecurity professionals? Here's how to submit your Commentary pieces to Dark Reading.
Information Matters
FEBRUARY 15, 2021
The British Venture Capital Association (BVCA) has published guidelines offering practical advice and best practice suggestions for investors on diversity and inclusion in their investments. Aimed at investors in all Read more. The post BVCA publishes guidelines on diversity and inclusion in investment industry appeared first on Information Matters.
Security Affairs
FEBRUARY 15, 2021
An international operation conducted in Ukraine and France lead to the arrest of criminals believed to be affiliated with the Egregor RaaS. Some affiliated with the Egregor RaaS , not the main ransomware gang, have been arrested as a result of a joint operation conducted by law enforcement in Ukraine and France. Authorities did not reveal the name of the suspects, according to France media the suspects are in contact with Egregor ransomware operators and provided logistical and financial support
Expert insights. Personalized for you.
314 
Let's personalize your content