Data Breach Today
NOVEMBER 10, 2020
Investigators Find Encryption, Monitoring, Logging and Whitelisting Failures Inadequate database and privileged account monitoring, incomplete multi-factor authentication and insufficient use of encryption: Britain's privacy regulator has cited a raft of failures that contributed to the four-year breach of the Starwood guest reservation system discovered by Marriott in 2018.
Krebs on Security
NOVEMBER 10, 2020
It’s bad enough that many ransomware gangs now have blogs where they publish data stolen from companies that refuse to make an extortion payment. Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up. On the evening of Monday, Nov. 9, an ad campaign apparently taken out by the Ragnar Locker Team began appearing on Facebook.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Data Breach Today
NOVEMBER 10, 2020
Found Guilty on 18 Charges Tied to Theft From Retail Platform A former Microsoft software engineer has been sentenced to nine years in prison after being found guilty on 18 criminal charges in connection with the theft of more than $10 million through the company's online retail platform.
Krebs on Security
NOVEMBER 10, 2020
Adobe and Microsoft each issued a bevy of updates today to plug critical security holes in their software. Microsoft’s release includes fixes for 112 separate flaws, including one zero-day vulnerability that is already being exploited to attack Windows users. Microsoft also is taking flak for changing its security advisories and limiting the amount of information disclosed about each bug.
Advertisement
Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.
Data Breach Today
NOVEMBER 10, 2020
Josh Magri of the Cyber Risk Institute Describes Enhancements to 'Cyber Profile' The Cyber Risk Institute this week is releasing a new version of its "Cyber Profile" risk assessment framework for the financial services industry that includes expanded information on third-party risk and cloud security. Institute founder, Josh Magri, describes the updates.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Security Affairs
NOVEMBER 10, 2020
Ransomware operators use fake Microsoft Teams updates to deploy Cobalt Strike and compromise the target networks. Ransomware operators are using malicious fake Microsoft Teams updates to deliver backdoors that lead the installation of the Cobalt Strike post-exploitation tool and compromise the target network. The ongoing COVID-19 pandemic is forcing a growing number of organizations and businesses in using videoconferencing solutions, and threat actors are attempting to exploit this scenario.
Schneier on Security
NOVEMBER 10, 2020
Over at Lawfare: “ 2020 Is An Election Security Success Story (So Far).” What’s more, the voting itself was remarkably smooth. It was only a few months ago that professionals and analysts who monitor election administration were alarmed at how badly unprepared the country was for voting during a pandemic. Some of the primaries were disasters.
Threatpost
NOVEMBER 10, 2020
Microsoft warns that cybercriminals are using Cobalt Strike to infect entire networks beyond the infection point, according to a report.
Adam Levin
NOVEMBER 10, 2020
The personal information of technology and culture website Mashable.com users has been discovered in a leaked database online. Mashable announced the leak late November 8, in an announcement on its website. “[W]e learned that a hacker known for targeting websites and apps had posted a copy of a Mashable database to the internet.The types of data in the database included first and last names, general location (such as city or country), email addresses, gender, date of registration, IP addresses,
Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage
Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.
The Guardian Data Protection
NOVEMBER 10, 2020
Special rapporteur on racism and xenophobia believes there is a misconception that biosurveillance technology is without bias Robotic lie detector tests at European airports, eye scans for refugees and voice-imprinting software for use in asylum applications are among new technologies flagged as “troubling” in a UN report. The UN’s special rapporteur on racism, racial discrimination, xenophobia and related intolerance, Prof Tendayi Achiume, said digital technologies can be unfair and regularly b
Security Affairs
NOVEMBER 10, 2020
Adobe addressed vulnerabilities in its Reader Mobile and Connect products, none of them is rated as critical severity. Adobe has released security patches to address vulnerabilities in its Reader Mobile and Connect products. “Adobe has published security bulletins for Adobe Connect ( APSB20-69 ) and Adobe Reader Mobile ( APSB20-71 ). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin.” reads the
Threatpost
NOVEMBER 10, 2020
Developers will have to reveal how data is shared with any “third-party partners,” which include analytics tools, advertising networks, third-party SDKs or other external vendors.
OpenText Information Management
NOVEMBER 10, 2020
Organizations are increasingly looking for ways to allow workers to securely access information and drive processes from any location and on any device. With the new release of OpenText™ Documentum™ CE 20.4, we’ve made security, productivity, and process improvements across the Documentum platform to help people can get their job done wherever they are working. … The post What’s new in OpenText Documentum CE 20.4 appeared first on OpenText Blogs.
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
Security Affairs
NOVEMBER 10, 2020
Multiple critical vulnerabilities affecting the Ultimate Member plugin could be easily exploited to potentially takeover up to 25K websites. Multiple critical vulnerabilities in the Ultimate Member plugin could be easily exploited to take over websites, the issue potentially impact up to 100K installs. The Ultimate Member WordPress plugin allows admins to easily manage membership to their websites assigning custom privileges for various user roles. “On October 23, 2020, our Threat Intellig
OpenText Information Management
NOVEMBER 10, 2020
With the shift to remote work environments, Life Sciences organizations need a way to provide their workers with secure and compliant access to highly regulated content that is stored on-premises. This is especially critical as pharmaceutical companies continue to bring life-saving therapies to patients, including many who are racing to test the safety and effectiveness … The post What’s new in OpenText Life Sciences Smart View 20.4 appeared first on OpenText Blogs.
Security Affairs
NOVEMBER 10, 2020
Security researchers discovered today an npm package that contains malicious code designed to steal sensitive Discord and browser files. Sonatype researcher Ax Sharma discovered an npm package, dubbed discord.dll , that contains malicious code designed to steal sensitive files from a user’s browsers and Discord application. The malicious JavaScript library was uploaded to the npm packet repository and has been already removed.
Hunton Privacy
NOVEMBER 10, 2020
On November 9, 2020, the Federal Trade Commission announced it had entered into an consent agreement (the “Proposed Settlement”) with Zoom Video Communications, Inc. (“Zoom”) to settle allegations that the video conferencing provider engaged in a series of unfair and deceptive practices that undermined the security of its user base, which, according to the FTC, has grown from 10 million users in December 2019 to 300 million in April 2020 during the COVID-19 pandemic.
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
Security Affairs
NOVEMBER 10, 2020
Researchers from Kaspersky Lab spotted a new Android banking Trojan, dubbed Ghimob, that is able to steal data from 112 financial Apps. Ghimob is a new Android banking Trojan discovered by Kaspersky that is able to steal data from 112 financial apps. In July, cybersecurity researchers from Kaspersky Lab have detailed four different families of Brazilian banking trojans, tracked as Tetrade , that have targeted financial institutions in Brazil, Latin America, and Europe.
IT Governance
NOVEMBER 10, 2020
The EU GDPR (General Data Protection Regulation) requires certain organisations to appoint a DPO (data protection officer) to help them comply with the Regulation. However, a shortage of DPOs means many organisations are appointing staff to act as DPOs without the proper level of expertise, experience or qualifications. The GDPR stipulates that DPOs should have appropriate experience and qualifications to fulfil the role.
Threatpost
NOVEMBER 10, 2020
Retail bots are helping scalpers scoop up PS5, Xbox Series X inventory and charge massive markups.
Dark Reading
NOVEMBER 10, 2020
Zscaler says attacks involving the use of SSL/TLS encryption jumped 260% in the first nine months of 2020 compared to the same period last year.
Advertisement
“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.
Threatpost
NOVEMBER 10, 2020
Intel released 40 security advisories in total, addressing critical- and high-severity flaws across its Active Management Technology, Wireless Bluetooth and NUC products.
Dark Reading
NOVEMBER 10, 2020
With ransomware on the rise, more organizations are opting to purchase cyber insurance -- tipping off criminals about how much to demand for access back to pilfered systems and data.
Threatpost
NOVEMBER 10, 2020
A banking trojan is targeting mobile app users in Brazil - and researchers warn that its operator has big plans to expand abroad.
Dark Reading
NOVEMBER 10, 2020
Protecting mobile apps requires a multilayered approach with a mix of cybersecurity measures to counter various attacks at different layers.
Advertisement
If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.
Threatpost
NOVEMBER 10, 2020
Remote code execution vulnerabilities dominate this month’s security bulletin of warnings and patches.
Dark Reading
NOVEMBER 10, 2020
Successful technology integration, post-merger, is tricky in any market, and never more so than with today's remote work environments and distributed IT infrastructure.
Data Matters
NOVEMBER 10, 2020
Sidley associate Michael R. Roberts is the author of “Mobile Technologies and COVID-19: A Primer on Fighting the Virus with Cell Phones,” an article published in the Fall 2020 issue of Infrastructure , a quarterly publication of the American Bar Association’s Infrastructure and Regulated Industries Section. The article was also featured on the American Bar Association’s website homepage.
Expert insights. Personalized for you.
363 
Let's personalize your content