The Last Watchdog

FEBRUARY 6, 2019

We’re just a month and change into the new year, and already there have been two notable developments underscoring the fact that some big privacy and civil liberties questions need to be addressed before continuing the wide-scale deployment of advanced facial recognition systems. This week civil liberties groups in Europe won the right to challenge the UK’s bulk surveillance activities in the The Grand Chamber of the European Court of Human Rights.

Privacy 109

Privacy Retail Authentication Artificial Intelligence 109

Schneier on Security

FEBRUARY 6, 2019

In Gmail addresses, the dots don't matter. The account "bruceschneier@gmail.com" maps to the exact same address as "bruce.schneier@gmail.com" and "b.r.u.c.e.schneier@gmail.com" -- and so on. (Note: I own none of those addresses, if they are actually valid.). This fact can be used to commit fraud : Recently, we observed a group of BEC actors make extensive use of Gmail dot accounts to commit a large and diverse amount of fraud.

Sales 84

Sales Security IT 84

Security Affairs

FEBRUARY 4, 2019

Researchers at Trend Micro discovered at least 29 malicious photo editing and beauty apps that were able to perform several malicious activities. Crooks continue to abuse Google Play store to distribute malicious apps, this time experts at Trend Micro discovered at least 29 malicious photo editing and beauty apps that were stealing users’ photos.

Phishing 98

Phishing Security Access IT 98

Data Breach Today

FEBRUARY 6, 2019

Netherlands, Germany and UK Have Logged the Most Data Breach Reports Since the EU's GDPR went into full effect, European data protection authorities have received over 59,000 data breach reports, with the Netherlands, Germany and the U.K. receiving the greatest number of notifications, according to the law firm DLA Piper.

Data breaches 260

Data breaches GDPR 260

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

Krebs on Security

FEBRUARY 8, 2019

A highly targeted, malware-laced phishing campaign landed in the inboxes of multiple credit unions last week. The missives are raising eyebrows because they were sent only to specific anti-money laundering contacts at credit unions, and many credit union sources say they suspect the non-public data may have been somehow obtained from the National Credit Union Administration (NCUA), an independent federal agency that insures deposits at federally insured credit unions.

Phishing 245

Phishing Insurance IT 245

Security Affairs

FEBRUARY 6, 2019

Google patched a critical flaw in its Android OS that allows an attacker to send a specially crafted PNG image file to hack a target device, Opening an image file on your smartphone could allow attackers to hack into your Android device due to three critical vulnerabilities, CVE-2019-1986, CVE-2019-1987, and CVE-2019-1988. The flaws affect millions of Android devices running versions of the Google OS, ranging from Android 7.0 Nougat to the latest Android 9.0 Pie.

Manufacturing 108

Manufacturing Security IT 108

Data Breach Today

FEBRUARY 8, 2019

Latest in a Series of Substantial HHS Penalties for Violations Federal regulators have hit a California-based healthcare provider with a $3 million HIPAA settlement related to two breaches involving misconfigured IT. It's the latest in a recent series of hefty penalties issued in HIPAA cases.

IT 255

IT 255

Krebs on Security

FEBRUARY 4, 2019

Godaddy.com , the world’s largest domain name registrar, recently addressed an authentication weakness that cybercriminals were using to blast out spam through legitimate, dormant domains. But several more recent malware spam campaigns suggest GoDaddy’s fix hasn’t gone far enough, and that scammers likely still have a sizable arsenal of hijacked GoDaddy domains at their disposal.

Ransomware 231

Ransomware e-Delivery Encryption Authentication 231

AIIM

FEBRUARY 7, 2019

AIIM19 is coming soon to San Diego on March 26-28 and as usual the gathering will be the place to be for information management professionals. If you plan on attending you should mark your calendar for an important roundtable session called “When You Are in the Storm: Content Analytics & ECM Implementation Across the Enterprise” being hosted by John Daly, Information Governance Manager the Metropolitan Sewer District in St.

ECM 80

ECM Analytics ROT Information governance 80

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Security Affairs

FEBRUARY 4, 2019

Metro Bank has become the first major bank to disclose SS7 attacks against its customers, but experts believe it isn’t an isolated case. A new type of cyber attack was used for the first time against the Metro Bank, threat actors are leveraging known flaws in the SS7 signaling protocol to intercept the codes sent via text messages to customers to authorize transactions.

IT 108

IT Authentication Financial Services Access 108

Data Breach Today

FEBRUARY 5, 2019

Fresh SS7 Fraud Highlights Ongoing Call Routing Weaknesses A U.K. bank says no customers lost money after cyberattackers attempted account takeovers by rerouting one-time passcodes, Motherboard reports. Such attacks involve unauthorized tampering with Signaling System #7, the protocol used to route mobile phone calls worldwide.

235

235

WIRED Threat Level

FEBRUARY 6, 2019

Opinion: Cryptocurrencies are useless. Blockchain solutions are frequently much worse than the systems they replace. Here's why.

Blockchain 111

Blockchain Security 111

IT Governance

FEBRUARY 5, 2019

It sounds crazy to the uninitiated, but organisations across the globe pay people to break into their systems and find sensitive information. The reason they do this is simple: to catch a thief, you must think like one. Organisations hire ethical hackers to make sure they have someone who’s one step ahead of the tactics that crooks use. With the vulnerabilities the ethical hacker discovers, organisations can implement defences to stop criminals before they’ve had a chance to target the organisat

Phishing 93

Phishing Government Access IT 93

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Security Affairs

FEBRUARY 7, 2019

A zero-day vulnerability in macOS Mojave can be exploited by malware to steal plaintext passwords from the Keychain. The security expert Linus Henze has disclosed the existence of a zero-day vulnerability in macOS Mojave that can be exploited by malware to steal plaintext passwords from the Keychain. According to Henze, the flaw affects macOS Mojave and earlier versions.

Passwords 107

Passwords Security IT 107

Data Breach Today

FEBRUARY 8, 2019

No Signs of Data Theft; Password Resets Ordered Hackers have breached the Australian Parliament's network, although investigators say they have found no evidence that attackers stole any data. But Parliament's presiding officers said all users have been ordered to reset their passwords as a precaution.

Passwords 226

Passwords 226

Data Matters

FEBRUARY 7, 2019

On 23 January 2019, the European Data Protection Board (EDPB) adopted an opinion on the interplay between the EU Clinical Trials Regulation (CTR) and the EU General Data Protection Regulation (GDPR). The Opinion addresses the appropriate legal basis for the processing of personal data in the context of clinical trials (primary use), and the secondary use of clinical trial data.

GDPR 83

GDPR Personal data Archiving Privacy 83

Dark Reading

FEBRUARY 7, 2019

Vulnerable plugin for a remote management tool gave attackers a way to encrypt systems belonging to all customers of a US-based MSP.

Ransomware 106

Ransomware Encryption 106

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Security Affairs

FEBRUARY 3, 2019

Hungarian police arrested a young hacker because he discovered and exploited serious vulnerabilities in the systems of the Magyar Telekom. Which are the risks for a hacker that decide to publicly disclose a vulnerability? The case I’m going to discuss shows us legal implication for this conduct. Last year, Hungarian law enforcement arrested a young hacker (20) because he discovered and exploited serious vulnerabilities in the systems of the Magyar Telekom, the major Hungarian telecommunica

Retail 106

Retail Risk Access Security 106

Data Breach Today

FEBRUARY 8, 2019

Zero Days Being Exploited; Apple Contributes to 'FacePalm' Bug Finder's Tuition Apple has issued an iOS update that patches two flaws being exploited in the wild by attackers as well as the "FalmPalm" bug in Group FaceTime. Apple says it compensated the teenager who reported the FaceTime flaw and gave him an extra gift toward his tuition.

IT 225

IT 225

Data Matters

FEBRUARY 6, 2019

On December 3, 2018, twelve attorneys general (“AGs”) jointly filed a data breach lawsuit against Medical Informatics Engineering and its subsidiary, NoMoreClipboard LLC (collectively “the Company”), an electronic health records company, in federal district court in Indiana. See Indiana v. Med. Informatics Eng’g, Inc. , No. 3:18-cv-00969 (N.D. Ind. filed Dec. 3, 2018).

Data breaches 83

Data breaches Computer and Electronics Security Insurance 83

Dark Reading

FEBRUARY 6, 2019

Several airlines send unencrypted links to passengers for flight check-in that could be intercepted by attackers to view passenger and other data, researchers found.

86

86

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Security Affairs

FEBRUARY 5, 2019

A security expert discovered a severe Remote Code Execution vulnerability in the popular LibreOffice and Apache OpenOffice. The security researcher Alex Inführ discovered a severe remote code execution vulnerability in LibreOffice and Apache OpenOffice that could be exploited by tricking victims into opening an ODT (OpenDocument Text) file embedding an event embedded.

File names 105

File names Libraries Security IT 105

Data Breach Today

FEBRUARY 5, 2019

Business and Healthcare Sectors Suffered Most US Breaches, ITRC Finds In 2018, the Identity Theft Resource Center counted 1,244 U.S. data breaches - involving the likes of Facebook, Marriott and Exactis - that exposed 447 million sensitive records, such as Social Security numbers, medical diagnoses and payment card data.

Data breaches 224

Data breaches Security 224

OpenText Information Management

FEBRUARY 7, 2019

OpenText™ is thrilled to be recognized by Gartner as a Leader in the 2018 Magic Quadrant for Web Content Management. In its annual review, Gartner evaluated 18 web content management vendors on objective criteria supported by customer references. The report ensures “decision makers keen to deliver effective digital experiences will be better placed to identify … The post Analyst’s view: OpenText named a leader appeared first on OpenText Blogs.

Customer Experience 83

Customer Experience IT 83

IBM Big Data Hub

FEBRUARY 4, 2019

Join Dion Hinchcliffe as he stars in his first comic book, leading the charge to uncover the keys to a trusted, business-ready analytics foundation to know, trust, and use your data.

Digital transformation 84

Digital transformation Analytics 84

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Security Affairs

FEBRUARY 4, 2019

Security experts identified nearly 500,000 Ubiquit devices that may be affected by a vulnerability that has already been exploited in the wild. Security experts are warning Ubiquit users of a vulnerability that has already been exploited in the wild. Last week, the researcher Jim Troutman, consultant and director of the Northern New England Neutral Internet Exchange (NNENIX), revealed that threat actors had been targeting Ubiquiti installs exposed online.

Access 104

Access Security IT 104

Data Breach Today

FEBRUARY 6, 2019

Government, Industry Need to Work More Closely on Response Plans Without improved coordination, the U.S. government and private companies could be caught flat-footed if a nation-state hit the software supply chain with malware or a worm, according to a new report that echoes conclusions made over the last decade and calls for closer industry-government ties.

Government 223

Government 223

IT Governance

FEBRUARY 8, 2019

Mumsnet has disclosed a data breach that occurred during a software update between 5-7 February. A technical error meant that users who logged on simultaneously were directed to someone else’s account. . The site’s founder, Justine Roberts, said that up to 4,000 users logged in while the vulnerability (which sounds like a caching glitch) was effective, but only 14 users have confirmed that they were affected. .

Data breaches 82

Data breaches Encryption Passwords Government 82