Wed.Mar 14, 2018

article thumbnail

US Power Company Fined $2.7 Million Over Data Exposure

Data Breach Today

Grid Regulator Says Company Left Critical Data Exposed for 70 Days A U.S. power company, unnamed by regulators, has been fined a record $2.7 million for violating energy sector cybersecurity regulations after sensitive data - including cryptographic information for usernames and passwords - was exposed online for 70 days.

Passwords 162
article thumbnail

WhatsApp sharing user data with Facebook would be illegal, rules ICO

The Guardian Data Protection

Data protection watchdog forces firm to sign an undertaking declaring it will not share user data with parent company before GDPR The UK’s data protection watchdog has concluded that WhatsApp’s sharing of user data with its parent company Facebook would have been illegal. The messaging app was forced to pause sharing of personal data with Facebook in November 2016, after the Information Commissioner’s Office said it had cause for concern.

GDPR 89
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

AMD Chipset Flaws Are Real, But Experts Question Disclosure

Data Breach Today

Was AMD Ambushed? A set of vulnerabilities in AMD chipsets that gives attackers enduring persistence on machines appears to be legitimate. But experts are questioning the motivations of the Israeli security company that found the flaws, contending it ambushed AMD to maximize attention.

Security 133
article thumbnail

The 600+ Companies PayPal Shares Your Data With

Schneier on Security

One of the effects of GDPR -- the new EU General Data Protection Regulation -- is that we're all going to be learning a lot more about who collects our data and what they do with it. Consider PayPal, that just released a list of over 600 companies they share customer data with. Here's a good visualization of that data. Is 600 companies unusual? Is it more than average?

GDPR 82
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Managing Business Risks in the Cloud

Data Breach Today

As more data moves to the cloud, and cyberattacks multiply, organizations need to adopt an alternate paradigm of security, says Nikhil V. Bagalkotkar, a virtualization specialist at Citrix, who describes a new approach.

Cloud 100

More Trending

article thumbnail

The practical steps for conducting a data flow audit

IT Governance

A data flow is a transfer of information from one location to another. To keep track of this information, organisations should consider data flow mapping. The process will help an organisation identify key gaps and the necessary steps to establish what data it has and where it flows to. Organisations need to be aware of what data they process and ensure it is processed in accordance with the law.

article thumbnail

Immersive Insights: Better data through AR

IBM Big Data Hub

Augmented reality (AR) and augmented intelligence systems such as Watson are breaking data outside the confines of a two-dimensional monitor and putting them into a three-dimensional visualization format. Big Data and Analytics Hub spoke with IBM AR designer Ben Resnick about what’s next for Immersive Insights and how data visualization will improve business intelligence for enterprise decision makers.

article thumbnail

GDPR and Brexit: what will happen?

IT Governance

By the time the 31 March 2019 Brexit deadline comes around, the EU General Data Protection Regulation (GDPR) will have been effective for more than ten months. What will happen after then has been one of the many mysteries of Brexit, but in August 2017 the UK government proposed data protection laws that would transfer the GDPR into UK law after it leaves the EU.

GDPR 64
article thumbnail

Just Trip Over Them

Gimmal

Today is a sad day – when we learned of the passing of renowned physicist and author, Stephen W. Hawking. Most of us know of him through his guest appearances on popular television programs or through some book we had to read in college.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

A Secure Enterprise Starts with a Cyber-Aware Staff

Dark Reading

An attack doesn't have to be super high-tech to cause a lot of damage. Make sure your employees know how to spot an old-fashioned phishing campaign.

article thumbnail

Phishing emails and malicious attachments responsible for 34% of cyber attacks

IT Governance

A recent F-Secure report has found that phishing emails (16%) and malicious attachments (18%) together accounted for 34% of cyber attacks. Analysing past incident response investigations, F-Secure also found that 55% of all attacks were targeted and 45% were opportunistic. The gaming and public-sector industries were mostly affected by targeted attacks, whereas the insurance and telecom industries mostly suffered opportunistic attacks.

article thumbnail

77% of Businesses Lack Proper Incident Response Plans

Dark Reading

New research shows security leaders have false confidence in their ability to respond to security incidents.

article thumbnail

New POS Malware PinkKite Takes Flight

Threatpost

Researchers shed light on a newly discovered family of point of sale malware that is extremely small in size and adept at siphoning credit card numbers from POS endpoints.

Sales 55
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis

Dark Reading

Researchers at Black Hat Asia will demonstrate a new framework they created for catching and studying Apple MacOS malware.

68
article thumbnail

New Web-Based Malware Distribution Channel ‘BlackTDS’ Surfaces

Threatpost

Researchers highlight a privately held traffic distribution system tool for malware called BlackTDS that lowers the bar to entry for threat actors.

article thumbnail

The Sainsbury Archive chooses Preservica to create new cloud-based digital archive

Preservica

Preservica’s active digital preservation platform selected to future-proof unique digital assets that document nearly 150 years of corporate, brand and retail history. Oxford, London UK and Boston MA, March 14 2018: The Sainsbury Archive, which charts the growth and history of one of the UK’s largest supermarkets, has chosen Preservica’s AWS cloud-hosted digital preservation platform to actively preserve invaluable digital assets relating to the company’s operations.

article thumbnail

Insider Trading Charges Brought Against CIO for Post-Breach Trading

Hunton Privacy

On March 14, 2018, the Department of Justice and the Securities and Exchange Commission (“SEC”) announced insider trading charges against a former chief information officer (“CIO”) of a business unit of Equifax, Inc. According to prosecutors, the CIO exercised options and sold his shares after he learned of a cybersecurity breach and before that breach was publicly announced.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

How to Interpret the SEC's Latest Guidance on Data Breach Disclosure

Dark Reading

Forward-looking organizations should view this as an opportunity to reevaluate their cybersecurity posture and install best practices that should have already been in place.

article thumbnail

Hogan Lovells Represents Sears in Achieving First-Ever Modification to FTC Privacy Consent Order

HL Chronicle of Data Protection

The FTC has approved the first-ever petition to reopen and modify a privacy-related consent order. The petition , filed by Sears Holdings Management Corporation, sought to amend the terms of Sears’ 2009 consent order (the “Order”), which settled allegations that Sears did not adequately disclose the extent to which desktop software it distributed collected information from consumers.

Privacy 40
article thumbnail

New Hosted Service Lowers Barriers to Malware Distribution

Dark Reading

BlackTDS is a traffic distribution service for directing users to malware and exploit kits based on specific parameters.

53
article thumbnail

3 ways CIOs can get off to a good start with the chief digital officer

Information Management Resources

If CDOs are managing digital technology projects and all things software-related, what does that mean for the chief information officer? Opportunity.

50
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

SEC Charges Former Equifax Exec with Insider Trading

Dark Reading

CIO of a US business unit within Equifax had reportedly learned of the company's data breach and sold his shares for nearly $1 million.

article thumbnail

ALSP – Not Just Your Daddy’s LPO, Part Three: eDiscovery Trends

eDiscovery Daily

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems. He has also been a great addition to our webinar program, participating with me on several recent webinars. Tom also wrote a terrific four part informational overview on Europe’s General Data Protection Regulation (GDPR) titled eDiscovery and the GDPR: Ready or Not, Here it Comes (and participated with me on a webcast on the same topic) and wrote another te

article thumbnail

Medical Apps Come Packaged with Hardcoded Credentials

Dark Reading

A trio of static accounts in EMR and billing software from DocuTrac can lead to serious vulnerabilities in sensitive data bases.

45
article thumbnail

Protecting data from the most common insider threats

Information Management Resources

Nearly one-third of all data breaches in 2017 were due to internal sources. Security expert Mike McKee discusses the top reasons for this and what organizations can do to reduce their risks.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Segmentation: The Neglected (Yet Essential) Control

Dark Reading

Failure to deploy measures to contain unauthorized intruders is a recipe for digital disaster.

48
article thumbnail

Is blockchain a game-changer for revolutionizing IT infrastructure?

Information Management Resources

Using this technology, traditional data flows would be transformed because data integrity could never be accidentally or maliciously altered.

article thumbnail

Electric Utility Hit with Record Fine for Vulnerabilities

Dark Reading

An unnamed power company has consented to a record fine for leaving critical records exposed.

44