Troy Hunt

SEPTEMBER 17, 2019

Allow me to be controversial for a moment: arbitrary password restrictions on banks such as short max lengths and disallowed characters don't matter. Also, allow me to argue with myself for a moment: banks shouldn't have these restrictions in place anyway. I want to put forward cases for both arguments here because seeing both sides is important. I want to help shed some light on why this practice happens and argue pragmatically both for and against.

Passwords 95

Passwords Authentication Security IT 95

Data Breach Today

SEPTEMBER 12, 2019

Researchers Say Mirai Derivatives and EternalBlue Exploits Pummel Internet-Connected Devices Two years after WannaCry wrecked havoc via flaws in SMB_v1 and three years after Mirai infected internet of things devices en masse via default credentials, attackers are increasingly targeting the same flaws, security experts warn.

IoT 249

IoT Security 249

WIRED Threat Level

SEPTEMBER 27, 2019

Any iPhone device from 2011 to 2017 could soon be jailbroken, thanks to an underlying flaw that there's no way to patch.

Security 96

Security 96

Data Breach Today

SEPTEMBER 27, 2019

'Unusual Activity' By Third-Party Service Provider to Blame Food delivery startup DoorDash says 4.9 million customer, contractor and merchant records were breached after "unusual activity" by a third-party service provider. Even aside from the usual identification data, experts say certain, specific data - such as food allergies - could pose risks in the wrong hands.

Risk 262

Risk 262

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

Data Breach Today

SEPTEMBER 9, 2019

Beyond 'Patch or Perish' - CISOs' Risk-Based Approach to Fixing Vulnerabilities Every week seems to bring a fresh installment of "patch or perish." But security experts warn that patch management, or the larger question of vulnerability management, must be part of a much bigger-picture approach to managing risk. And the challenge continues to get more complex.

Risk 219

Risk Security 219

erwin

SEPTEMBER 5, 2019

Why planning your 5G roadmap requires significant input from enterprise architects. 5G is coming and bringing with it the promise to transform any industry. And while the focus has been on the benefits to consumers, the effects on the enterprise are far- reaching. Few examples of emerging technology have the potential to disrupt and downright revolutionize certain markets and processes than 5G.

IoT 111

IoT Marketing Cloud IT 111

Security Affairs

SEPTEMBER 12, 2019

SimJacker is a critical vulnerability in SIM cards that could be exploited by remote attackers to compromise any phones just by sending an SMS. Cybersecurity researchers at AdaptiveMobile Security disclosed a critical vulnerability in SIM cards dubbed SimJacker that could be exploited by remote attackers to compromise targeted mobile phones and spy on victims just by sending an SMS.

Manufacturing 111

Manufacturing Security Cybersecurity Risk 111

Thales Cloud Protection & Licensing

SEPTEMBER 12, 2019

Now that it’s September, the excitement is beginning to build in earnest for the 2019 Rugby World Cup. Sports fans aren’t the only ones who are looking forward to this event. Unfortunately, digital criminals are also closely following the buzz surrounding this tournament. It’s not like bad actors haven’t taken an interest in major sporting events before.

Security 105

Security IoT Personal data Military 105

IBM Big Data Hub

SEPTEMBER 5, 2019

Among organizations investing in AI hardware, software or services, more will buy IBM and rely on Watson than any other vendor. This according to a new IDC report which names IBM as 2018’s market leader in AI. So just what sets apart IBM as leader of the AI provider pack?

Marketing 106

Marketing 106

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Data Breach Today

SEPTEMBER 19, 2019

Symantec Sees New Tortoiseshell Gang Hitting Targets in Middle East A hacker group called Tortoiseshell has been hitting targets in the Middle East since at least July 2018, apparently targeting IT service providers to gain access to many potential targets at once. The campaign is fresh proof that criminals and nation-state attackers alike continue to favor supply chain attacks.

IT 253

IT Access 253

Krebs on Security

SEPTEMBER 9, 2019

The U.S. Secret Service is investigating a breach at a Virginia-based government technology contractor that saw access to several of its systems put up for sale in the cybercrime underground, KrebsOnSecurity has learned. The contractor claims the access being auctioned off was to old test systems that do not have direct connections to its government partner networks.

IT 233

IT Government Military Access 233

erwin

SEPTEMBER 19, 2019

Data governance isn’t a one-off project with a defined endpoint. It’s an on-going initiative that requires active engagement from executives and business leaders. Data governance, today, comes back to the ability to understand critical enterprise data within a business context, track its physical existence and lineage, and maximize its value while ensuring quality and security.

Government 108

Government Risk Compliance Communications 108

Security Affairs

SEPTEMBER 5, 2019

New problems to Facebook , phone numbers associated with more than 400 million accounts of the social network giant were exposed online. A new privacy incident involved Facebook, according to TechCruch, phone numbers associated with 419 million accounts of the social network giant were exposed online. The data was found by Sanyam Jain, a security researcher and member of the GDI Foundation, who contacted TechCrunch because he was able to contact the owner of the archive. .

Privacy 106

Privacy Archiving Passwords Access 106

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Thales Cloud Protection & Licensing

SEPTEMBER 4, 2019

The weeklong “hacker summer camp” of the combined Black Hat and DefCon drew over 22,000 attendees to Las Vegas last month. Overall, we continue to think the security industry is still ripe for commoditization, especially from the cloud providers who have the capacity to simply offer features as a default. Last year we thought we saw evidence that security vendors were consolidating and on the cusp of providing higher order services to meet this threat, but we didn’t see much evidence of that str

IoT 104

IoT Paper Risk Encryption 104

Dark Reading

SEPTEMBER 21, 2019

VPNs are critical pieces of the security infrastructure, but they can be vulnerable, hackable, and weaponized against you. Here are seven things to be aware of before you ignore your VPN.

Security 93

Security 93

Data Breach Today

SEPTEMBER 11, 2019

September's Patch Tuesday Addresses Elevation of Privileges Flaws As part of its September Patch Tuesday security update, Microsoft issued software fixes for two vulnerabilities in several versions of Windows that it says are being exploited by attackers in the wild. Security experts are urging IT teams to quickly patch these flaws.

Security 251

Security IT 251

eSecurity Planet

SEPTEMBER 12, 2019

These IT security vendors lead the market through their innovative offerings, range of products and services, customer satisfaction and annual revenue

Cybersecurity 102

Cybersecurity Marketing Security IT 102

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

erwin

SEPTEMBER 26, 2019

The benefits of Data Vault automation from the more abstract – like improving data integrity – to the tangible – such as clearly identifiable savings in cost and time. So Seriously … You Should Automate Your Data Vault. By Danny Sandwell. Data Vault is a methodology for architecting and managing data warehouses in complex data environments where new data types and structures are constantly introduced.

Healthcare 108

Healthcare Compliance Government Access 108

Security Affairs

SEPTEMBER 17, 2019

Tens of millions of records belonging to passengers of two airline companies owned by Lion Air have been exposed and exchanged on forums. Data belonging to passengers of two airline companies owned by Lion Air have been exposed and exchanged on forums. The information was left exposed online on an unsecured Amazon bucket, the records were stored in two databases in a directory containing backup files mostly for Malindo Air and Thai Lion Air.

Security 106

Security IT Data breaches 106

Thales Cloud Protection & Licensing

SEPTEMBER 17, 2019

As government agencies get back to work after summer barbeques, family vacations and once-in-a-lifetime getaways, the focus is on the priorities for the rest of 2019. Cybersecurity remains one of the top concerns and priorities for our government. The focus on the rest of 2019 and looking ahead to 2020 was very clear when I attended two recent industry events.

IoT 101

IoT Government Cloud Encryption 101

Adam Levin

SEPTEMBER 4, 2019

The CEO of a UK-based energy firm lost the equivalent of $243,000 after falling for a phone scam that implemented artificial intelligence, specifically a deepfake voice. The Wall Street Journal reported that the CEO of an unnamed UK energy company received a phone call from what sounded like his boss, the CEO of a German parent company, telling him to wire €220,000 (roughly $243,000) to a bank account in Hungary.

Artificial Intelligence 93

Artificial Intelligence Insurance Security IT 93

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

Customer Experience

Data Breach Today

SEPTEMBER 24, 2019

Attackers Sending Emails Promising Copy of 'Permanent Record' A week after the Emotet botnet crept back to life, the attackers behind it are already trying a new way to ensnare victims - using Edward Snowden's newly released memoir as a phishing lure, according to the security firm Malwarebytes.

Phishing 246

Phishing Security IT 246

Schneier on Security

SEPTEMBER 5, 2019

A decade ago, the Doghouse was a regular feature in both my email newsletter Crypto-Gram and my blog. In it, I would call out particularly egregious -- and amusing -- examples of cryptographic " snake oil.". I dropped it both because it stopped being fun and because almost everyone converged on standard cryptographic libraries, which meant standard non-snake-oil cryptography.

Encryption 93

Encryption Artificial Intelligence Paper Libraries 93

erwin

SEPTEMBER 12, 2019

Strong internal business process modeling and management helps data-driven organizations compete and lead. In short, an internal business process is a documented account of how things should be done to maximize efficiency and achieve a particular goal. In the book “Exponential Organizations” by Salim Ismail, Michael S. Malone and Yuri van Geest , the authors, examine how every company is or will evolve into an information-based entity in which costs fall to nearly zero, abundance replaces scarci

Marketing 101

Marketing Financial Services Government Communications 101

Security Affairs

SEPTEMBER 16, 2019

A flaw in LastPass password manager leaks credentials from previous site. An expert discovered a flaw in the LastPass password manager that exposes login credentials entered on a site previously visited by a user. Tavis Ormandy, the popular white-hat hacker at Google Project Zero, has discovered a vulnerability in the LastPass password manager that exposes login credentials entered on a site previously visited by a user.

Passwords 106

Passwords Security IT Information Security 106

Advertisement

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

Analytics

IT Governance

SEPTEMBER 17, 2019

We have good news for those looking for help complying with the GDPR (General Data Protection Regulation) : new guidance has been released on how to create effective data privacy controls. ISO 27701 explains what organisations must do to when implementing a PIMS (privacy information management system). The advice essentially bolts privacy processing controls onto ISO 27001 , the international standard for information security, and provides a framework to establish the best practices required by

Data Privacy 92

Data Privacy GDPR Compliance Privacy 92

Lenny Zeltser

SEPTEMBER 26, 2019

What malware analysis approaches work well? Which don’t? How are the tools and methodologies evolving? The following discussion–captured as an MP3 audio file –offers friendly advice from 5 malware analysts. These are some of the practitioners who teach the reverse-engineering malware course (FOR610) at SANS Institute: Jim Clausing : Security Architect at AT&T and Internet Storm Center Handler (Panelist) Evan Dygert : Senior Security Engineer for Blue Cross Blue Shield Assoc

Security 91

Security Information Security 91

Data Breach Today

SEPTEMBER 10, 2019

Also Hot: Payment Card Numbers, Identity Packets, DDoS Attacks, Shell Companies Cybercrime is surging, thanks in no small part due to the easy availability of inexpensive hacking tools and services. A recent look at black market offerings by security firm Armor finds that the sale of stolen payment card data, RDP credentials, ransomware and DDoS services remains alive and well.

Marketing 245

Marketing Access Sales Ransomware 245