May, 2019

article thumbnail

Change is scary. Disruption is scary. Being left behind is scarier

DXC Technology

The world of work is about to change dramatically. Truthfully, it already has been for some time, driven by stunning advances in digital technology and a shift in the job market toward a gig economy. But the already torrid pace of change will accelerate over the next 15 years, rendering unrecognizable many of the tools […].

article thumbnail

Should Failing Phish Tests Be a Fireable Offense?

Krebs on Security

Would your average Internet user be any more vigilant against phishing scams if he or she faced the real possibility of losing their job after falling for one too many of these emails? Recently, I met someone at a conference who said his employer had in fact terminated employees for such repeated infractions. As this was the first time I’d ever heard of an organization actually doing this, I asked some phishing experts what they thought (spoiler alert: they’re not fans of this partic

Phishing 230
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Crime Gang Advertises Stolen 'Anti-Virus Source Code'

Data Breach Today

Researchers: 'Fxmsp' Russian Hacking Collective Exploits Victims Via RDP and Active Directory The "Fxmsp" hacker collective has been advertising source code that it claims to have stolen from three top U.S. anti-virus software development firms, as well as remote access to the companies' neworks, warns fraud-prevention firm Advanced Intelligence.

Access 279
article thumbnail

How Encryption Became the Board’s New Best Friend

Thales Cloud Protection & Licensing

Originally published in TEISS on May 1, 2019. For many years, encryption has been viewed as a burden on businesses – expensive, complex and of questionable value. How things have changed. In just the past few years (and hundreds of high-profile breaches and £Trillions of economic damage later), cyber threats became impossible for the boardroom to ignore.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

List of data breaches and cyber attacks in May 2019 – 1.39 billion records leaked

IT Governance

The cyber security story for May 2019 is much the same as it was last month, with one mammoth breach raising the monthly total. The offender this time is the First American Financial Corp. , which breached sixteen years’ worth of insurance data. That incident accounted for more than 60% of all of May’s breached records. In total, at least 1,389,463,242 records were compromised.

More Trending

article thumbnail

SNP faces fines for data protection breach after election mailing error

The Guardian Data Protection

Party refers itself to ICO after voters receive campaign letters not addressed to them The Scottish National party faces being fined for a breach of data protection laws after sending out tens of thousands of European election mailings to the wrong addresses. The Information Commissioner’s Office confirmed on Friday morning that the SNP have referred itself for investigation after voters across Scotland received letters addressed to strangers or neighbours.

111
111
article thumbnail

Legal Threats Make Powerful Phishing Lures

Krebs on Security

Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Such scams typically notify the recipient that he/she is being sued, and instruct them to review the attached file and respond within a few days — or else. Here’s a look at a recent spam campaign that peppered more than 100,000 business email addresses with fake legal threats harboring malware.

Phishing 277
article thumbnail

FBI Shutters DeepDotWeb Portal; Suspected Admins Arrested

Data Breach Today

Suspects Accused of Receiving Bitcoins Worth Millions for Referral Fees The DeepDotWeb portal, which provided a guide to darknet marketplaces, has been shut down and its alleged administrators arrested. Police say the suspected lead administrator, an Israeli based in Brazil who has been arrested at a Paris airport, amassed bitcoins for referral fees worth millions of dollars.

IT 275
article thumbnail

Securing Sensitive Data in Pivotal Cloud Foundry

Thales Cloud Protection & Licensing

The Cloud Security Challenge. It’s no secret that cloud technology usage is pervasive among enterprises. According to the 2019 Thales Data Threat Report -Global Edition, some 90 percent of 1,200 responding data security professionals worldwide report their organizations are using the cloud. While the agility and cost-saving benefits of cloud technologies are compelling, the need to protect sensitive application data remains.

Cloud 111
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Protecting Yourself from Identity Theft

Schneier on Security

I don't have a lot of good news for you. The truth is there's nothing we can do to protect our data from being stolen by cybercriminals and others. Ten years ago, I could have given you all sorts of advice about using encryption, not sending information over email, securing your web connections, and a host of other things­ -- but most of that doesn't matter anymore.

Passwords 109
article thumbnail

Russian military plans to replace Windows with Astra Linux

Security Affairs

The Russian army seems to be in the process of replacing the Windows system with the Debian-based Linux distribution Astra Linux. Cyber security seems to subvert the globalization concept, governments are working to develop their own technology fearing possible espionage and sabotage activities of foreign states. The Russian military is in the process of replacing the Windows system with the Linux distribution Astra Linux.

Military 110
article thumbnail

The Law Being Used to Prosecute Julian Assange Is Broken

WIRED Threat Level

Opinion: Julian Assange is being prosecuted under the Computer Fraud and Abuse Act, a minimally defined statute that can have maximally destructive consequences.

Security 110
article thumbnail

Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003

Krebs on Security

Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003 , citing the discovery of a “wormable” flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017. The May 2017 global malware epidemic WannaCry affected some 200,000 Windows systems in 150 countries.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Lack of Secure Coding Called a National Security Threat

Data Breach Today

The lack of secure coding is a pervasive and serious threat to national security, according to a new paper from the Institute for Critical Infrastructure Technology. In an interview, Rob Roy, co-author of the report, outlines what steps should be taken to encourage or enforce secure coding practices.

Security 270
article thumbnail

BYOE offers Data Security and Compliance in the Cloud

Thales Cloud Protection & Licensing

We are seeing more organizations use a ‘lift and shift’ policy, where data is moved to the cloud to satisfy project requirements. But safe migration to the cloud requires that the process be secure, compliant and easy to implement. The 1,200 data security professionals worldwide who were surveyed for the 2019 Thales Data Threat Report-Global Edition tell us that protecting sensitive data in the cloud is becoming increasingly complex.

Cloud 104
article thumbnail

Ignore the hysteria, Cloud Foundry is just fine

DXC Technology

Recently, Rishidot analyst Krishnan Subramanian proclaimed the Cloud Foundry, Platform-as-a-Service (PaaS) cloud, had met its demise as a standalone platform. Really? That’s news to me, and I cover Cloud Foundry like paint. What got Subramanian so frazzled was Cloud Foundry started offering Docker in place of its own container runtime, Garden.

Cloud 105
article thumbnail

LulZSec and Anonymous Ita hackers published sensitive data from 30,000 Roman lawyers

Security Affairs

A group of hackers has stolen and published online sensitive data of 30,000 Roman lawyers, including the Mayor of Rome. The announcement was made on Twitter by Lulzsec and Anonymous Ita. The story is very simple, LulZSec, the collective of hackers recently hit the Italian Ministry of the Environment, has collected a huge amount of data belonging to 30,000 Roman lawyers.

Access 109
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Why Are Cryptographers Being Denied Entry into the US?

Schneier on Security

In March, Adi Shamir -- that's the "S" in RSA -- was denied a US visa to attend the RSA Conference. He's Israeli. This month, British citizen Ross Anderson couldn't attend an awards ceremony in DC because of visa issues. (You can listen to his recorded acceptance speech.) I've heard of at least one other prominent cryptographer who is in the same boat.

105
105
article thumbnail

Account Hijacking Forum OGusers Hacked

Krebs on Security

Ogusers[.]com — a forum popular among people involved in hijacking online accounts and conducting SIM swapping attacks to seize control over victims’ phone numbers — has itself been hacked, exposing the email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 forum users. On May 12, the administrator of OGusers explained an outage to forum members by saying a hard drive failure had erased several months’ worth of private messages, forum post

Passwords 220
article thumbnail

GDPR: Europe Counts 65,000 Data Breach Notifications So Far

Data Breach Today

$63 Million in Fines Imposed Since Privacy Law Went Into Full Effect European privacy authorities have received nearly 65,000 data breach notifications since the EU's General Data Protection Regulation went into full effect in May 2018. Privacy regulators have also imposed at least $63 million in GDPR fines.

article thumbnail

Federal cybersecurity: breaking down the barriers to adoption

Thales Cloud Protection & Licensing

Over the last two election cycles, we’ve seen an increased focus on election security, hacking and fraud. While many state and government officials are under no illusion that they are safe from a digital attack, concern should run deeper than election integrity. Most federal security issues are a result of well-known long-standing vulnerabilities that agencies have not addressed.

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

What is Jamf School?

Jamf

Jamf School, formerly ZuluDesk, helps teachers get the most from their Apple devices. Jamf’s mobile device management (MDM) school solution means that teachers and IT professionals receive an MDM school powerhouse for running today’s modern classroom.

MDM 98
article thumbnail

Japan will develop its first-ever malware as a defense measure against cyber attacks

Security Affairs

The news was reported by the Kyodo News and has caught my attention, Japan will develop its first-ever computer virus as defense against cyber attacks. The Kyodo News revealed that Japan will develop its first-ever computer virus as a defense measure against cyber attacks and that the development will be completed by next March. The Defense Ministry plans to use the malware as a vaccine that could neutralize the other malicious codes.

IT 108
article thumbnail

Data-Driven Enterprise Architecture: Why Enterprise Architects Need to Look at Data First

erwin

It’s time to consider data-driven enterprise architecture. The traditional approach to enterprise architecture – the analysis, design, planning and implementation of IT capabilities for the successful execution of enterprise strategy – seems to be missing something … data. I’m not saying that enterprise architects only worry about business structure and high-level processes without regard for business needs, information requirements, data processes, and technology changes necessary to exec

Metadata 104
article thumbnail

How personal social media use can become a corporate problem

IT Governance

Most of us use social media to keep in touch with friends, read interesting content or share photos, but we also know it comes with risk. How private our data really is and whether or not “they” are listening is constantly in the news, but do you know the risks of personal social media use to your business? In Techworld’s recent article summarising some of the most infamous data breaches in the UK, Facebook, Google+ and Reddit are all featured.

Education 103
article thumbnail

The Big Payoff of Application Analytics

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

article thumbnail

After 2 Years, WannaCry Remains a Threat

Data Breach Today

Poorly Written Ransomware Still Infects Unpatched Systems Two years after WannaCry tore a path of destruction through the world, the ransomware remains a danger, with many systems still vulnerable to the EternalBlue or EternalRomance exploits that started it all.

article thumbnail

Germany Talking about Banning End-to-End Encryption

Schneier on Security

Der Spiegel is reporting that the German Ministry for Internal Affairs is planning to require all Internet message services to provide plaintext messages on demand, basically outlawing strong end-to-end encryption. Anyone not complying will be blocked, although the article doesn't say how. (Cory Doctorow has previously explained why this would be impossible.).

article thumbnail

ITALY: First GDPR fine issued!

DLA Piper Privacy Matters

The first GDPR fine was issued in Italy by the Garante for the lack of implementation of privacy security measures following a data breach on the so-called Rousseau platform operating the websites of the Movimento 5 Stelle party. The fact of the case relating to the Rousseau platform. Several websites affiliated to the Italian political party Movimento 5 Stelle are run, through a data processor, through the platform named Rousseau.

GDPR 102