Mon.Oct 01, 2018

article thumbnail

Voice Phishing Scams Are Getting More Clever

Krebs on Security

Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. Think you’re too smart to fall for one? Think again: Even technology experts are getting taken in by some of the more recent schemes (or very nearly).

Phishing 278
article thumbnail

FDA Reveals Steps to Bolster Medical Device Cybersecurity

Data Breach Today

'Playbook' Prepared; Data Sharing Efforts Planned In its ongoing quest to improve the state of medical device cybersecurity, the FDA has announced a number of key moves - including the release of a security "playbook," plans to leverage information sharing and analysis organizations and an effort to update its 2014 premarket guidance for manufacturers.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Agile Guide: Making Development Cycles More Effective

AIIM

Software development is a process fraught with pitfalls. If you aren’t careful about managing a development team, even a highly-skilled team, it’s easy for your product to become vaporware. In order to ensure your project stays within budget, you’ll need to understand what factors lead to an efficient development team. Software development is a combination of science, art, and business.

article thumbnail

Facebook Breach: Attackers Exploited Privacy Feature

Data Breach Today

Attackers Hacked Three Separate Bugs to Breach 50 Million Accounts Facebook says that whoever hacked 50 million user accounts, putting the privacy of those users' personal data at risk, did so by abusing its "View As" privacy feature. Facebook says the attack successfully targeted three separate bugs in its video-uploading functionality.

Privacy 214
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

California Enacts New Requirements for Internet of Things Manufacturers

Hunton Privacy

On September 28, 2018, California Governor Jerry Brown signed into law two identical bills regulating Internet-connected devices sold in California. S.B. 327 and A.B. 1906 (the “Bills”), aimed at the “Internet of Things,” require that manufacturers of connected devices—devices which are “capable of connecting to the Internet, directly or indirectly,” and are assigned an Internet Protocol or Bluetooth address, such as Nest’s thermostat—outfit the products with “reasonable” security features by Ja

More Trending

article thumbnail

More on the Five Eyes Statement on Encryption and Backdoors

Schneier on Security

Earlier this month, I wrote about a statement by the Five Eyes countries about encryption and back doors. (Short summary: they like them.) One of the weird things about the statement is that it was clearly written from a law-enforcement perspective, though we normally think of the Five Eyes as a consortium of intelligence agencies. Susan Landau examines the details of the statement, explains what's going on, and why the statement is a lot less than what it might seem.

article thumbnail

How Machine Learning Enhances Data Classification

Data Breach Today

Machine learning could be a breakthrough for data classification, addressing fundamental challenges and paving the way to create and enforce automated policies that can be scaled across the enterprise, says Titus CEO Jim Barkdoll.

130
130
article thumbnail

Attackers chained three bugs to breach into the Facebook platform

Security Affairs

Facebook has revealed additional details about the cyber attack that exposed personal information of 50 million accounts. Last week, Facebook announced that attackers exploited a vulnerability in the “View As” feature that allowed them to steal Facebook access tokens of 50 Million Users. The “View As” feature allows users to see how others see their profile, it was implemented under the privacy section to help users to check that only intended data is visible for their public profile.

Access 90
article thumbnail

SOC Analytics: Building the Right Toolset

Data Breach Today

As attackers become more adept at evading "reactive" security controls and alert mechanisms, proactively analyzing the behaviors of people and systems is critical to detecting malicious activity, says Gartner's Kelly Kavanagh.

Analytics 130
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Expert demonstrated how to access contacts and photos from a locked iPhone XS

Security Affairs

Expert discovered a passcode bypass vulnerability in Apple’s new iOS version 12 that could be exploited to access photos, contacts on a locked iPhone XS. The Apple enthusiast and “office clerk” Jose Rodriguez has discovered a passcode bypass vulnerability in Apple’s new iOS version 12 that could be exploited by an attacker (with physical access to the iPhone) to access photos, contacts on a locked iPhone XS and other devices.

Access 83
article thumbnail

PCI DSS Works on Security for New Payment Options

Data Breach Today

As new payment options continue to emerge via mobile phones and internet of things devices, the PCI Security Standards Council is broadening its security efforts, starting with a new standard for contactless payments coming early next year, says Troy Leach, PCI SSC's chief technology officer.

Security 130
article thumbnail

Four Companies Settle FTC Allegations Regarding False EU-U.S. Privacy Shield Certifications

Hunton Privacy

On September 27, 2018, the Federal Trade Commission announced a settlement agreement with four companies – IDmission, LLC , (“IDmission”) mResource LLC (doing business as Loop Works, LLC) (“mResource”), SmartStart Employment Screening, Inc. (“SmartStart”), and VenPath, Inc. (“VenPath”) – over allegations that each company had falsely claimed to have valid certifications under the EU-U.S.

Privacy 78
article thumbnail

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Security Affairs

Security experts from Qihoo 360 NetLab spotted GhostDNS, a malware that already infected over 100K+ devices and targets 70+ different types of routers. Security experts from Qihoo 360 NetLab have uncovered an ongoing hacking campaign that leverages the GhostDNS malware. Attackers have already hijacked over 100,000 home routers, the malicious code allows to modify DNS settings to hijack the traffic and redirect users to phishing websites.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

The past, present and future of data warehouse appliances

IBM Big Data Hub

The IBM Integrated Analytics System (IIAS), is a unique, cloud-ready appliance and machine learning platform wields the power of an in-memory, massively parallel processing database engine with embedded Spark. It also runs on market-leading IBM Big Data Servers and IBM FlashSystem 900 storage arrays enabling a high-performance system optimized for business insight as well as advanced operational and in-database analytics.

article thumbnail

Why Cops Can Use Face ID to Unlock Your iPhone

WIRED Threat Level

For the first publicly documented time, law enforcement has used Face ID to forcibly unlock someone's iPhone. It won't be the last.

IT 82
article thumbnail

How the 'human and machine' model will transform customer service

Information Management Resources

The automation plus humans customer service model is garnering more attention as businesses look for new ways to increase efficiencies, reduce costs and boost the bottom line while maintaining and improving customer loyalty.

article thumbnail

Employees Share Average of 6 Passwords With Co-Workers

Dark Reading

Password-sharing and reuse is still prominent, but multifactor authentication is on the rise, new study shows.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Dark Web Azorult Generator Offers Free Binaries to Cybercrooks

Threatpost

The Gazorp online builder makes it easy to start stealing passwords, credit-card information, cryptocurrency wallet data and more.

article thumbnail

Shortcut the paperwork shuffle with AI-augmented content capture

OpenText Information Management

Early in my career, when I was a freelance writer and market researcher, I spent a sizable chunk of my work week sending and receiving paperwork that wasn’t my actual work – invoices, tax forms, and so forth. It was the bane of my existence. I grew up photocopying or filling out and signing forms … The post Shortcut the paperwork shuffle with AI-augmented content capture appeared first on OpenText Blogs.

article thumbnail

Exclusive: Cisco, Duo Execs Share Plans for the Future

Dark Reading

Cisco's Gee Rittenhouse and Duo's Dug Song offer ideas and goals for the merged companies as Duo folds under the Cisco umbrella.

68
article thumbnail

Cyber Defense Magazine – October 2018 has arrived. Enjoy it!

Security Affairs

Cyber Defense Magazine October 2018 Edition has arrived. Sponsored by: Bosch. We hope you enjoy this month’s edition…packed with 100+ pages of excellent content. InfoSec Knowledge is Power. We have 6 years of eMagazines online with timeless content. Visit our online library by clicking here. Please tell your friends to. We hope you enjoy this month’s edition…packed with 100+ pages of excellent content.

IT 57
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

October Events at Dark Reading You Can't Miss

Dark Reading

Cybersecurity Month at Dark Reading is packed with educational webinars, from data breach response to small business security.

article thumbnail

Nine NAS Bugs Open LenovoEMC, Iomega Devices to Attack

Threatpost

Rated as high-risk vulnerabilities, these privilege-escalation flaws could allow an unauthenticated attacker to access protected content.

Risk 63
article thumbnail

'Short, Brutal Lives': Life Expectancy for Malicious Domains

Dark Reading

Using a cooling-off period for domain names can help catch those registered by known bad actors.

77
article thumbnail

Adobe Patches 47 Critical Flaws in Acrobat and DC

Threatpost

The update includes a security bypass bug that enables privilege escalation.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

California Enacts First-in-Nation IoT Security Law

Dark Reading

The new law requires some form of authentication for most connected devices.

IoT 80
article thumbnail

Records Information Management: What Is RIM and Why It’s Important

Record Nations

A RIM program is a system for managing records throughout their lifespan, stretching from their initial creation to their eventual destruction and everywhere in between. In this video learn more about the value of records information management, with information including why it’s important as well as a step-by-step walkthrough of the record life cycle.

IT 40
article thumbnail

The Right Diagnosis: A Cybersecurity Perspective

Dark Reading

A healthy body and a healthy security organization have a lot more in common than most people think.