Tue.Nov 27, 2018

article thumbnail

Uber Fined $1.2 Million by EU for Breach Disclosure Delay

Data Breach Today

Credential Stuffing Attack Cracked Uber's Amazon S3 Buckets, Investigators Say Uber has been slammed with $1.2 million in fines by U.K. and Dutch privacy regulators for its cover-up of a 2016 data breach for more than a year. The breach exposed millions of drivers' and users' personal details to attackers, whom Uber paid $100,000 in hush money and for a promise to delete the stolen data.

article thumbnail

GUEST ESSAY: 5 anti-phishing training tools that can reduce employees’ susceptibility to scams

The Last Watchdog

The vast majority of cyber attacks against organizations pivot off the weakest security link: employees. The good news is that companies today have ready access to a wide variety of tools that can simulate common types of attacks and boost employee awareness. Here’s a guide to five such services. PhishMe. This tool, from Cofense, proactively engages employees via simulated attacks based on real-time threats for various phishing tactics.

Phishing 101
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Uber Fined $1.2 Million in EU for Breach Disclosure Delay

Data Breach Today

Credential Stuffing Attack Cracked Uber's Amazon S3 Buckets, Investigators Say Uber has been slammed with $1.2 million in fines by U.K. and Dutch privacy regulators for its cover-up of a 2016 data breach for more than a year. The breach exposed millions of drivers' and users' personal details to attackers, whom Uber paid $100,000 in hush money and for a promise to delete the stolen data.

article thumbnail

List of data breaches and cyber attacks in November 2018 – 251,286,753 records leaked

IT Governance

Last month I thought I’d try something new, so I focused on three stories rather than putting together a long list of breaches. It wasn’t a very popular approach. So the list is back. I count this month’s total of known leaked records to be 251,286,753. No particular stories stand out this month, but one thing I did notice is that there weren’t as many healthcare breaches as there normally are.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Phishing Scams in Healthcare: A Persistent Threat

Data Breach Today

Breach Tally Shows Hacking Attacks Involving Email Continue to Plague the Sector With the year nearly over, hacking attacks - especially those involving phishing and other email attacks - continue to rack up big victim counts for health data breaches reported to federal regulators in 2018.

Phishing 190

More Trending

article thumbnail

My Health Record Changes: Too Little, Too Late?

Data Breach Today

Amendments to the Law Seek to Douse Privacy, Security Concerns Australia's Parliament has passed legislation that strengthens privacy protections for My Health Record, the country's embattled digital medical records program. But questions remain about whether the changes go far enough to restore confidence in digital health records.

Privacy 174
article thumbnail

Experts demonstrate how to exfiltrate data using smart bulbs

Security Affairs

Security researchers with Checkmarx developed two mobile applications that abuse the functionality of smart bulbs for data exfiltration. Security researchers with Checkmarx developed two mobile applications that exploit smart bulbs features for data exfiltration. The experts used the Magic Blue smart bulbs that implement communication through Bluetooth 4.0.

article thumbnail

Using Blockchain for Authentication

Data Breach Today

In an interview, Rohas Nagpal, a chief architect at Primechain Technologies, describes how blockchain can be used for authentication and pinpoints areas where blockchain is not the ideal technology. He'll be a featured speaker at ISMG's Security Summit in Mumbai Thursday.

article thumbnail

Are You Making the Most of Office 365?

AIIM

A study (conducted by Hyperfish, Sharegate, and Nintex) found that 50% of organizations still use manual processes to enforce SharePoint governance. It doesn't have to be this way! New Office 365 capabilities allow you to automate important governance activities and core business processes. I invite you to join us for a free live event on Thursday, December 6th from 11am-3pm EST for a day of learning from information professionals who reinvented productivity by bringing together the people, proc

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Managing the Risks Posed by Automotive Smartphone Apps

Data Breach Today

Automotive smartphone apps that can be used to unlock or start a car pose new risks that must be managed, says Asaf Ashkenazi of Inside Secure, a mobile security firm, who provides risk mitigation insights.

Risk 169
article thumbnail

EDPB Publishes Guidelines on Extraterritorial Application of the GDPR

Hunton Privacy

On November 23, 2018, the European Data Protection Board (“EDPB”) published its long-awaited draft guidelines on the extraterritorial application of the EU General Data Protection Regulation (“GDPR”) (the “Guidelines”). To date, there has been a degree of uncertainty for organizations regarding the scope of the GDPR’s application outside of the EU. While the Guidelines provide some clarity on this issue, questions will remain for non-EU controllers and processors.

GDPR 93
article thumbnail

Special Counsel Robert Mueller's Endgame May Be in Sight

WIRED Threat Level

Recent developments in the special counsel investigation show indicate that things are about to heat up.

Security 112
article thumbnail

Uber fined nearly $1.2 Million by Dutch and UK Data Protection Authorities over data breach

Security Affairs

British and Dutch data protection regulators fined the ride-sharing company Uber with $1,170,892 for the 2016 data breach. British and Dutch data protection regulators have fined Uber with $1,170,892 for the 2016 security breach that exposed personal data of 57 million of its users. In November 2017, the Uber CEO Dara Khosrowshahi announced that hackers broke into the company database and accessed the personal data (names, email addresses and cellphone numbers) of 57 million of its users, the d

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

NYDFS Cybersecurity Regulations: A glimpse into the future

Thales Cloud Protection & Licensing

The cybersecurity regulation ( 23 NYCRR 500 ) adopted by the New York State Department of Financial Services (NYDFS) is nearly two years old. The 2017 bill, the first of its kind, will be fully implemented as of March 1st, 2019. Leading up to that date, companies have had to meet several milestones including hiring a CISO, encrypting all its non-public consumer data and enabling multi-factor authentication.

article thumbnail

Malicious developer distributed tainted version of Event-Stream NodeJS Module to steal Bitcoins

Security Affairs

Hacker compromised third-party NodeJS module “Event-Stream” introducing a malicious code aimed at stealing funds in Bitcoin wallet apps. The malicious code was introduced in the version 3.3.6, published on September 9 via the Node Package Manager (NPM) repository. The Event-Stream library is a very popular NodeJS module used to allow developers the management of data streams, it has nearly 2 million downloads a week.

article thumbnail

Companies 'can sack workers for refusing to use fingerprint scanners'

The Guardian Data Protection

Fair Work Commission rejects case by Queensland sawmill worker who said scanning system was a breach of his privacy Businesses using fingerprint scanners to monitor their workforce can legally sack employees who refuse to hand over biometric information on privacy grounds, the Fair Work Commission has ruled. The ruling, which will be appealed, was made in the case of Jeremy Lee, a Queensland sawmill worker who refused to comply with a new fingerprint scanning policy introduced at his work in Imb

Privacy 74
article thumbnail

At IBM Analytics, good design is not just good business

IBM Big Data Hub

IBM is well-known for its powerful legacy of design throughout the 1980s. But the company’s focus on design dimmed until Phil Gilbert stepped up to the plate in 2010 and instilled design thinking throughout the company, empowering a legion of designers. The focus on hiring talent, investing in design studios and putting an IBM stamp on design thinking has paid off with a stack of awards – including honorable mentions – for design across Hybrid Cloud products over the past year.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Five top trends for the IoT in 2019

Information Management Resources

Investments in the Internet of Things will increase in 2019, even as the term 'IoT' begins to fade. Here are five most significant trends that organizations can expect, according to Forrester Research.

IoT 76
article thumbnail

Another Microsoft MFA Outage Affects Multiple Services

Dark Reading

Once again, multifactor authentication issues have caused login problems for users across Office 365 and Azure, among other services.

article thumbnail

Zuckerberg In A Bunker

John Battelle's Searchblog

Mark Zuckerberg is in a crisis of leadership. Will he grasp its opportunity? Happier times. It seems like an eternity, but about one year ago this Fall, Uber had kicked its iconic founding CEO to the curb, and he responded by attempting a board room coup. Meanwhile, Facebook was at least a year into crisis mode, clumsily dealing with a spreading contagion that culminated in a Yom Kippur apology from CEO Mark Zuckerberg.

article thumbnail

Who's the Weakest Link in Your Supply Chain?

Dark Reading

Nearly 60% of organizations have suffered data breaches resulting from a third party, as suppliers pose a growing risk to enterprise security.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Uber fined £385,000 for data breach affecting millions of passengers

The Guardian Data Protection

Firm failed to tell 35 million users and 3.7 million drivers their data was hacked in 2016 Uber’s European operation has been fined £385,000 for a data breach that affected almost 3 million British users, the Information Commissioner’s Office has announced. In November 2016, attackers obtained credentials to access Uber’s cloud servers and downloaded 16 large files, including the records of 35 million users worldwide.

article thumbnail

8 Tips for Preventing Credential Theft Attacks on Critical Infrastructure

Dark Reading

Stolen credentials for industrial control system workstations are fast becoming the modus operandi for ICS attacks by cybercriminals.

75
article thumbnail

Amazon hit with a Data Breach right before Black Friday

Adam Levin

Amazon was hit with a data breach just days before Black Friday and Cyber Monday, the biggest shopping time of the year. The major data breach exposed names and email addresses of customers due to a technical error on their website. Amazon emailed their customers Tuesday, November 20, 2018 stating the following: “Our website inadvertently disclosed your email address or name and email address due to a technical error.

article thumbnail

New Hacker Group Behind 'DNSpionage' Attacks in Middle East

Dark Reading

Motives are not fully clear, though data exfiltration is one possibility, Cisco Talos says.

89
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Six trends challenging the factory of the future

OpenText Information Management

According to Capgemini, the factory of the future – often called the smart factory – could add $1.5 trillion in value to the global economy by 2022. Using digital technologies to transform factory operations has become imperative for every company – whether in automotive or high tech manufacture – but achieving success can be elusive. … The post Six trends challenging the factory of the future appeared first on OpenText Blogs.

article thumbnail

See the Future of Cybersecurity at Black Hat Europe

Dark Reading

New tools, techniques, and a plan for training a new generation of crack security experts are all in the cards for attendees of Black Hat Europe in London next week.

article thumbnail

Pegasus Spyware Targets Investigative Journalists in Mexico

Threatpost

Colleagues of slain Javier Valdez Cárdenas, known for investigating drug cartels, were targeted just days after his death.