Thu.Aug 15, 2019

article thumbnail

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

The Last Watchdog

“All we know is MONEY! Hurry up! Tik Tak, Tik Tak, Tik Tak!” This is an excerpt from a chilling ransom note Baltimore IT officials received from hackers who managed to lock up most of the city’s servers in May. The attackers demanded $76,000, paid in Bitcoin, for a decryption key. Baltimore refused to pay – choosing, instead, to absorb an estimated $18 million in recovery costs.

article thumbnail

Biometric Security Vendor Exposes Fingerprints, Face Data

Data Breach Today

Researchers Find Open Database for Suprema's BioStar 2 A South Korean company that makes a biometric access control platform exposed fingerprint, facial recognition data and personal information after leaving an Elasticsearch database open, security researchers say. They found 23GB of data belonging to organizations that use Suprema's BioStar 2 system.

Security 166
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Enterprise Architecture Tools Are Key to Managing Ideation and Innovation

erwin

Organizations largely recognize the need for enterprise architecture tools, yet some still struggle to communicate their value and prioritize such initiatives. As data-driven business thrives , organizations will have to overcome these challenges because managing IT trends and emerging technologies makes enterprise architecture (EA) increasingly relevant.

article thumbnail

Prosecutors Allege Capital One Suspect Stole From Many Others

Data Breach Today

New Court Documents Describe What Was Found on Her Servers Paige A. Thompson, who's been arrested on a charge of hacking into Capital One's network and taking the personal and financial data of 106 million individuals, is also suspected of stealing information from over 30 other organizations, according to new court documents.

163
163
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

How to prepare for the California Consumer Privacy Act

Thales Cloud Protection & Licensing

On June 28, 2018 the governor of California Jerry Brown signed into law with Assembly Bill No. 375 the California Consumer Privacy Act (CCPA), making California the first U.S. state to pass its own data privacy law. Last August, my colleague Ashvin Kamaraju wrote a blog shortly after this took place. The CCPA, which will come into effect on Jan. 1, 2020, grants to the state’s over 40 million people a range of rights comparable to the rights given to European citizens with the General Data Protec

Privacy 91

More Trending

article thumbnail

A flaw in Kaspersky Antivirus allowed tracking its users online

Security Affairs

A vulnerability in Kaspersky Antivirus had exposed a unique identifier associated with users to every website they have visited in the past 4 years. A vulnerability in the Kaspersky Antivirus software, tracked as CVE-2019-8286, had exposed a unique identifier associated with its users to every website they have visited in the past 4 years. The exposure of this identifier allowed visited websites and commercial third-party services to track users online.

IT 91
article thumbnail

Cleaning Up After Ransomware Attacks Isn't Easy

Data Breach Today

Two Recent Attacks Illustrate the Challenges Involved The experiences of two healthcare organizations that are still recovering from recent ransomware attacks after they refused to pay a ransom illustrate the challenges these incidents pose long after the initial attack.

article thumbnail

5 Things to Know About Cyber Insurance

Dark Reading

More businesses are recognizing the need for cyber insurance as part of an overall security strategy. Here are some key points to consider when evaluating, purchasing, and relying on a policy.

article thumbnail

Mozilla addresses “master password” security bypass flaw in Firefox

Security Affairs

The latest update released by Mozilla for Firefox patches a flaw in Firefox Password Manager that can be exploited to access stored passwords. The latest release for Mozilla Firefox ( Firefox 68.0.2) fixes a vulnerability that can be exploited to bypass the master password in Firefox Password Manager and access stored passwords. “ When a master password is set, it is required to be entered before stored passwords can be accessed in the ‘Saved Logins’ dialog.” reads the ad

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Bypassing Apple FaceID's Liveness Detection Feature

Schneier on Security

Apple's FaceID has a liveness detection feature, which prevents someone from unlocking a victim's phone by putting it in front of his face while he's sleeping. That feature has been hacked : Researchers on Wednesday during Black Hat USA 2019 demonstrated an attack that allowed them to bypass a victim's FaceID and log into their phone simply by putting a pair of modified glasses on their face.

IT 83
article thumbnail

6 DataOps essentials to deliver business-ready data

IBM Big Data Hub

Nearly every business is under competitive, disruptive, and regulatory pressures. As companies face digital transformation and modernization to meet their customers’ expectations, leveraging data and AI at the speed of business can be the biggest differentiator.

article thumbnail

Biometric data of 1M leaked via an unsecured Suprema owned database

Security Affairs

Researchers discovered an unsecured database online owned by Suprema that contained the fingerprints and facial recognition information of one million people. Researchers from vpnMentor discovered the personal and biometric data (i.e. facial recognition and fingerprint information) of more than a million people exposed online on an unsecured database owned by the Suprema biometric security company.

article thumbnail

Gartner Emphasize the Need for Enterprise Architecture Tools

erwin

Organizations largely recognize the need for enterprise architecture tools, yet some still struggle to communicate their value and prioritize such initiatives. As data-driven business thrives , organizations will have to overcome these challenges because managing IT trends and emerging technologies makes enterprise architecture (EA) increasingly relevant.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

The Flaw in Vulnerability Management: It's Time to Get Real

Dark Reading

Companies will never be 100% immune to cyberattacks. But by having a realistic view of the basics, starting with endpoint vulnerabilities, we can build for a safer future.

IT 78
article thumbnail

Woman Charged in Capital One Breach May Have Hacked Over 30 Companies

Adam Levin

Hacker Paige Thomson, main suspect in the recent Capital One data breach, may also be responsible for hacking as many as 30 other companies and organizations. . Prosecutors from the Seattle U.S. Attorney’s Office announced the discovery of data from more than 30 targeted entities in the bedroom of Paige Thompson, who was arrested in connection with the Capital One data breach.

article thumbnail

More Than 20 Data Breaches Reported Per Day in First Half of 2019

Dark Reading

But incidents involving SSNs, addresses, birth dates were smaller than in previous years.

article thumbnail

IT Governance’s 2019 Cyber Resilience Report reveals major data protection weaknesses

IT Governance

Anti-malware technology is one of the most basic cyber security mechanisms that organisations should have in place, but according to IT Governance’s 2019 Cyber Resilience Report , 27% of respondents haven’t implemented such measures. This finding is even more surprising given that our customer base is naturally more knowledgeable about information security than the average organisation.

IT 74
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

NSA Researchers Talk Development, Release of Ghidra SRE Tool

Dark Reading

NSA researchers took the Black Hat stage to share details of how they developed and released the software reverse-engineering framework.

85
article thumbnail

How Facebook Catches Bugs in Its 100 Million Lines of Code

WIRED Threat Level

For the last four years, Facebook has quietly used a homegrown tool called Zoncolan to find bugs in its massive codebase.

IT 82
article thumbnail

New Research Finds More Struts Vulnerabilities

Dark Reading

Despite aggressive updating and patching, many organizations are still using versions of Apache Struts with known -- and new -- vulnerabilities.

77
article thumbnail

Self-service analytics moving to the cloud for many firms

Information Management Resources

Self-service analytics, a type of business intelligence that enables business users to perform queries on their own with easy-to-use tools, is increasingly moving to the cloud and extending beyond visualization.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

7 Biggest Cloud Security Blind Spots

Dark Reading

Cloud computing boon is for innovation, yet security organizations find themselves running into obstacles.

Cloud 86
article thumbnail

HTTP Bugs Open Websites to DoS Attacks

Threatpost

Eight vulnerabilities in the HTTP/2 server implementations were found in vendors Amazon, Apple, Microsoft and Apache.

article thumbnail

68% of Companies Say Red Teaming Beats Blue Teaming

Dark Reading

The majority of organizations surveyed find red team exercises more effective than blue team testing, research shows.

81
article thumbnail

Clickjacking Evolves to Hook Millions of Top-Site Visitors

Threatpost

Researchers said that clickjacking is a threat that's evolving, with new tactics just starting to emerge.

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Adware, Trojans Hit Education Sector Hard

Dark Reading

Students continue to be weak links for schools and universities, according to data from security firm Malwarebytes.

article thumbnail

Energy Sector Phish Swims Past Microsoft Email Security via Google Drive

Threatpost

The savvy technique of avoiding malicious links in the email allowed the phishing attack to reach its targets.

article thumbnail

The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?

Dark Reading

The old-school technology is experiencing new popularity, but too many people assume mainframes are inherently secure.