Wed.Nov 06, 2019

IT Misconfiguration Leads to 15 Breach Reports

Data Breach Today

Letters From Texas Health Resources Hospitals Mailed to Wrong Recipients A misconfigured billing system that caused a mailing mishap affecting nearly 83,000 individuals has prompted Texas Health Resources to file 15 breach reports to federal regulators - one for each hospital involved

IT 130

NEW TECH: Silverfort deploys ‘multi-factor authentication’ to lock down ‘machine identities’

The Last Watchdog

From the start, two-factor authentication, or 2FA , established itself as a simple, effective way to verify identities with more certainty. Related: A primer on IoT security risks The big hitch with 2FA, and what it evolved into – multi-factor authentication, or MFA – has always been balancing user convenience and security.

'Soviet Tactics': Russia Tries Prisoner Swap for Hacker

Data Breach Today

Moscow Reportedly Seeks Leverage as Counter-Extradition Attempts Keep Failing What's the best way to spring your citizens from foreign jail if they've been detained on U.S. hacking charges?

130
130

The Growing Presence (and Security Risks) of IoT

Thales eSecurity

As most of us know, IoT devices are on the rise in enterprise networks. According to McKinsey & Company , the proportion of organizations that use IoT products has grown from 13 percent in 2014 to 25 percent today.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Alleged Capital One Hacker Released From Prison

Data Breach Today

Paige Thomson Will Stay in Halfway House Until Her 2020 Trial Alleged Capital One hacker Paige A. Thompson has been released from prison and will stay in a halfway house until her trial in federal court next year.

130
130

More Trending

The Malicious Macros Problem May Be Solved Soon

Data Breach Today

Using Containers, Malicious Documents Will Be Isolated in Office 365 A handful of common lures still have astounding success in compromising computers: phishing emails, malicious links and the king of them all: the malicious Microsoft Office document.

Twitter Insiders Allegedly Spied for Saudi Arabia

WIRED Threat Level

Hackers are one thing. But too few companies take the threat of an inside job seriously enough. . Security Security / Cyberattacks and Hacks

Getting Ready for the NIST Privacy Framework

Data Breach Today

By year's end, the National Institute of Standards and Technology should be ready to publish the first version of its privacy framework, a tool to help organizations identify, assess, manage and communicate about privacy risk, says NIST's Naomi Lefkovitz, who provides implementation insights

‘Camgirl’ sites expose millions of members and users

Security Affairs

Hackers compromised a network of ‘ camgirl ’ sites and exposed data belonging to millions of users and sex workers. Hackers compromised several ‘ camgirl ‘ sites and have exposed millions of sex workers and users.

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Germany: Berlin data protection authority imposes EUR 14.5 million fine for “data cemetery”

DLA Piper Privacy Matters

On 30 October 2019, the Berlin Commissioner for Data Protection and Freedom of Information ( Berliner Beauftragte für Datenschutz und Informationsfreiheit – “ Berlin DPA ”) imposed an administrative fine of about EUR 14.5

GDPR 52

A flaw in the Libarchive library impacts major Linux distros

Security Affairs

Google experts found a flaw, tracked as CVE-2019-18408, in the compression library libarchive could lead to arbitrary code execution. Google experts found a vulnerability, tracked as CVE-2019-18408, in the compression library libarchive could be exploited to execute arbitrary code. .

Desjardins Data Breach Worse Than Originally Reported

Adam Levin

The June data breach of Canadian financial institution Desjardins was wider in scope than initially reported and compromised the data of all 4.2 million of its individual members.

Pixel 1, RIP: Google Ends Support After Just Three Years

WIRED Threat Level

The original Google Pixel didn't make the cut for this month's Android security patches. . Security Security / Security News

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Great Scott! A True Story Illustrating the Importance of Ethics in Privacy and Records Management

Information Governance Perspectives

Truth is stranger than fiction… There’s a memorable scene in Back to the Future 3 where Marty receives a Western Union telegraph from Doc almost a century after it was originally mailed, warning him of events to come.

Scammers Are Exploiting a Firefox Bug to Freeze Your Browser

WIRED Threat Level

Fraudulent tech-support sites are causing the browser to lock up and display a disturbing message. Force quitting is the only way out. Security Security / Cyberattacks and Hacks

Message Sequence Charts

Adam Shostack

I was not aware that the ITU had formalized swim lane diagrams into Message Sequence Charts.

IT 52

Metadata Management, Data Governance and Automation

erwin

Can the 80/20 Rule Be Reversed? erwin released its State of Data Governance Report in February 2018, just a few months before the General Data Protection Regulation (GDPR) took effect.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Details of an Airbnb Fraud

Schneier on Security

This is a fascinating article about a bait-and-switch Airbnb fraud. The article focuses on one particular group of scammers and how they operate, using the fact that Airbnb as a company doesn't do much to combat fraud on its platform.

IT 52

AIEF Research Deadline Extended until Nov 30

IG Guru

CALL FOR RESEARCHERS – TOPIC: THIRD PARTY INFORMATION MANAGEMENT CONSIDERATIONS. The post AIEF Research Deadline Extended until Nov 30 appeared first on IG GURU. AIEF Business IG News Information Governance Record Retention Records Management Sponsored Standards Storage Research

#COBOL60: Your COBOL questions, answered – Part One

Micro Focus

At a recent Micro Focus-sponsored virtual event, more than 300 COBOL community members celebrated its 60th anniversary by posing over 90 questions to our expert panel. In the next three blogs, COBOL expert Ed Airey answers 12 of the most popular.

IT 52

Brooklyn Hospital lost patient records after a ransomware infection

Security Affairs

Another organization in the healthcare industry was a victim of a Ransomware attack, this time the victim is Brooklyn Hospital. A ransomware attack has infected several computer systems at the Brooklyn Hospital Center in New York, the organization permanently lost patient data.

The CCPA and Litigation Mitigation: What You Need to Know Before January 1

Data Matters

The California Consumer Privacy Act (CCPA) takes effect in January. Sidley’s seasoned class action practitioners anticipate the CCPA will drive a proliferation of data- and privacy-driven suits, on multiple fronts. This webinar will explore this emerging area in consumer class action litigation and highlight concrete steps businesses can take to mitigate CCPA-related risks. SIDLEY TECH FORUM WEBINAR. 2:00-3:00 p.m. EST / 11:00 a.m.-12:00 12:00 p.m. Thursday, November 21, 2019. SPEAKERS.

Episode 166: But Why, AI? ZestAI’s Quest to make Artificial Intelligence Explainable

The Security Ledger

In this episode of the podcast (#166): Jay Budzik, the Chief Technology Officer at ZestAI, joins us to talk about that company's push to make artificial intelligence decisions explainable and how his company's technology is helping to root out synthetic identity fraud. Related Stories Spotlight Podcast: Security Automation is (and isn’t) the Future of Infosec Episode 164: Who owns the Data Smart Cars collect? Also: making Passwords work.

Facebook discloses a new leak that exposes group members’ data

Security Affairs

Facebook disclosed a new security incident, the social network giant admitted that app developers may have accessed its group users’ data. Facebook disclosed another security incident, the company revealed that roughly 100 app developers may have improperly accessed users’ data in certain Facebook groups. Let’s understand how it is possible.

Google Enlists Outside Help to Clean Up Android's Malware Mess

WIRED Threat Level

The newly formed App Defense Alliance will try to solve a malware problem that has bedeviled the Play Store since inception. Security Security / Security News

University of Rochester Medical Center hit with $3M fine for breaches

Information Management Resources

The University of Rochester Medical Center has been hit with a $3 million settlement fine and a two-year corrective action plan for two technology-related breaches. HIPAA regulations Data breaches

The Files are Already Electronic, How Hard Can They Be to Load?: eDiscovery Throwback Thursdays

eDiscovery Daily

Here’s our latest blog post in our Throwback Thursdays series where we are revisiting some of the eDiscovery best practice posts we have covered over the years and discuss whether any of those recommended best practices have changed since we originally covered them.