October, 2018

article thumbnail

Voice Phishing Scams Are Getting More Clever

Krebs on Security

Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. Think you’re too smart to fall for one? Think again: Even technology experts are getting taken in by some of the more recent schemes (or very nearly).

Phishing 278
article thumbnail

Cell Phone Security and Heads of State

Schneier on Security

Earlier this week, the New York Times reported that the Russians and the Chinese were eavesdropping on President Donald Trump's personal cell phone and using the information gleaned to better influence his behavior. This should surprise no one. Security experts have been talking about the potential security vulnerabilities in Trump's cell phone use since he became president.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Facebook Breach: Single Sign-On of Doom

Data Breach Today

Victims Need 'Single Sign-Off' in This Age of Hyper-Connected Services and Apps While Facebook has invalidated 90 million users' single sign-on access tokens following a mega-breach, researchers warn that most access token hijacking victims still lack any reliable "single sign-off" capabilities that will revoke attackers' access to hyper-connected web services and mobile apps.

Access 246
article thumbnail

List of data breaches and cyber attacks in October 2018 – 44,701,278 records leaked

IT Governance

Rather than posting the usual long list of data breaches and cyber attacks, I’ve decided to go down a new route. These monthly blogs will now look at three lesser-known stories in detail, as well as give a total number for all records exposed in the month. It’s been the usual mix of data breaches this month, with lots of mistakes being made and lots of ransoms being paid.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Department of Interior Updating Their Records Schedule

National Archives Records Express

Many of our readers may have seen recent items in the news media, social medi a or on listservs that make it seem like the Department of the Interior is making an unusual request to destroy Federal Records. We have been busily responding to inquiries about this schedu le from individuals and the press for a few days. Those of you who work in records management understand the records scheduling process, but to others, this process can seem mysterious.

Archiving 109

More Trending

article thumbnail

CNIL Publishes Initial Assessment on Blockchain and GDPR

Hunton Privacy

Recently, the French Data Protection Authority (“CNIL”) published its initial assessment of the compatibility of blockchain technology with the EU General Data Protection Regulation (GDPR) and proposed concrete solutions for organizations wishing to use blockchain technology when implementing data processing activities. What is a Blockchain? A blockchain is a database in which data is stored and distributed over a high number of computers and all entries into that database (called “transactions”

article thumbnail

Facebook Is Using Your Two-Factor Authentication Phone Number to Target Advertising

Schneier on Security

From Kashmir Hill : Facebook is not content to use the contact information you willingly put into your Facebook profile for advertising. It is also using contact information you handed over for security purposes and contact information you didn't hand over at all, but that was collected from other people's contact books, a hidden layer of details Facebook has about you that I've come to call "shadow contact information.

article thumbnail

Connecticut City Pays Ransom After Crypto-Locking Attack

Data Breach Today

Separately, a Water Utility Hit by Ryuk Ransomware Vows to Restore, Not Pay A tale of two different ransomware victims' responses: One Connecticut city says it had little choice but to pay a ransom to restore crypto-locked systems. But a North Carolina water utility hit separately says that rather than bow to criminals' demands, it will rebuild affected systems and databases.

article thumbnail

List of data breaches and cyber attacks in October 2018 – 44,701,278 records leaked

IT Governance

Rather than posting the usual long list of data breaches and cyber attacks, I’ve decided to go down a new route. These monthly blogs will now look at three lesser-known stories in detail, as well as give a total number for all records exposed in the month. It’s been the usual mix of data breaches this month, with lots of mistakes being made and lots of ransoms being paid.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

IBM Builds 'SOC on Wheels' to Drive Cybersecurity Training

Dark Reading

A tractor trailer housing a Cyber Tactical Operation Center will travel throughout the US and Europe for incident response training, security support, and education.

article thumbnail

China planted tiny chips on US computers for cyber espionage

Security Affairs

China used tiny chips implanted on computer equipment manufactured for US companies and government agencies to steal secret information. According to a report published by Bloomberg News, China used tiny chips implanted on computer equipment manufactured for US companies and government agencies, including Amazon and Apple, to steal secret information.

article thumbnail

CNIL Publishes Statistical Review of Data Breaches Since Entry into Application of GDPR

Hunton Privacy

Recently, the French Data Protection Authority (the “CNIL”) published a statistical review of personal data breaches during the first four months of the EU General Data Protection Regulation’s (“GDPR”) entry into application. View the review (in French). . Types of breaches. Between May 25 and October 1, 2018, the CNIL received 742 notifications of personal data breaches that affected 33,727,384 individuals located in France or elsewhere.

article thumbnail

Conspiracy Theories Around the "Presidential Alert"

Schneier on Security

Noted conspiracy theorist John McAfee tweeted : The "Presidential alerts": they are capable of accessing the E911 chip in your phones - giving them full access to your location, microphone, camera and every function of your phone. This not a rant, this is from me, still one of the leading cybersecurity experts. Wake up people! This is, of course, ridiculous.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

FDA Reveals Steps to Bolster Medical Device Cybersecurity

Data Breach Today

'Playbook' Prepared; Data Sharing Efforts Planned In its ongoing quest to improve the state of medical device cybersecurity, the FDA has announced a number of key moves - including the release of a security "playbook," plans to leverage information sharing and analysis organizations and an effort to update its 2014 premarket guidance for manufacturers.

article thumbnail

How long do you have to report a data breach?

IT Governance

The first 72 hours after you become aware of a data breach are critical. This is the deadline given to you under the EU GDPR (General Data Protection Regulation) to report information security incidents to your supervisory authority. As you might expect, there are a lot of intricacies involved. This blog guides you through everything you need to know about the GDPR’s personal data breach notification requirements, including how to report incidents and the potential repercussions for failing to c

article thumbnail

12 Free, Ready-to-Use Security Tools

Dark Reading

There's no excuse for not knowing your exposure. These free tools can help you analyze what your company is up against and point ways to developing a more thorough security program.

article thumbnail

Brazil expert discovers Oracle flaw that allows massive DDoS attacks

Security Affairs

Oracle has just released a security update to prevent 2.3 million servers running the RPCBIND service from being used in amplified DDoS attacks. The flaw was discovered by the Brazilian researcher Mauricio Corrêa, founder of Brazilian security company XLabs. The exploitation of this vulnerability could cause major problems on the Internet. “A proof of concept (POC) made in only one XLabs server generated a traffic of 69 gigabits per second,” Mauricio told Cibersecurity.net.br.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

China's Five Steps for Recruiting Spies in the US

WIRED Threat Level

A series of high-profile cases involving alleged Chinese recruits shows how the country identifies and develops potential spies stateside.

Security 110
article thumbnail

How DNA Databases Violate Everyone's Privacy

Schneier on Security

If you're an American of European descent, there's a 60% you can be uniquely identified by public information in DNA databases. This is not information that you have made public; this is information your relatives have made public. Research paper : "Identity inference of genomic data using long-range familial searches." Abstract: Consumer genomics databases have reached the scale of millions of individuals.

Privacy 99
article thumbnail

Anthem Mega-Breach: Record $16 Million HIPAA Settlement

Data Breach Today

Regulators Say Health Insurer Failed to Take Basic Security Steps Federal regulators have smacked health insurer Anthem with a record $16 million HIPAA settlement in the wake of a cyberattack revealed in 2015, which impacted nearly 79 million individuals. What missteps does the settlement highlight?

Insurance 236
article thumbnail

6 tools to help you prevent and respond to data breaches

IT Governance

There are few things organisations fear more than data breaches. They cause immediate delays, cost money to put right and could lead to long-term reputational damage. The stakes were raised with the introduction of the EU GDPR (General Data Protection Regulation) in May 2018. It outlines the best practices for preventing a data breach and has been widely publicised – as has the potential to levy large fines against non-compliant organisations.

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Creating a Safe Online Experience At Home

PerezBox

As a parent, and a technologist, I struggle with creating a safe online experience at home. I’m constantly playing with different technologies – hardware and software – trying to find. Read More. The post Creating a Safe Online Experience At Home appeared first on PerezBox.

article thumbnail

CVE-2018-14665 privilege escalation flaw affects popular Linux distros

Security Affairs

Security researcher discovered a highly critical vulnerability (CVE-2018-14665) in X.Org Server package that affects major Linux distributions. The Indian security researcher Narendra Shinde has discovered a highly critical vulnerability (CVE-2018-14665) in X.Org Server package that affects major Linux distributions, including OpenBSD, Debian, Ubuntu, CentOS, Red Hat, and Fedora.

Security 101
article thumbnail

I Bought Used Voting Machines on eBay for $100 Apiece. What I Found Was Alarming

WIRED Threat Level

Opinion: The fact that voter information is left on devices, unencrypted, that are then sold on the open market is malpractice.

Marketing 111
article thumbnail

Chinese Supply Chain Hardware Attack

Schneier on Security

Bloomberg is reporting about a Chinese espionage operating involving inserting a tiny chip into computer products made in China. I've written ( alternate link ) this threat more generally. Supply-chain security is an insurmountably hard problem. Our IT industry is inexorably international, and anyone involved in the process can subvert the security of the end product.

article thumbnail

The Big Payoff of Application Analytics

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

article thumbnail

Sextortion Scam Wields Stolen Passwords, Demands Bitcoins

Data Breach Today

Attackers Send a Leaked Password as 'Proof' Victim Was Hacked Scammers behind an ongoing "sextortion" campaign have been emailing a legitimate password - likely from a publicly leaked list - to victims with a threat to release a compromising video of the recipient unless they pay up in bitcoins, Barracuda Networks warns.

Passwords 237
article thumbnail

Know your enemy – understanding the 7 different types of data breaches

IT Governance

Every day almost 7 million data records are compromised , with no organisation or sector immune. Organisations are facing a war on data breaches, so it’s imperative that ‘know your enemy’ becomes part of their battle tactics. Data breaches come in various forms and sizes – not all incidents are caused by sophisticated cyber attacks. To help you understand what your organisation is facing, here’s a breakdown of some of the most common types of data breaches. 1.

article thumbnail

Amazon And The Bridge Too Far

John Battelle's Searchblog

Yesterday, I lost it over a hangnail and a two-dollar bottle of hydrogen peroxide. You know when a hangnail gets angry, and a tiny red ball of pain settles in for a party on the side of your finger? Well, yeah. That was me last night. My usual solution is to stick said finger into a bottle of peroxide for a good long soak. But we were out of the stuff, so, as has become my habit, I turned to Amazon.