June, 2018

article thumbnail

How to Avoid Card Skimmers at the Pump

Krebs on Security

Previous stories here on the proliferation of card-skimming devices hidden inside fuel pumps have offered a multitude of security tips for readers looking to minimize their chances of becoming the next victim, such as favoring filling stations that use security cameras and tamper-evident tape on their pumps. But according to police in San Antonio, Texas, there are far more reliable ways to avoid getting skimmed at a fuel station.

article thumbnail

Mobile security advances to stopping device exploits ? not just detecting malicious apps

The Last Watchdog

The most profound threat to corporate networks isn’t the latest, greatest malware. It’s carbon-based life forms. Humans tend to be gullible and impatient. With our affiliations and preferences put in play by search engines and social media, we’re perfect patsies for social engineering. And because we are slaves to convenience, we have a propensity for taking shortcuts when it comes to designing, configuring and using digital systems.

Security 144
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Data Governance Best Practices in the GDPR Era

Data Breach Today

Matt Lock of Varonis on the Need to Have a Baseline for Data Access Behavior GDPR requires organizations to "have a governance model in terms of access and control and accountability," says Matt Lock of Varonis, who describes essential steps.

GDPR 178
article thumbnail

Real-life examples of social engineering ? part 2

IT Governance

Last month, I published an article looking at two examples of the use of social engineering in everyday life. I’d like to continue the theme of that article by talking about three other social engineering attacks that caused great damage. Diamonds, diamonds, DIAMONDS. If you’re planning on stealing USD$27.9 million worth of diamonds, then all you need is some chocolate and a smile.

Phishing 110
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Australia drafts laws forcing Facebook and Google to reveal encrypted data

The Guardian Data Protection

Security agencies would be given access to encrypted messaging apps under bid to ‘modernise’ laws Technology companies such as Facebook and Google would be forced to give Australian security agencies access to encrypted data under legislation to be introduced by the Turnbull government. But the government has refused to say how the security agencies would access the data.

More Trending

article thumbnail

Plant Your Flag, Mark Your Territory

Krebs on Security

Many people, particularly older folks, proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including everything from utilities and mobile phones to retirement benefits and online banking services. The reasoning behind this strategy is as simple as it is alluring: What’s not put online can’t be hacked.

Paper 185
article thumbnail

Why big companies ignore SAP security patches ? and how that could bite them, big time

The Last Watchdog

Threat actors in the hunt for vulnerable targets often look first to ubiquitous platforms. It makes perfect sense for them to do so. Related article: Triaging open-source exposures. Finding a coding or design flaw on Windows OS can point the way to unauthorized to access to a treasure trove of company networks that use Windows. The same holds true for probing widely used open source protocols, as occurred when Heartbleed and Shellshock came to light.

Security 154
article thumbnail

Hackers Demand $770,000 Ransom From Canadian Banks

Data Breach Today

Cybercrime: FBI Says Ransomware, Extortion Continue to Dominate Hackers have reportedly demanded a ransom from Bank of Montreal and Simplii Financial in exchange for not dumping 90,000 customers' account details on a fraud forum. The FBI says online extortion and ransomware remain the top two types of cybercrime it's seeing today.

article thumbnail

Marketing Firm Exactis Leaked a Personal Info Database With 340 Million Records

WIRED Threat Level

The leak may include data on hundreds of millions of Americans, with hundreds of details for each, from demographics to personal interests.

Marketing 111
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

British campaigners file US lawsuit against firms controlled by Arron Banks

The Guardian Data Protection

Case filed in a Mississippi court alleges data mined in UK was illegally sent abroad by two of Banks’s companies A British public interest group has filed a lawsuit in a Mississippi court against two companies controlled by Arron Banks, the pro-Brexit donor, following allegations that the firms may have violated UK data protection rules in an attempt to sway the 2016 vote to leave the EU.

Mining 96
article thumbnail

How to respond to a data subject access request

IT Governance

A key change to data subjects’ rights under the EU General Data Protection Regulation (GDPR) is the right to ask organisations what data they hold about the data subject. Although this was possible under the Data Protection Act 1998, organisations now have only 30 days to respond, and cannot charge an admin fee for doing so. What is a data subject access request (DSAR)?

Access 90
article thumbnail

Google to Fix Location Data Leak in Google Home, Chromecast

Krebs on Security

Google in the coming weeks is expected to fix a location privacy leak in two of its most popular consumer products. New research shows that Web sites can run a simple script in the background that collects precise location data on people who have a Google Home or Chromecast device installed anywhere on their local network. Craig Young , a researcher with security firm Tripwire , said he discovered an authentication weakness that leaks incredibly accurate location information about users of both

IoT 178
article thumbnail

Will cryptocurrency mining soon saturate AWS, Microsoft Azure and Google Cloud?

The Last Watchdog

Don’t look now but cryptojacking may be about to metastasize into the scourge of cloud services. Cryptojacking, as defined by the Federal Trade Commission , is the use of JavaScript code to capture cryptocurrencies in users’ browsers without asking permission. There’s a temptation to dismiss it as a mere nuisance; companies deep into ‘digital transformation,’ in particular, might be lulled into this sort of apathy.

Mining 137
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Massive CIA Hacking Tool Leak: Ex-Agency Employee Charged

Data Breach Today

Lead Suspect Joshua A. Schulte Already Detained on Child Pornography Charges The U.S. Department of Justice has charged a former CIA officer, 29-year-old Joshua A. Schulte, with providing 8,000 documents that describe the agency's offensive malware tools and practices to WikiLeaks, which published them in 2017 as the "Vault 7" archive.

Archiving 188
article thumbnail

The New Satellite Arms Race Threatening to Explode in Space

WIRED Threat Level

Trump’s call for a “Space Force” escalates a quiet, dangerous contest between the US, China, and Russia—one whose consequences no one really understands.

Security 106
article thumbnail

Dixons Carphone reveals data breach affecting 5.9 million customers

The Guardian Data Protection

Consumer electronics retailer apologises and says there is currently no evidence of fraud Dixons Carphone has revealed a major breach of data involving unauthorised access to 5.9 million customers cards and 1.2 million personal records. The consumer electronics retailer said it had detected an attempt to compromise the cards in a processing system at Currys PC World and Dixons Travel, but said there was no evidence of any fraud as a result of the incident.

article thumbnail

GP practice fined £35K for failing to secure medical records

IT Governance

The Information Commissioner’s Office (ICO) has fined London surgery Bayswater Medical Centre (BMC) £35,000 after highly sensitive medical information was left unsecured in an empty building. According to the ICO, the data was left exposed for more than 18 months – this included medical records, prescription information and patient identifiable medicines.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Librarian Sues Equifax Over 2017 Data Breach, Wins $600

Krebs on Security

In the days following revelations last September that big-three consumer credit bureau Equifax had been hacked and relieved of personal data on nearly 150 million people , many Americans no doubt felt resigned and powerless to control their information. But not Jessamyn West. The 49-year-old librarian from a tiny town in Vermont took Equifax to court.

article thumbnail

VASCO rebrands as OneSpan, makes acquisition, to support emerging mobile banking services

The Last Watchdog

Bank patrons in their 20s and 30s, who grew up blanketed with digital screens, have little interest in visiting a brick-and-mortar branch, nor interacting with a flesh-and-blood teller. This truism is pushing banks into unchartered territory. They are scrambling to invent and deliver a fresh portfolio of mobile banking services that appeal to millennials.

Mining 142
article thumbnail

Marketing Firm Exposes 340 Million Records on US Consumers

Data Breach Today

2 Terabyte Database Includes Up To 150 Fields With US Consumers' Data A computer security researcher has discovered a vast marketing database containing 340 million records on U.S. consumers. The database is the latest in a long line of databases to have been left exposed to the internet without authentication, thus putting people's personal data at risk.

Marketing 186
article thumbnail

Crime Fighting Gets High-Tech Advances Palantir, Axom, and More

WIRED Threat Level

Beyond big data, officers are increasingly turning to software and ­predictive analytics from companies like Palantir to anticipate when and where misdeeds are likely to occur.

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Q&A: Saadia Muzaffar talks responsible innovation, diversity, and the OpenText Women in Technology Summit

OpenText Information Management

If you don’t already know her, it’s time you met Saadia Muzaffar. Saadia is an incredible tech entrepreneur, author, and passionate advocate of responsible innovation. In addition, Saadia is driving forward the agenda of decent work for everyone, prosperity of immigrant talent in STEM careers, and diversity and inclusion in the Canadian technology industry.

88
article thumbnail

How to prepare for a penetration test

IT Governance

Conducting a successful penetration test is a challenge for even the most experienced tester. It involves much more than simply running tools and probing systems. Rather, it requires a lot of skill and experience, as testers need to know what vulnerabilities to look for, where to find them and how to exploit them. However, penetration testing isn’t a dark art.

article thumbnail

AT&T, Sprint, Verizon to Stop Sharing Customer Location Data With Third Parties

Krebs on Security

In the wake of a scandal involving third-party companies leaking or selling precise, real-time location data on virtually all Americans who own a mobile phone, AT&T , Sprint and Verizon now say they are terminating location data sharing agreements with third parties. At issue are companies known in the wireless industry as “location aggregators,” entities that manage requests for real-time customer location data for a variety of purposes, such as roadside assistance and emergenc

Privacy 158
article thumbnail

As 2-factor authentication falls short, ‘adaptive multi-factor authentication’ goes mainstream

The Last Watchdog

The use of an additional form of authentication to protect the accessing of a sensitive digital system has come a long way over the past decade and a half. Most individuals today are nonplussed when required, under certain circumstances, to retrieve a one-time passcode, pushed out in a text message to their smartphone, and then typing the passcode to gain access to a privileged account.

article thumbnail

The Big Payoff of Application Analytics

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

article thumbnail

Cryptocurrency Theft: $1.1 Billion Stolen in Last 6 Months

Data Breach Today

Exchanges Remain Prime Target; Easily Available Hacking Tools Aid Attackers As bitcoin continues its massive price fluctuations, a new report says criminals have continued their push to get extortion and ransom payments in more stable cryptocurrencies. But bitcoins remain a top target for hackers, who most often choose to directly target cryptocurrency exchanges.

IT 185
article thumbnail

5 Tips for Protecting SOHO Routers Against the VPNFilter Malware

Dark Reading

Most home office users need to simply power cycle their routers and disable remote access; enterprises with work-at-home employees should move NAS behind the firewall.

Access 90
article thumbnail

IEEE Statement on Strong Encryption vs. Backdoors

Schneier on Security

The IEEE came out in favor of strong encryption: IEEE supports the use of unfettered strong encryption to protect confidentiality and integrity of data and communications. We oppose efforts by governments to restrict the use of strong encryption and/or to mandate exceptional access mechanisms such as "backdoors" or "key escrow schemes" in order to facilitate government access to encrypted data.