June, 2019

article thumbnail

The Next Big Privacy Hurdle? Teaching AI to Forget

WIRED Threat Level

Privacy 96
article thumbnail

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

The Last Watchdog

Locking down firmware. This is fast becoming a profound new security challenge for all companies – one that can’t be pushed to a side burner. Related: The rise of ‘memory attacks’ I’m making this assertion as federal authorities have just commenced steps to remove and replace switching gear supplied, on the cheap, to smaller U.S. telecoms by Chinese tech giant Huawei.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Unsecured Database Leaves 8.4TB of Email Metadata Exposed

Data Breach Today

Shanghai Jiao Tong University Has Since Locked-Down Elasticsearch Server A security researcher found an unsecured database belonging to the Shanghai Jiao Tong University in China that contained 8.4TB of email metadata. While it's not clear if anyone accessed the data, an attacker could have seen all email being sent or received by a specific person.

Metadata 275
article thumbnail

LabCorp: 7.7 Million Consumers Hit in Collections Firm Breach

Krebs on Security

Medical testing giant LabCorp. said today personal and financial data on some 7.7 million consumers were exposed by a breach at a third-party billing collections firm. That third party — the American Medical Collection Agency (AMCA) — also recently notified competing firm Quest Diagnostics that an intrusion in its payments Web site exposed personal, financial and medical data on nearly 12 million Quest patients.

Insurance 241
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Is Your Data Safe in the Cloud?

Thales Cloud Protection & Licensing

As organizations move more of their sensitive data to cloud platforms for the efficiency, flexibility and scalability that it promises, security and control continue to be a significant obstacle to this adoption. Although the 2019 Thales Data Threat Report-Global Edition tells us that 90% of organizations report using the cloud and 71% say they are using sensitive data in cloud environments, it also finds that, globally, 60% of organizations surveyed have been breached at some point in their his

Cloud 127

More Trending

article thumbnail

List of data breaches and cyber attacks in June 2019 ­– 39.7 million records leaked

IT Governance

After a rampant start to the year for data breaches and cyber attacks, it’s about time we went one month without at least one massive security incident. June 2019’s total of 39,713,046 breached records is the lowest since May last year – the month that the GDPR (General Data Protection Regulation) came into effect. Is this the start of the long-awaited ‘GDPR bounce’?

article thumbnail

NASA hacked! An unauthorized Raspberry Pi connected to its network was the entry point

Security Affairs

NASA Office of Inspector General revealed that the Agency’s network was hacked in April 2018, intruders exfiltrated roughly 500 MB of data related to Mars missions. According to a report published by the NASA Office of Inspector General, hackers breached the Agency’s network in April 2018 and remained undetected for nearly a year. The report says that hackers stole roughly 500 MB of data related to Mars missions from NASA’s Jet Propulsion Laboratory in Southern California.

IT 111
article thumbnail

Instagram Shows Kids' Contact Details in Plain Sight

Data Breach Today

Sharing Email Address, Phone Numbers May Be Risky, Experts Say Tens of thousands of minors on Instagram expose their email addresses and phone numbers, which child-safety and privacy experts say is worrisome. The kids have turned their profiles from personal ones to business ones, which Instagram mandates must have contact details. But is that appropriate for a child?

Privacy 267
article thumbnail

Tracing the Supply Chain Attack on Android

Krebs on Security

Earlier this month, Google disclosed that a supply chain attack by one of its vendors resulted in malicious software being pre-installed on millions of new budget Android devices. Google didn’t exactly name those responsible, but said it believes the offending vendor uses the nicknames “ Yehuo ” or “ Blazefire.” What follows is a deep dive into the identity of that Chinese vendor, which appears to have a long and storied history of pushing the envelope on mobile mal

Cloud 239
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Digital Transformation Examples: Three Industries Dominating Digital Transformation

erwin

Digital transformation examples can be found almost anywhere, in almost any industry. Its past successes – and future potential – are well documented, chronicled in the billion-dollar valuations of the frontrunners in the practice. Amazon began as a disruptor to brick-and-mortar bookstores, eventually becoming one of the most obvious digital transformation examples as it went on to revolutionize online shopping.

article thumbnail

Rethinking the detection of child sexual abuse imagery on the Internet

Elie

In order to scale CSAI protections moving forward, we discuss techniques for automating detection and response by using recent advancements in machine learning.

110
110
article thumbnail

Quantum-Resistant TLS in Go

Thales Cloud Protection & Licensing

Quantum computing attacks may have already begun. Confidential data is being exchanged using algorithms that will eventually be broken by quantum computers. Even though attackers cannot break the communications today (for we lack sufficiently powerful quantum computers), they can patiently record them for future analysis. Perhaps the most popular way to share confidential data between two remote parties is through a TLS connection.

article thumbnail

5 ways to detect a phishing email – with examples

IT Governance

Phishing is one of the most longstanding and dangerous methods of cyber crime. It uses deceptive messages to trick victims into clicking bogus links, downloading malicious attachments or sending sensitive information. Despite what people think they know about phishing, they consistently fall victim. According to Verizon’s 2019 Data Breach Investigations Report , 32% of all cyber attacks involved phishing.

Phishing 111
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Second Florida City Pays Up Following Ransomware Attack

Data Breach Today

After Struggling With Recovery, City Negotiates a Ransom Payment A second small city in Florida is paying off cybercriminals to recover from a ransomware attack that crippled the municipality's local network. How much did Lake City agree to pay, and how much of that was covered by insurance?

article thumbnail

Breach at Cloud Solution Provider PCM Inc.

Krebs on Security

A digital intrusion at PCM Inc. , a major U.S.-based cloud solution provider, allowed hackers to access email and file sharing systems for some of the company’s clients, KrebsOnSecurity has learned. El Segundo, Calif. based PCM [ NASDAQ:PCMI ] is a provider of technology products, services and solutions to businesses as well as state and federal governments.

Cloud 238
article thumbnail

Recently a large chunk of European mobile traffic was rerouted through China Telecom

Security Affairs

On June 6, for more than two hours China Telecom re-routed through its infrastructure a large chunk of European mobile traffic. In November security researchers Chris C. Demchak and Yuval Shavitt published a paper that detailed how China Telecom has been misdirecting Internet traffic through China over the past years. The experts speculate that they were intentional BGP Hijacking attacks.

Paper 109
article thumbnail

Update on ICE Schedule

National Archives Records Express

NARA is in the final stages of our records scheduling process with U.S. Immigration and Customs Enforcement (ICE) for schedule DAA-0567-2015-0013, Detainee Records. This schedule was originally proposed to NARA on October 26, 2015. NARA published notice of the pending schedule in the Federal Register on July 14, 2017. The schedule, which covers records related to deaths of detainees and allegations of sexual assault and abuse of detainees, received a record number of public comments.

IT 108
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

I'm Leaving IBM

Schneier on Security

Today is my last day at IBM. If you've been following along, IBM bought my startup Resilient Systems in Spring 2016. Since then, I have been with IBM, holding the nicely ambiguous title of "Special Advisor." As of the end of the month, I will be back on my own. I will continue to write and speak, and do the occasional consulting job. I will continue to teach at the Harvard Kennedy School.

Access 106
article thumbnail

The state of European cybersecurity and lessons to learn

Thales Cloud Protection & Licensing

As one of our recent blogs discussed, we are entering a new era of business – one that will see wholesale digital transformation drive a digital-first approach by businesses globally. And as our 2019 Thales Data Threat Report – Europe Edition recently revealed, many of these businesses become extremely vulnerable during digital transformation, with those in Europe being no different.

article thumbnail

Unsecured Database Leaves 8.4 TB of Email Metadata Exposed

Data Breach Today

Shanghai Jiao Tong University Has Since Locked-Down Elasticsearch Server A security researcher found an unsecured database belonging to the Shanghai Jiao Tong University in China that contained 8.4 TB of email metadata. While it's not clear if anyone accessed the data, an attacker could have seen all email being sent or received by a specific person.

Metadata 252
article thumbnail

Collections Firm Behind LabCorp, Quest Breaches Files for Bankruptcy

Krebs on Security

A medical billing firm responsible for a recent eight-month data breach that exposed the personal information on nearly 20 million Americans has filed for bankruptcy, citing “enormous expenses” from notifying affected consumers and the loss of its four largest customers. The filing, first reported by Bloomberg, comes from the Retrieval-Masters Creditors Bureau , the parent company of the American Medical Collection Agency (AMCA).

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Fort Worth IT Professionals Fired for Reporting Cybersecurity Issues: What We Know

Security Affairs

In October 2017, the city of Fort Worth, Texas became the target of a phishing scam. Their accounts payable department received an email that appeared to be from Imperial Construction, a company that was doing business with the city at the time. The sender of the email, later identified as Gbenga A. Fadipe, requested a change of account. The scam email prompted the department to change an electronic deposit from Plains Capital Bank to a different account with Chase Bank.

article thumbnail

Malware Coming to a Mac Near You? Yes, Say Security Firms

Dark Reading

While the password-cracking Mimikatz took top honors, Mac-targeted malware accounted for two of the 10 most detected malware samples, according to WatchGuard.

Passwords 111
article thumbnail

CNIL Fines French Real Estate Service Provider for Data Security and Retention Failures

Hunton Privacy

On June 6, 2019, the French Data Protection Authority (the “CNIL”) announced that it levied a fine of €400,000 on SERGIC, a French real estate service provider, for failure to (1) implement appropriate security measures and (2) define data retention periods for the personal data of unsuccessful rental candidates. Background. SERGIC provides real estate services through its website, which allows rental candidates to download any supporting documentation that may be required for the allocation of

article thumbnail

What does it mean to be Canadian?

OpenText Information Management

On this Canada Day, I thought of no better question to ask myself than: “What does it mean to be Canadian?” For nearly a decade, I have served as CEO and CTO at OpenText, Canada’s largest software company and member of the TSX-60. It is and will always be the greatest professional honour of my … The post What does it mean to be Canadian? appeared first on OpenText Blogs.

IT 102
article thumbnail

The Big Payoff of Application Analytics

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

article thumbnail

Cloud Hopper: Major Cloud Services Victims Named

Data Breach Today

Reuters Says Fujitsu, Tata, NTT Data, Dimension Data, CSC and DXC Affected Six major cloud services providers apparently were victims of Cloud Hopper, an umbrella name for deep cyber intrusions suspected to originate in China, Reuters reports. The report also alleges Cloud Hopper-affected companies withheld information from their clients for reasons of liability and bad publicity.

Cloud 252
article thumbnail

Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers

Krebs on Security

It might be difficult to fathom how this isn’t already mandatory, but Microsoft Corp. says it will soon force all Cloud Solution Providers (CSPs) that help companies manage their Office365 accounts to use multi-factor authentication. The move comes amid a noticeable uptick in phishing and malware attacks targeting CSP employees and contractors.

article thumbnail

Massive DDos attack hit Telegram, company says most of junk traffic is from China

Security Affairs

Encrypted messaging service Telegram was hit by a major DDoS attack apparently originated from China, likely linked to the ongoing political unrest in Hong Kong. Telegram was used by protesters in Hong Kong to evade surveillance and coordinate their demonstrations against China that would allow extraditions from the country to the mainland. The country is facing the worst political crisis ùsince its 1997 handover from Britain to China.