July, 2019

article thumbnail

How should you investigate a data breach?

IT Governance

Digital Guardian recently asked a group of cyber security experts what the most important step is following a data breach. Several answered with some variation of ‘find out how it happened’. This might seem counterproductive: with so much post-breach chaos, from isolating the incident and letting staff know what’s going on to getting back to work and notifying affected individuals, surely it’s a time to be looking forward, not backward.

article thumbnail

Capital One: Where Did the Bank Fail on Defense?

Data Breach Today

Experts Say Bank May Have Made Several Errors The cause of Capital One's breach is known. But experts say the incident still raises questions over why Capital One held onto personal data so long and if the bank was adequately monitoring administrator accounts.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Attorney General William Barr on Encryption Policy

Schneier on Security

Yesterday, Attorney General William Barr gave a major speech on encryption policy -- what is commonly known as "going dark." Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it. Some hold this view dogmatically, claiming that it is technologically impossible to provide lawful access without weakening security against unlawful access.

article thumbnail

QuickBooks Cloud Hosting Firm iNSYNQ Hit in Ransomware Attack

Krebs on Security

Cloud hosting provider iNSYNQ says it is trying to recover from a ransomware attack that shut down its network and has left customers unable to access their accounting data for the past three days. Unfortunately for iNSYNQ, the company appears to be turning a deaf ear to the increasingly anxious cries from its users for more information about the incident.

Cloud 253
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

The Changing Face of Data Security in Federal Government

Thales Cloud Protection & Licensing

I recently had the pleasure of sharing some industry insights from our 2019 Data Threat Report-Federal Edition on Cyberwire’s Daily Podcast –specifically addressing the gap in security responsibility many federal agencies face today as they move tremendous amounts of sensitive data into multicloud environments. We also discussed a new digital landscape where perimeter defense is no longer effective.

More Trending

article thumbnail

New OMB/NARA Memorandum on Transition to Electronic Records

National Archives Records Express

Late last week, the Office of Management and Budget (OMB) and NARA jointly issued a new memorandum with guidance on managing Federal records. The new memo, titled Transition To Electronic Records (OMB/NARA M-19-21) is available at [link]. NARA is pleased to have the Administration’s continuing support for modernizing Federal agency recordkeeping and bringing about the necessary transformation to a fully electronic government.

article thumbnail

Leak Confirms Google Speakers Often Record Without Warning

Data Breach Today

The Cost of 'Smart Home AI Assistants': Humans Review Audio of What People Say George Orwell's "1984" posited a world in which Big Brother monitored us constantly via "telescreens." But thanks to our "smart" AI home assistants - from Google, Amazon and others - we're increasingly installing the monitoring equipment ourselves, and it may "hear" much more than we realize.

IT 276
article thumbnail

ACT police admit they unlawfully accessed metadata more than 3,000 times

The Guardian Data Protection

Police seeking legal advice about two cases that resulted in information that ‘may have been used in a prosecution’ ACT Policing has admitted it unlawfully accessed citizens’ metadata a total of 3,365 times, not 116 as previously disclosed in an explosive commonwealth ombudsman’s report on Monday. The new disclosures include a total of 240 cases that resulted in information valuable to criminal investigations and two that “may have been used in a prosecution”.

Metadata 110
article thumbnail

Android devices could be hacked by playing a video due to CVE-2019-2107 flaw

Security Affairs

Watch out! Playing a video on Android devices could be a dangerous operation due to a critical CVE-2019-2107 RCE flaw in Android OS between version 7.0 and 9.0. Playing a specially-crafted video on devices with the Android’s native video player application could allow attackers to compromise them due to a dangerous critical remote code execution flaw.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Protecting America’s Critical Infrastructure

Thales Cloud Protection & Licensing

From taking a shower, to brewing your coffee, and watching the news, your morning routine is fueled by the energy sector. If you’re like millions of other Americans, your TV is connected to the Internet and uses technology generated from the nation’s power grid. But the energy sector also underpins our emergency and response systems, our hospitals and healthcare, our schools, our businesses, and virtually everything we do as a society.

article thumbnail

Business Architecture and Process Modeling for Digital Transformation

erwin

At a fundamental level, digital transformation is about further synthesizing an organization’s operations and technology, so involving business architecture and process modeling is a best practice organizations cannot ignore. This post outlines how business architecture and process modeling come together to facilitate efficient and successful digital transformation efforts.

article thumbnail

Amazon Admits Alexa Voice Recordings Saved Indefinitely

Threatpost

Amazon's acknowledgment that it saves Alexa voice recordings - even sometimes after consumers manually delete their interaction history - has thrust voice assistant privacy policies into the spotlight once again.

Privacy 106
article thumbnail

US Cyber Command Warns of Outlook Vulnerability Exploits

Data Breach Today

Researchers Say Attackers Could Have Ties to Iranian-Backed APT Group The U.S. Cyber Command has issued a warning that attackers are attempting to exploit an older vulnerability in Microsoft Outlook to plant remote access Trojans or other types of malware within government networks. Some researchers say the exploits could be tied to an Iranian-backed threat group.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

How to Protect Our Kids' Data and Privacy

WIRED Threat Level

Opinion: Kids today have an online presence starting at birth, which raises a host of legal and ethical concerns. We desperately need a new data protection framework.

Privacy 109
article thumbnail

Hackers compromised a Canonical GitHub account, Ubuntu source code was not impacted

Security Affairs

Yesterday, July 6, 2019, hackers breached the GitHub account of Canonical Ltd., the company behind the Ubuntu Linux distribution. On July 6, 2019, hackers have breached the GitHub account of Canonical Ltd., the organization behind the Ubuntu Linux distribution. The company immediately launched an investigation, the good news is that the source code of the popular Linux distro was not impacted. “We can confirm that on 2019-07-06 there was a Canonical owned account on GitHub whose credential

Security 107
article thumbnail

Four emerging digital payments standards you don’t want to catch you by surprise

Thales Cloud Protection & Licensing

Digital payments growth. According to 451 Research, digital payment channels are expected to grow from $2.8 trillion in 2018 to $5.8 trillion in 2022. That’s seven times the rate of in-store growth. Within digital payments, mobile payment transactions are expected to overtake e-commerce transactions in 2019 and represent 55% of transactions by 2022.

article thumbnail

Why EA Needs to Be Part of Your Digital Transformation Strategy

erwin

Enterprise architecture (EA) isn’t dead, you’re just using it wrong. Part three of erwin’s digital transformation blog series. . I’ll let you in on a little secret: the rumor of enterprise architecture’s demise has been greatly exaggerated. However, the truth for many of today’s fast-moving businesses is that enterprise architecture fails. But why?

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

The Netherlands – First GDPR fine imposed: EUR 460,000

DLA Piper Privacy Matters

Today, the Dutch Data Protection Authority ( Autoriteit Persoonsgegevens , “ Dutch DPA “) issued its first GDPR-fine of EUR 460,000. The fine is imposed on the Dutch Haga Hospital for having an insufficient internal security of patient records. The fact that the first GDPR-fine was imposed on a hospital isn’t a complete surprise, as already in December 2018, the Dutch DPA already announced that it would focus its enforcement actions on the public and health sector.

GDPR 104
article thumbnail

Security Flaw Exposed Valid Airline Boarding Passes

Data Breach Today

Amadeus Patches Check-In Software Used by Hundreds of Airlines A vulnerability in global airline check-in software used by 500 airlines could have been exploited to download other individuals' valid boarding passes, potentially giving them access to restricted airport spaces, warns security expert David Stubley. The flaw in Amadeus travel software has now been fixed.

Security 268
article thumbnail

The War for Cyber Talent Will Be Won by Retention not Recruitment

Dark Reading

Six steps for creating a work environment that challenges, stimulates, rewards, and constantly engages employees fighting the good fight against cybercriminals.

109
109
article thumbnail

0v1ru$ hackers breach FSB contractor SyTech and expose Russian intel projects

Security Affairs

SyTech , a contractor for the Federal Security Service of the Russian Federation (FSB) has been hacked, attackers stole data about interna l projects. Attackers have hacked SyTech, a contractor for the Federal Security Service of the Russian Federation (FSB), and exfiltrated data about interna l projects. According to the Russian media, SyTech has been working with FSB since 2009, in particular, they contributed to several projects for FSB unit 71330 and for fellow contractor Quantum.

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

US Journalist Detained When Returning to US

Schneier on Security

Pretty horrible story of a US journalist who had his computer and phone searched at the border when returning to the US from Mexico. After I gave him the password to my iPhone, Moncivias spent three hours reviewing hundreds of photos and videos and emails and calls and texts, including encrypted messages on WhatsApp, Signal, and Telegram. It was the digital equivalent of tossing someone's house: opening cabinets, pulling out drawers, and overturning furniture in hopes of finding something -- any

Mining 101
article thumbnail

A VxWorks Operating System Bug Exposes 200 Million Critical Devices

WIRED Threat Level

VxWorks is designed as a secure, "real-time" operating system for continuously functioning devices, like medical equipment, elevator controllers, or satellite modems.

Security 104
article thumbnail

Dutch DPA Expands Guidance on Data Breaches

Hunton Privacy

On July 1, 2019, the Dutch Data Protection Authority ( Autoriteit Persoonsgegevens , (the “Dutch DPA”)) announced that it had expanded its guidance on data breaches. The updates aim to answer questions about data breaches received by the Dutch DPA from organizations since 2016. In particular, the Dutch DPA expanded its Q&As section on the obligation to report data breaches and on how companies must react in the event of a data breach.

article thumbnail

More US Cities Battered by Ransomware

Data Breach Today

Infected City Fires IT Manager; New Victims in Florida, Georgia More U.S. cities and other governmental units reportedly have been hit by ransomware in an unrelenting wave that has proved profitable for hackers. Here's a roundup of the latest incidents.

article thumbnail

The Big Payoff of Application Analytics

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

article thumbnail

How to handle a ransomware attack

IT Governance

So, your computer screen has been hijacked by criminals who are demanding money to return your systems. Now what? That’s a question more organisations are having to ask themselves nowadays, with at least 55 ransomware attacks reported in the first half of 2019. Many victims feel forced to pay up, because it’s the quickest and least expensive way to get back to business as usual.

article thumbnail

New FinFisher spyware used to spy on iOS and Android users in 20 countries

Security Affairs

Malware researchers from Kaspersky have discovered new and improved versions of the infamous FinFisher spyware used to infect both Android and iOS devices. Experts at Kaspersky have discovered a new improved variant of the FinFisher spyware used to spy on both iOS and Android users in 20 countries. According to the experts, the new versions have been active at least since 2018, one of the samples analyzed by Kaspersky was used last month in Myanmar, where local government is accused of violating

article thumbnail

Applied Cryptography is Banned in Oregon Prisons

Schneier on Security

My Applied Cryptography is on a list of books banned in Oregon prisons. It's not me -- and it's not cryptography -- it's that the prisons ban books that teach people to code. The subtitle is "Algorithms, Protocols, and Source Code in C" -- and that's the reason. My more recent Cryptography Engineering is a much better book for prisoners, anyway.

IT 99