February, 2019

article thumbnail

Blockchain and Trust

Schneier on Security

article thumbnail

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Krebs on Security

The U.S. government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. But to date, the specifics of exactly how that attack went down and who was hit have remained shrouded in secrecy.

Passwords 262
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Data Breach Reports in Europe Under GDPR Exceed 59,000

Data Breach Today

Netherlands, Germany and UK Have Logged the Most Data Breach Reports Since the EU's GDPR went into full effect, European data protection authorities have received over 59,000 data breach reports, with the Netherlands, Germany and the U.K. receiving the greatest number of notifications, according to the law firm DLA Piper.

article thumbnail

Why is Information Management Modernization So Important Right NOW?

AIIM

The combination of cloud technologies plus mobile is a volatile one when it comes to the sustainability of existing organizations. We’ve never before been in a disruptive environment quite like this one, and it demands much more agile approaches to IT. Established incumbents are being challenged on every front. Consider the following: In the banking industry, Better Mortgage can qualify a mortgage loan in 3-minutes and approve it within 24-hours.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Facebook labelled 'digital gangsters' by report on fake news

The Guardian Data Protection

Company broke privacy and competition law and should be regulated urgently, say MPs Facebook deliberately broke privacy and competition law and should urgently be subject to statutory regulation, according to a devastating parliamentary report denouncing the company and its executives as “digital gangsters”. The final report of the Digital, Culture, Media and Sport select committee’s 18-month investigation into disinformation and fake news accused Facebook of purposefully obstructing its inquiry

Privacy 111

More Trending

article thumbnail

PDF zero-day samples harvest user data when opened in Chrome

Security Affairs

Experts at Exploit detection service EdgeSpot detected several PDF documents that exploit a zero-day flaw in Chrome to harvest user data. Exploit detection service EdgeSpot spotted several PDF documents that exploit a zero-day vulnerability in Chrome to harvest data on users who open the files through the popular web browser. The experts initially detected the specially-crafted PDF files in December 2018.

article thumbnail

Phishers Target Anti-Money Laundering Officers at U.S. Credit Unions

Krebs on Security

A highly targeted, malware-laced phishing campaign landed in the inboxes of multiple credit unions last week. The missives are raising eyebrows because they were sent only to specific anti-money laundering contacts at credit unions, and many credit union sources say they suspect the non-public data may have been somehow obtained from the National Credit Union Administration (NCUA), an independent federal agency that insures deposits at federally insured credit unions.

Phishing 244
article thumbnail

Password Managers Leave Crumbs in Memory, Researchers Warn

Data Breach Today

Popular Password Managers for Windows Fail to Tidy Up Before Locking Up Shop A security audit of popular password manager has revealed some concerning weaknesses. Luckily, none of the problems are showstoppers that should put people off using such applications. But the research shows that some password managers need to more thoroughly scrub data left in memory.

Passwords 259
article thumbnail

5 ways organizations can benefit from machine learning

IBM Big Data Hub

Machine learning (ML) offers huge potential to help compliance and legal teams accomplish many of their most important rule tracking, employee monitoring and documentation activities.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Facebook May Be Fined for Billions for Cambridge Analytica Scandal

Adam Levin

Facebook’s long string of privacy scandals may (finally) have some meaningful repercussions by way of a multi-billion dollar fine from the Federal Trade Commission. The social media giant has been under investigation by the FTC since March 2018 in the wake of the Cambridge Analytica scandal, which affected 87 million users and may have been a pivotal influence in the 2016 election campaign.

Privacy 99
article thumbnail

The Ocado fire – when disaster recovery becomes real

IT Governance

The recent fire at Ocado has been a devastating blow to the company and the local community. Hundreds of firefighters were involved in tackling the blaze; the smoke billowed for more than 48 hours, darkening the Hampshire sky; surrounding homes and businesses were evacuated due to the risk of explosion, and those further afield advised to keep windows and doors shut; and some firefighters needed treatment for smoke inhalation.

Retail 103
article thumbnail

Docker runc flaw opens the door to a ‘Doomsday scenario’

Security Affairs

Security experts found a serious flaw tracked CVE-2019-5736 affecting runc , the default container runtime for Docker, containerd , Podman, and CRI-O. Aleksa Sarai, a senior software engineer at SUSE Linux GmbH, has disclosed a serious vulnerability tracked CVE-2019-5736 affecting runc , the default container runtime for Docker, containerd , Podman, and CRI-O.

Cloud 106
article thumbnail

New Breed of Fuel Pump Skimmer Uses SMS and Bluetooth

Krebs on Security

Fraud investigators say they’ve uncovered a sophisticated new breed of credit card skimmers being installed at gas pumps that is capable of relaying stolen card data via mobile text message, thereby enabling fraudsters to collect it from anywhere in the world. One interesting component of this criminal innovation is a small cellphone and Bluetooth-enabled device hidden inside the contactless payment terminal of the pump, which appears to act as a Bluetooth hub that wirelessly gathers card

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Criminals, Nation-States Keep Hijacking BGP and DNS

Data Breach Today

While Exploitable Protocols and Processes Persist, Adoption of Secure Fixes Lags The internet is composed of a series of networks built on trust. But they can be abused due to weaknesses in older protocols, such as Border Gateway Protocol and the Domain Name System, which were not designed to be secure and are now being abused for online crime and espionage.

Security 255
article thumbnail

The Russian Sleuth Who Outs Moscow's Elite Hackers and Assassins

WIRED Threat Level

Roman Dobrokhotov has been playing a dangerous game for a Russian reporter: identifying agents of the GRU military intelligence agency.

Military 111
article thumbnail

The Who, What and Why of Micro Focus

Micro Focus

Over the past decade, through a combination of organic growth and M&A, Micro Focus has grown precipitously. Today, the company has thousands of employees in 43 countries worldwide, and is one of the largest pure-play enterprise software companies in the world. Yet, despite this size and growth, and likely because the company is headquartered in.

article thumbnail

A 6-step guide to surviving data breaches

IT Governance

Follow our advice to successfully manage risks and respond to a variety of information security incidents. Any day during which you find out that you’ve been breached will be bad. But do you know what would be worse? Realising three days later that you’ve missed the deadline for reporting the incident to your supervisory authority. Under the GDPR (General Data Protection Regulation) , organisations have 72 hours from the moment they become aware of a breach to report the incident.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

ATT&CKized Splunk – Threat Hunting with MITRE’s ATT&CK using Splunk

Security Affairs

Most of us know MITRE and the ATT&CK framework that they have come up with. What a splendid job they have done for the cyber security community by bringing most of the key attack vectors under an organized framework that segregates these attack vectors in various stages of a typical attack. Moreover, not only they have orchestrated the key attack vectors but the mitigation and detection guidance for each attack vector are also part of this framework.

Cloud 105
article thumbnail

Email Provider VFEmail Suffers ‘Catastrophic’ Hack

Krebs on Security

Email provider VFEmail has suffered what the company is calling “catastrophic destruction” at the hands of an as-yet unknown intruder who trashed all of the company’s primary and backup data in the United States. The firm’s founder says he now fears some 18 years’ worth of customer email may be gone forever. Founded in 2001 and based in Milwaukee, Wisc., VFEmail provides email service to businesses and end users.

article thumbnail

Cottage Health Hit With $3 Million HIPAA Settlement

Data Breach Today

Latest in a Series of Substantial HHS Penalties for Violations Federal regulators have hit a California-based healthcare provider with a $3 million HIPAA settlement related to two breaches involving misconfigured IT. It's the latest in a recent series of hefty penalties issued in HIPAA cases.

IT 255
article thumbnail

Celebrating diversity and women in technology in India

OpenText Information Management

This year, OpenText™ sent our first official delegation of talented female employees from our Hyderabad and Bangalore offices to the Grace Hopper Celebration India (GHCI). As Asia’s largest gathering of women technologists, GHCI provided our delegation with incredible learning and networking opportunities. I had the pleasure of joining our inaugural Indian delegation to GHCI in … The post Celebrating diversity and women in technology in India appeared first on OpenText Blogs.

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Attacking Soldiers on Social Media

Schneier on Security

A research group at NATO's Strategic Communications Center of Excellence catfished soldiers involved in an European military exercise -- we don't know what country they were from -- to demonstrate the power of the attack technique. Over four weeks, the researchers developed fake pages and closed groups on Facebook that looked like they were associated with the military exercise, as well as profiles impersonating service members both real and imagined.

article thumbnail

Our Industry Is Failing. Will We Fix It?

John Battelle's Searchblog

If the latest tech revelations have proven anything, it’s that the endless cycle of jaw-dropping headlines and concomitant corporate apologetics has changed exactly nothing. Over and over, the pattern repeats. A journalist, researcher, or concerned citizen finds some appalling externality associated with one of our largest technology platforms.

IT 94
article thumbnail

Security experts released new GandCrab Decryptor for free

Security Affairs

Security experts at BitDefender have released a new version of the GandCrab decryptor able to decrypt versions of GandCrab 1, 4 and 5. Security experts at BitDefender have released a new version of the GandCrab decryptor that could be used to decrypt versions of GandCrab 1, 4 and 5, including the latest version 5.1. The GandCrab decryptor is available for free from BitDefender and from the NoMoreRansom project.

Security 103
article thumbnail

Crooks Continue to Exploit GoDaddy Hole

Krebs on Security

Godaddy.com , the world’s largest domain name registrar, recently addressed an authentication weakness that cybercriminals were using to blast out spam through legitimate, dormant domains. But several more recent malware spam campaigns suggest GoDaddy’s fix hasn’t gone far enough, and that scammers likely still have a sizable arsenal of hijacked GoDaddy domains at their disposal.

article thumbnail

The Big Payoff of Application Analytics

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

article thumbnail

Japan's Credit Card Fraud Debacle

Data Breach Today

Fraudsters Received 20 Percent Cashback for Fraudulent Purchases A convergence of events in December in Japan led to an unprecedented spike in card-not-present fraud. New statistics from a dark web monitoring firm explains how a promotion by PayPay, a third-party payments service, slid sideways.

249
249
article thumbnail

Blockchain White Paper

National Archives Records Express

We are pleased to announce the release of our Blockchain White Paper. The white paper began as an internal effort to assist NARA staff in learning more about the technology and how agencies are using it. While it includes a very high-level overview of the technical aspects of blockchain, it is useful to records managers because it explores the various implications for Federal electronic records management programs.

article thumbnail

There's No Good Reason to Trust Blockchain Technology

WIRED Threat Level

Opinion: Cryptocurrencies are useless. Blockchain solutions are frequently much worse than the systems they replace. Here's why.