Thu.Mar 14, 2019

article thumbnail

Prosecutors Probe Facebook's Data Deals

Data Breach Today

New York Grand Jury Subpoenas Records in Criminal Probe - Report Facebook's data deals continue to be probed. A criminal investigation of Facebook by federal prosecutors in New York has resulted in records being subpoenaed "from at least two prominent makers of smartphones and other devices," the New York Times reports.

194
194
article thumbnail

NEW TECH: CyberGRX seeks to streamline morass of third-party cyber risk assessments

The Last Watchdog

When Target fired both its CEO and CIO in 2014, it was a wake-up call for senior management. The firings came as a result of a massive data breach which routed through an HVAC contractor’s compromised account. C-suite execs across the land suddenly realized something similar could happen to them. So they began inundating their third-party suppliers with “bespoke assessments” – customized cyber risk audits that were time consuming and redundant.

Risk 165
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Fresh POS Malware Strikes Small and Midsize Companies

Data Breach Today

GlitchPOS Disguises Itself as a Game Involving Cats; DMSniff Hits Restaurants A closely held type of point-of-sale malware, DMSniff, is spreading further while another, GlitchPOS, has also emerged. Despite a surfeit of stolen payment card details on the black market, efforts to steal more continue, highlighting the continuing challenges around card security.

Sales 174
article thumbnail

39% of all existing Counter-Strike 1.6 game servers online are malicious

Security Affairs

Experts at security firm Dr. Web revealed that 39% of all existing Counter-Strike 1.6 game servers online are malicious, an attacker is exploiting zero-day flaws in game clients. Bad news for gamers of the popular game Counter-Strike, according to the experts at the security firm Dr. Web, 39% of all existing Counter-Strike 1.6 game servers online are malicious.

Security 104
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

The 2019 Bank Heists Report

Data Breach Today

Carbon Black's Tom Kellermann on Latest Threats to Banks Carbon Black and Optiv have released their 2019 Modern Bank Heists report, which unveils the latest cyber threats to global banking institutions. Report co-author Tom Kellermann discusses the findings and what they mean.

174
174

More Trending

article thumbnail

How the Remote Workforce Is Changing the Threat Landscape

Data Breach Today

Duo Security's Jon Oberheide on Securing Access to Devices, Cloud Services Today's workforce is increasingly working remotely and relying on a variety of devices and cloud services to accomplish their jobs. Organizations must support but also secure this push, or they risk driving employees to adopt shadow IT, warns Jon Oberheide of Duo Security.

Cloud 168
article thumbnail

DARPA Is Developing an Open-Source Voting System

Schneier on Security

This sounds like a good development: a new $10 million contract the Defense Department's Defense Advanced Research Projects Agency (DARPA) has launched to design and build a secure voting system that it hopes will be impervious to hacking. The first-of-its-kind system will be designed by an Oregon-based firm called Galois, a longtime government contractor with experience in designing secure and verifiable systems.

article thumbnail

Pen Testing of HHS Units Reveals Weaknesses

Data Breach Today

OIG Report Highlights a Range of Security Concerns Operating divisions of the Department of Health and Human Services need to shore up security controls - including access controls and software patching - to more effectively detect and prevent cyberattacks, according to a new federal watchdog report.

Access 160
article thumbnail

The latest OpenText Enterprise World 2019 news

OpenText Information Management

OpenText™ Enterprise World 2019 takes place in Toronto July 9 – 11, and before that we have Enterprise World Europe and Enterprise World Asia. To keep you up to date with the latest OTEW news and announcements, we’ve collected a summary of all the Enterprise World press releases. We’ll keep updating this post leading up … The post The latest OpenText Enterprise World 2019 news appeared first on OpenText Blogs.

89
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Revisiting Election Security Threats

Data Breach Today

FBI's Elvis Chan on What's Being Done to Secure the 2020 Election Heading into the 2020 U.S. presidential election preseason, the FBI is squarely focused on defending against nation-state hacks or influence. Elvis Chan of the FBI talks about preparations for a cybersecure election.

Security 151
article thumbnail

Payment data of thousands of customers of UK and US online stores could have been compromised

Security Affairs

Group-IB, an international company that specializes in preventing cyberattacks , has uncovered a malicious code designed to steal customers’ payment data on seven online stores in the UK and the US. The injected code has been identified as a new JavaScript Sniffer (JS Sniffer ), dubbed by Group-IB as GMO. Group-IB Threat Intelligence team first discovered the GMO JS Sniffer on the website of the international sporting goods company FILA UK, which could have led to the theft of payment detail

article thumbnail

Weekly podcast: Goodbye!

IT Governance

In our last ever podcast, we discuss Citrix’s data breach, the GDPR and cookie walls, data breach notification, and Patch Tuesday. Hello and welcome to the IT Governance podcast for Thursday, 7 March 2019. It’s our last episode, so I suppose I ought to mark the occasion in some way, but, let’s face it, you’re not listening for gimmicky nonsense, so let’s crack on.

GDPR 82
article thumbnail

CSRF flaw in WordPress potentially allowed the hack of websites

Security Affairs

Security researcher Simon Scannell from RIPS Technologies, has discovered a new CSRF vulnerability in WordPress, that could potentially lead to remote code execution attacks. The flaw is a cross-site request forgery (CSRF) that resides in the comment section of WordPress that is enabled by default, the issue affects all WordPress versions prior to version 5.1.1.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Trusting AI to save lives in India

IBM Big Data Hub

India’s current patient to physician ratio prevents thousands from receiving individualized care needed. iKure has developed a network of facilities with an integrated EMR system that brings care to rural communities in India, Vietnam, and Africa at an affordable and convenient way.

77
article thumbnail

Torrent Risks: How to get infected through torrent with a good reputation

Security Affairs

Experts at Z-Lab Yoroi/Cybaze have conducted an interesting analysis on the risks for users downloading films, games, and software through Torrent. Digital media sharing is one of the most relevant phenomena since the advent of the internet. During the 80’s and 90’s , with the rapid growth the Internet, people around the world started sharing digital stuff protected by copyright, through particular communication protocols and programs such as FTP, IRC, etc.

Risk 84
article thumbnail

Five cutting edge technologies available to SMBs through cloud-automated IT

DXC Technology

As SaaS applications have come of age, adopting newer technologies has become easier for smaller organizations. However, the subsequent challenge of supporting these technology components remains for organizations with limited budget and resources available. Continuously monitored networks and servers, rapid response times for user support, and advanced security features – these capabilities have traditionally only […].

Cloud 76
article thumbnail

DMSniff POS Malware has flown under the radar for at least four years

Security Affairs

Malware researchers at Flashpoint revealed that at least since 2016, a PoS malware dubbed DMSniff has flown under the radar. Malware researchers at Flashpoint revealed that since 2016, a PoS malware dubbed DMSniff has been involved in breaches of small- and medium-sized businesses in the restaurant and entertainment industries. DMSniff leverages a domain generation algorithm to create command -and-control domains on the fly, a technical choice that make it hard takedown of C2 infrastructure by l

Sales 79
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

4 Reasons to Take an 'Inside Out' View of Security

Dark Reading

When you approach security from the inside out, you're protecting your data by determining the most vital applications and using a risk-based strategy, which focuses on the most valuable and vulnerable assets.

article thumbnail

How to Use Virtual Data Rooms for M&A Due Diligence

OneHub

Over the past decade, the widespread adoption of technology like the virtual data room has resulted in a fundamental shift in how numerous legal functions are carried out. This shift has affected legal practices everywhere. No one area of the legal industry has benefited from this shift towards legal technology more than the field of mergers and acquisitions, or M&A.

Access 76
article thumbnail

One Step Closer to Saudi Vision 2030 | General Auditing Bureau Conclude the Fourth stage of SHAMEL with Everteam

Everteam

Riyadh, KSA – March 2019 – An event was held at the General Auditing bureau to conclude the fourth stage of linking the government entities under GAB’s supervision to the Smart Electronic Auditing Platform “SHAMEL” project with Everteam. The platform which was designed by Everteam, linked more than 180 government entities within the Kingdom in various sectors including civil and military bodies, institutions and companies.

article thumbnail

Criminals Use One Line of Code to Steal Card Data from E-Commerce Sites

Dark Reading

New JavaScript sniffer is similar to malware used in the Magecart campaign last year that affected over 800 sites.

94
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Requirements for achieving ISO 27001 certification

IT Governance

This blog has been updated to reflect industry updates. Originally published 24 March 2016. Although ISO 27001 is built around the implementation of information security controls, none of them are universally mandatory for compliance. That’s because the Standard recognises that every organisation will have its own requirements when developing an ISMS, and that not all controls will be appropriate.

article thumbnail

Cisco addresses a critical static credential flaw in Common Services Platform Collector

Security Affairs

Cisco released security updates to address a critical vulnerability in its Cisco Common Services Platform Collector (CSPC) software. Cisco released security updates to address a critical flaw, tracked as CVE-2019-1723 , that consists in the presence of a default account with a static password. The account hasn’t admin privileges, but it could be exploited by an unauthenticated attacker to gain remote access to the system.

article thumbnail

Apple and beauty merge to deliver a better shopping experience

Jamf

Creator of luxury home and body products, Rituals uses iPad and iPod devices to enhance the shopping experience. Our own Jeni Asaba took off her Jamf “hat” to experience 21st century shopping firsthand.

71
article thumbnail

Anomaly Detection Techniques: Defining Normal

Dark Reading

The challenge is identifying suspicious events in training sets where no anomalies are encountered. Part two of a two-part series.

80
article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Threatlist: IMAP-Based Attacks Compromising Accounts at ‘Unprecedented Scale’

Threatpost

Attackers are increasingly targeting insecure legacy protocols, like IMAP, to avoid running into multi-factor authentication in password-spraying campaigns.

article thumbnail

You built a chat support channel, so where’s all the user adoption?

DXC Technology

In general, chat adoption rates are still not as strong as clients would like. Those who simply built a chat option with the expectation that users would adopt it by themselves are seeing between 7% to 12% of their volume via chat. Most of these organizations are doing nothing to promote chat as a support channel, […].

IT 64
article thumbnail

Cisco Patches Critical ‘Default Password’ Bug

Threatpost

Vulnerability allows adversaries to access monitoring system used for gathering info on operating systems and hardware.