Mon.May 20, 2019

article thumbnail

Lack of Secure Coding Called a National Security Threat

Data Breach Today

The lack of secure coding is a pervasive and serious threat to national security, according to a new paper from the Institute for Critical Infrastructure Technology. In an interview, Rob Roy, co-author of the report, outlines what steps should be taken to encourage or enforce secure coding practices.

Security 270
article thumbnail

MY TAKE: Android users beware: Google says ‘potentially harmful apps’ on the rise

The Last Watchdog

Even if your company issues you a locked-down smartphone, embracing best security practices remains vital Our smartphones. Where would we be without them? Related Q&A: Diligence required of Android users If you’re anything like me, making a phone call is the fifth or sixth reason to reach for your Android or iPhone. Whichever OS you favor, a good portion of the key components that make up your digital life — email, texting, social media, shopping, banking, hobbies, and work duties — now rout

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

DHS Reportedly Warns of Chinese-Made Drones Stealing Data

Data Breach Today

Drones May Be Sending Data Back to China, According to News Reports The Department of Homeland Security is warning that Chinese-made drones could be sending sensitive data back to their manufacturers, where it can be accessed by the government, according to news reports.

article thumbnail

Linux kernel privilege escalation flaw CVE-2019-11815 affects RDS

Security Affairs

Experts discovered a privilege escalation vulnerability in the Linux Kernel, tracked as CVE-2019-11815, that affects the implementation of RDS over TCP. Experts discovered a memory corruption vulnerability in Linux Kernel that resides in the implementation of the Reliable Datagram Sockets (RDS) over TCP. The vulnerability tracked as CVE-2019-11815 could lead to privilege escalation, it received a CVSS base score of 8.1.

Cleanup 106
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Whistleblower Everett Stern: 'Do the Right Thing'

Data Breach Today

"If You See Something, Say Something' Applies to Banks, Money Laundering It's been nearly seven years since HSBC was fined $1.9 billion by U.S. authorities for money laundering violations involving international drug cartels. But Everett Stern, the former employee who blew the whistle on the bank, continues to tell his story because he believes similar criminal activity is ongoing.

IT 189

More Trending

article thumbnail

Phishing: Mitigating Risk, Minimizing Damage

Data Breach Today

In Wake of Recent Incidents, Experts Offer Insights on Critical Steps to Take As phishing attacks continue to menace healthcare and other business sectors, security experts say organizations must take critical steps to prevent falling victim and help limit the potential damage.

Phishing 208
article thumbnail

Chronicle experts spotted a Linux variant of the Winnti backdoor

Security Affairs

Security researchers from Chronicle, Alphabet’s cyber-security division, have spotted a Linux variant of the Winnti backdoor. Security experts from Chronicle, the Alphabet’s cyber-security division, have discovered a Linux variant of the Winnti backdoor. It is the first time that researchers found a Linux version of the backdoor user by China-linked APT groups tacked as Winnti.

article thumbnail

Salesforce Says Permissions Bungle Almost Fixed

Data Breach Today

Users Briefly Had Read/Write Access to Other Profiles Salesforce says it has nearly recovered from a botched database update that wiped out user permissions within its Pardot marketing management product on Friday. The error allowed Salesforce users access to previously restricted profiles.

Marketing 166
article thumbnail

Data belonging to Instagram influencers and celebrities exposed online

Security Affairs

A new data leak made the headlines, a database containing the contact information of millions of Instagram influencers , celebrities and brand accounts has been found online. The news was first reported by the TechCrunch website, a database was left unprotected on an AWS bucket, anyone was able to access it without authentication. The unprotected database was discovered by the security researcher Anurag Sen that immediately reported its discovery to TechCrunch in an effort to find the owner.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

The Concept of "Return on Data"

Schneier on Security

This law review article by Noam Kolt, titled " Return on Data ," proposes an interesting new way of thinking of privacy law. Abstract: Consumers routinely supply personal data to technology companies in exchange for services. Yet, the relationship between the utility (U) consumers gain and the data (D) they supply -- "return on data" (ROD) -- remains largely unexplored.

article thumbnail

Financial Sector Under Siege

Dark Reading

The old take-the-money-and-run approach has been replaced by siege tactics such as DDOS attacks and land-and-expand campaigns with multiple points of persistence and increased dwell time.

76
article thumbnail

4 Easy Steps to Break into the IT Field

ITPro.TV

So, you’ve been considering it for a while, and you’ve decided to take that leap of faith and break into the IT field. Great! Information technology is an ever-evolving field with numerous specializations that are in very high demand. According to research from Fosster, the top 10 most in-demand IT jobs all have salaries in the 6-figure range. So, as the title … Continue reading 4 Easy Steps to Break into the IT Field → The post 4 Easy Steps to Break into the IT Field appeared first

IT 74
article thumbnail

Windows 10 Update Bricks PCs, Microsoft Offers Workarounds

Threatpost

A glitch in Microsoft's Windows 10 update is causing systems to freeze after users tried to use the System Reboot function. Luckily, workarounds exist.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

How a Manufacturing Firm Recovered from a Devastating Ransomware Attack

Dark Reading

The infamous Ryuk ransomware slammed a small company that makes heavy-duty vehicle alternators for government and emergency fleet. Here's what happened.

article thumbnail

Defiant Tech firm who operated LeakedSource pleads guilty

Security Affairs

The Royal Canadian Mounted Police (RCMP), announced that the company behind LeakedSource, Defiant Tech Inc., pleads guilty in Canada. Defiant Tech Inc., the company behind the LeakedSource.com website, pleaded guilty in Canada. The LeakedSource website was launched in late 2015, in January 2017 the popular data breach notification website has been raided by feds.

article thumbnail

DHS Warns of Data Theft via Chinese-Made Drones

Dark Reading

The drones are reportedly built with parts that can compromise organizations' data and share it on a server accessible to the Chinese government.

article thumbnail

Political Parties Still Have Cybersecurity Hygiene Problems

WIRED Threat Level

Three years after the DNC hack, a new report finds that political parties around the world have ongoing security flaws that leave them vulnerable to attack.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

7 Signs of the Rising Threat of Magecart Attacks in 2019

Dark Reading

Magecart attacks continue to grow in momentum. Here are the stats and stories that show what's behind the mayhem.

83
article thumbnail

Slack Bug Allows Remote File Hijacking, Malware Injection

Threatpost

An attacker can supply a malicious hyperlink in order to secretly alter the download path for files shared in a Slack channel.

Cloud 76
article thumbnail

Killer SecOps Skills: Soft Is the New Hard

Dark Reading

The sooner we give mindsets and tool sets equal bearing, the better. We must put SOC team members through rigorous training for emergency situations.

71
article thumbnail

Salesforce Woes Linger as Admins Clean Up After Service Outage

Threatpost

An accidental permissions snafu caused a massive outage for all Salesforce customers that continues to affect some businesses.

Access 74
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Black Hat Q&A: Bruce Schneier Calls For Public-Interest Technologists

Dark Reading

Ahead of his 2019 Black Hat USA talk, cybersecurity luminary Bruce Schneier explains why it's so important for tech experts to be actively involved in setting public policy.

article thumbnail

ZombieLoad: How Intel’s Latest Side Channel Bug Was Discovered and Disclosed

Threatpost

Daniel Gruss, the researcher behind Spectre, Meltdown - and most recently, ZombieLoad - Intel CPU side channel attacks, gives an inside look into how he discovered the flaws.

61
article thumbnail

97% of Americans Can't Ace a Basic Security Test

Dark Reading

Still, a new Google study uncovers a bit of good news, too.

Security 102
article thumbnail

DXC employee volunteers construct IT School in Colombia

DXC Technology

The indigenous Wayuu children in the remote La Guajira region of northern Colombia now have a bright yellow, two-classroom, IT school — thanks to DXC Technology and hardworking employee volunteers in the North and Central Europe (NCE) region. The school — a first for DXC — was inaugurated February 22 as the successful finale of […].

IT 59
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Think Data Security, Not Endpoint Security

Dark Reading

A strong data protection strategy is essential to protect information as it moves across endpoints and in the cloud.

article thumbnail

Sharing Threat Intelligence: Time for an Overhaul

Threatpost

All too often, information-sharing is limited to vertical market silos; to build better defenses, it's time to take a broader view beyond the ISAC.

article thumbnail

TeamViewer Admits Breach from 2016

Dark Reading

The company says it stopped the attack launched by a Chinese hacking group.

IT 81