Fri.Jun 22, 2018

article thumbnail

Cracking Cortana: The Dangers of Flawed Voice Assistants

Dark Reading

Researchers at Black Hat USA will show how vulnerabilities in Microsoft's Cortana highlight the need to balance security with convenience.

article thumbnail

Bill Could Give Californians Unprecedented Control Over Data

WIRED Threat Level

Lawmakers in California have introduced a sweeping privacy bill that could reign in the power of their Silicon Valley neighbors.

Privacy 81
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How to respond to a data subject access request

IT Governance

A key change to data subjects’ rights under the EU General Data Protection Regulation (GDPR) is the right to ask organisations what data they hold about the data subject. Although this was possible under the Data Protection Act 1998, organisations now have only 30 days to respond, and cannot charge an admin fee for doing so. What is a data subject access request (DSAR)?

Access 90
article thumbnail

Supreme Court: Police Need Warrant for Mobile Location Data

Krebs on Security

The U.S. Supreme Court today ruled that the government needs to obtain a court-ordered warrant to gather location data on mobile device users. The decision is a major development for privacy rights, but experts say it may have limited bearing on the selling of real-time customer location data by the wireless carriers to third-party companies. Image: Wikipedia.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Ruling Reaffirms Individuals Cannot File HIPAA Lawsuits

Data Breach Today

Federal Court Dismisses Legal Action by Patient in Privacy Case A federal court recently dismissed a case filed by a patient alleging a laboratory violated HIPAA by failing to shield her personal health information from public view. The ruling once again reaffirmed a longstanding precedent that individuals cannot sue for alleged HIPAA violations.

Privacy 111

More Trending

article thumbnail

GDPR: An Opportunity for Better Threat Intelligence Sharing

Data Breach Today

Anti-Phishing Working Group Confident It Will Navigate GDPR Requirements Europe's General Data Protection Regulation is reshaping the way organizations handle data. That's going to have an impact on the sharing of threat intelligence. But the Anti-Phishing Working Group hopes the law will provide legal clarity that will make more organizations comfortable with sharing threat data.

GDPR 113
article thumbnail

Carpenter v. United States Decision Strengthens Digital Privacy

WIRED Threat Level

Thanks to Carpenter v. United States, the government will now generally need a warrant to obtain your cell site location information.

Privacy 99
article thumbnail

CISO Thom Langford's Top Tips for GDPR Compliance

Data Breach Today

Start With ISO 27001 and a Solid Information Security Management System When communications giant Publicis Groupe launched its GDPR compliance project, CISO Thom Langford says, "it was more a case of honing and polishing, rather than building from the ground up," thanks to its existing information security management system and complying with ISO 27001.

GDPR 100
article thumbnail

'Pay Up or Get WannaCry Hit' Extortion Email Spreading

Dark Reading

Sophos warns of a 'protection racket' scam email that threatens to infect victims with the ransomware variant if they don't pay the attackers.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

How Contextual Data on Domains Helps Combat Online Attacks

Data Breach Today

Michael Jones of Domain Tools on Scoring Threats, Blocking Phishing Attacks Michael Jones of Domain Tools says that studying domain ownership information gives organizations "contextual data around domains that may be attacking them," thus allowing them to better block attacks, avoid malicious sites and combat phishing campaigns.

Phishing 100
article thumbnail

China Escalates Hacks Against the US as Trade Tensions Rise

WIRED Threat Level

A hacking truce between China and the US doesn't address government espionage operations, a workaround both countries exploit.

article thumbnail

Preview: ISMG's Fraud and Breach Prevention Summit in Chicago

Data Breach Today

Leading the latest edition of the ISMG Security Report: A preview of next week's Fraud and Breach Summit in Chicago, which will feature keynoter Brett Johnson, a former cybercriminal who now advises organizations on fighting crime.

Security 100
article thumbnail

Handling cyber threats in 7 simple steps

IT Governance

Organisations need to be prepared to respond to a wide variety of cyber security incidents. Your biggest concern might be the threat of criminal hackers breaking into your systems, but you also need to know what to do if, say, an employee inadvertently or maliciously leaks data or your organisation suffers a power outage. Despite the prevalence of these threats, very few organisations have demonstrated effective response capabilities.

GDPR 57
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

White House Email Security Faux Pas?

Dark Reading

The Executive Office of the President isn't complying with the DMARC protocol, but that has fewer implications than some headlines would suggest.

article thumbnail

The role of Cyber Essentials Plus in care settings

IT Governance

Data security is an increasing priority for many organisations. The EU General Data Protection Regulation (GDPR) , high-profile data breaches and new sector-specific frameworks such as the Data Security and Protection (DSP) Toolkit mean that many are looking for ways to improve data security practices and demonstrate their compliance with contractual and regulatory requirements.

GDPR 51
article thumbnail

California Assembly Bill Aims to Avert State Ballot Initiative Related to Privacy

Hunton Privacy

On June 21, 2018, California lawmakers introduced AB 375 , the California Consumer Privacy Act of 2018 (the “Bill”). If enacted and signed by the Governor by June 28, 2018, the Bill would introduce key privacy requirements for businesses, but would also result in the removal of a ballot initiative of the same name from the November 6, 2018, statewide ballot.

Privacy 45
article thumbnail

The Effects of Iran's Telegram Ban

Schneier on Security

The Center for Human Rights in Iran has released a report outlining the effect's of that country's ban on Telegram, a secure messaging app used by about half of the country. The ban will disrupt the most important, uncensored platform for information and communication in Iran, one that is used extensively by activists, independent and citizen journalists, dissidents and international media.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Weekly Update 92

Troy Hunt

Last day away! As much as I enjoy travel, I love going home and I'm wrapping this post up whilst sitting at the airport in Oslo about to begin the epic journey that is travelling back to the other side of the world. It's been a great trip, but yeah, I like home ??. This week, I'm recapping on some workshops, talking about how data breaches circulate, sharing some pretty epic Report URI stats and also covering last week's blog post on the Estonian government providing data to HIBP.

article thumbnail

Weekly podcast: BT, Bithumb, Islington Council and World Cup phishing

IT Governance

This week, we discuss a £77,000 fine for BT, Bithumb’s loss of £24 million, Islington Council’s PCI DSS fail and some topical phishing campaigns. Hello and welcome to the IT Governance podcast for Friday, 22 June 2018. Here are this week’s stories. The Information Commissioner’s Office fined BT £77,000 this week for sending nearly 5 million spam emails to its customers.

article thumbnail

Roku TV, Sonos Speaker Devices Open to Takeover

Threatpost

The Roku streaming video device and the Sonos Wi-Fi speakers suffer from the same DNS rebinding flaw reported in Google Home and Chromecast devices earlier this week.

IoT 44
article thumbnail

Supreme Court Holds Warrant Required to Obtain Historical Cell Phone Location Information

Hunton Privacy

On June 22, 2018, the United States Supreme Court held in Carpenter v. United States that law enforcement agencies must obtain a warrant supported by probable cause to obtain historical cell-site location information (“CSLI”) from third-party providers. The government argued in Carpenter that it could access historical CSLI through a court order alone under the Stored Communications Act (the “SCA”).

Privacy 42
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Fortnite Fraudsters Infest the Web with Fake Apps, Scams

Threatpost

Malefactors have doubled down on duping Fortnite enthusiasts, releasing YouTube videos with links to scam versions of the game. And that's not all.

article thumbnail

Domain Name Stealing at Gunpoint

Schneier on Security

I missed this story when it came around last year : someone tried to steal a domain name at gunpoint. He was just sentenced to 20 years in jail.

IT 49
article thumbnail

Malicious App Infects 60,000 Android Devices ? But Still Saves Their Batteries

Threatpost

A battery-saving app enables attackers to snatch text messages and read sensitive log data - but it also holds true to its advertising.

IT 47
article thumbnail

Don?t sweat the small stuff ? RPA can do that for you

CGI

Don’t sweat the small stuff – RPA can do that for you. p.butler@cgi.com. Fri, 06/22/2018 - 03:56. One of the classic self-help books ‘Don’t Sweat the Small Stuff’ suggests that we focus on the big important issues rather than small things that can derail us. Great for individuals, maybe, but organisations do it at their peril. Organisations, every day, need to focus on the small stuff.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Why Italy?s eInvoicing mandate could impact you

OpenText Information Management

In a previous blog, I looked at how governments are now driving eInvoicing adoption around the world. Now, Italy is set to be the first country in Europe to mandate eInvoicing for all B2G and B2B transactions. Regardless of whether or not you do business in Italy, this is a major development that will have … The post Why Italy’s eInvoicing mandate could impact you appeared first on OpenText Blogs.

B2B 40
article thumbnail

Fraud Trend Report: Rising Account Takeovers

Rippleshot

New security threats in the financial ecosystem are far from a new phenomenon, which is why financial institutions are constantly having to enhance their breach detection technology investments. New threats emerge on a regular basis, and fraudsters continue to capitalize on vulnerable payment data as their techniques get faster and more sophisticated.

article thumbnail

OpenText Life Sciences Express: A Big Boost in Efficiency for Regulatory Professionals

OpenText Information Management

As OpenText™ continues to build strength and momentum in its industry-specific offerings for Life Sciences, we are building our team accordingly. I am pleased to introduce myself with my first blog in the Life Sciences area, taking over from my worthy predecessor, Lori McKellar. Lori’s most recent blog introduced OpenText Life Sciences Express, something I … The post OpenText Life Sciences Express: A Big Boost in Efficiency for Regulatory Professionals appeared first on OpenText Blogs.

IT 40