The Last Watchdog

APRIL 24, 2019

Accounting for third-party risks is now mandated by regulations — with teeth. Related: Free ‘VRMM’ tool measures third-party exposure Just take a look at Europe’s GDPR , NYDFS’s cybersecurity requirement s or even California’s newly minted Consumer Privacy Act. What does this mean for company decision makers, going forward, especially as digital transformation and expansion of the gig economy deepens their reliance on subcontractors?

Risk 120

Risk IoT Digital transformation Retail 120

Security Affairs

APRIL 26, 2019

One in four internet users use a VPN regularly, but how much does the average user know about what goes on behind the software? Pulling back the curtain, a VPN runs on various VPN protocols that govern the way a VPN client communicates with a VPN server. Different protocols create different ways that connect your device and the internet through encrypted tunnels.

Encryption 88

Encryption Authentication Communications Privacy 88

Schneier on Security

APRIL 26, 2019

Cyberattacks don't magically happen; they involve a series of steps. And far from being helpless, defenders can disrupt the attack at any of those steps. This framing has led to something called the " cybersecurity kill chain ": a way of thinking about cyber defense in terms of disrupting the attacker's process. On a similar note, it's time to conceptualize the "information operations kill chain.

Cybersecurity 109

Cybersecurity Government IT Security 109

Data Breach Today

APRIL 23, 2019

Privacy Peril: Thieves Use Location Data to 'Shop' for High-Value Items Facebook has fixed a security vulnerability in its digital marketplace that could have been abused to identify the precise location of a seller, and by extension, their goods. Police warn that thieves regularly trawl location data to find the owners and locations of high-value items.

Privacy 268

Privacy Security IT 268

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Krebs on Security

APRIL 26, 2019

A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found. A map showing the distribution of some 2 million iLinkP2P-enabled devices that are vulnerable to eavesdropping, password theft and possibly remote compromise, according to new research.

IoT 258

IoT Manufacturing Passwords Computer and Electronics 258

AIIM

APRIL 22, 2019

Recently, AIIM released an eBook titled, State of the Industry – Content Services that examines the current state of Content Services technologies and how user perceptions about them are changing. For this research study, we surveyed over 300 decision-makers from around the world about their focus on Content Services to answer these three core questions: What critical information management problems are users trying to solve with Content Services?

Content services 104

Content services Records Management Information governance Government 104

Data Breach Today

APRIL 22, 2019

Marcus Hutchins, aka MalwareTech, Says He Regrets Coding, Distributing 'Kronos' Marcus Hutchins, the British security researcher who helped stop the massive WannaCry ransomware outbreak in mid-2017, has pleaded guilty to developing and distributing "Kronos" banking malware when he was younger.

Ransomware 250

Ransomware Security 250

Krebs on Security

APRIL 22, 2019

The owner of a Swedish company behind a popular remote administration tool (RAT) implicated in thousands of malware attacks shares the same name as a Swedish man who pleaded guilty in 2015 to co-creating the Blackshades RAT , a similar product that was used to infect more than half a million computers with malware, KrebsOnSecurity has learned. An advertisement for RevCode WebMonitor.

Sales 186

Sales Archiving Encryption Passwords 186

The Last Watchdog

APRIL 22, 2019

It’s clear that closing the cybersecurity skills gap has to happen in order to make our internet-centric world as private and secure as it ought to be. Related: The need for diversity in cybersecurity personnel One of the top innovators in the training space is Circadence ®. The Boulder, CO-based company got its start in the mid-1990s as a pioneer of massive multi-player video games.

Cybersecurity 143

Cybersecurity Artificial Intelligence Military Security 143

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Security Affairs

APRIL 21, 2019

Researcher discovered eight unsecured databases exposed online that contained approximately 60 million records of LinkedIn user data. Researcher Sanyam Jain at GDI foundation discovered eight unsecured databases exposed online that contained approximately 60 million records of LinkedIn user data. Most of the data are publicly available, the databases also include the email addresses of the users.

Data breaches 111

Data breaches Archiving Privacy Education 111

Data Breach Today

APRIL 22, 2019

FTC Reportedly Eyes Holding Mark Zuckberberg Personally Accountable for Privacy "Move fast and break things," Facebook CEO Mark Zuckerberg once said of his company's internal motto. But regulators have been increasingly signaling to Facebook that when it comes to users' privacy and data security, too much remains broken.

Privacy 242

Privacy Security IT 242

AIIM

APRIL 24, 2019

Today's businesses run in the cloud. Organizations are embracing a new way of working in a cloud-native environment that enables content to move effortlessly between teams, partners and customers. This is a powerful way to run the business without compromising on security, governance, and compliance. A 2018 IDG Cloud Computing Study found that 77% of enterprises have at least one application or a portion of their enterprise computing infrastructure in the cloud, and adoption is climbing.

Access 86

Access Cloud Compliance Government 86

Schneier on Security

APRIL 22, 2019

This is the best analysis of the software causes of the Boeing 737 MAX disasters that I have read. Technically this is safety and not security; there was no attacker. But the fields are closely related and there are a lot of lessons for IoT security -- and the security of complex socio-technical systems in general -- in here.

IoT 105

IoT Security 105

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Security Affairs

APRIL 22, 2019

The popular jQuery JavaScript library is affected by a rare prototype pollution vulnerability that could allow attackers to modify a JavaScript object’s prototype. The impact of the issue could be severe considering that the jQuery JavaScript library is currently used on 74 percent of websites online, most sites still use the 1.x and 2.x versions of the library that are affected by the ‘Prototype Pollution’ vulnerability.

Libraries 107

Libraries Security IT 107

Data Breach Today

APRIL 26, 2019

Attackers' Small Malicious Code Tweaks Keep Faking Out Defenders, Researchers Warn Check Point Research has spotlighted attacks against several embassies that show how subtle changes in source code can alter how security professionals can detect and stop different types of malware.

Security 234

Security 234

Hunton Privacy

APRIL 24, 2019

On April 15, 2019, the Greek Data Protection Authority (“DPA”) fined Hellenic Petroleum S.A. EUR 20,000 for unlawful processing of personal data and EUR 10,000 for failing to adopt appropriate data security measures. Hellenic Petroleum S.A. had engaged a vendor to conduct a study on its behalf. The study was exposed online, and its results—which included sensitive data such as political opinions, trade union membership and participation in associations—was publicly accessible on the Internet.

Personal data 98

Personal data GDPR Access IT 98

Schneier on Security

APRIL 23, 2019

From a G7 meeting of interior ministers in Paris this month, an " outcome document ": Encourage Internet companies to establish lawful access solutions for their products and services, including data that is encrypted, for law enforcement and competent authorities to access digital evidence, when it is removed or hosted on IT servers located abroad or encrypted, without imposing any particular technology and while ensuring that assistance requested from internet companies is underpinned by the r

Encryption 102

Encryption Access IT 102

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Security Affairs

APRIL 23, 2019

CheckPoint firm uncovered a cyber espionage campaign leveraging a weaponized version of TeamViewer to target officials in several embassies in Europe. Security experts at CheckPoint uncovered a cyber espionage campaign leveraging a weaponized version of TeamViewer and malware disguised as a top-secret US government document to target officials in several embassies in Europe.

Military 106

Military Phishing Government Security 106

Data Breach Today

APRIL 25, 2019

Questions Loom About Whether Big Fines Will Prompt Privacy Reform Facebook has set aside $3 billion from its first quarter profit to pay for what is likely to be a record-breaking fine from the U.S. Federal Trade Commission. But will mega-fines lead to the reform of tech giants' questionable privacy and security practices?

Privacy 235

Privacy Security IT 235

IT Governance

APRIL 24, 2019

The UK is one of the few countries that has seen a year-on-year reduction in ransomware attacks, a new study has found. According to the 2019 SonicWall Cyber Threat Report , ransomware infections in the UK decreased by 59% in the past year, a stark contrast to the 11% increase globally. Has the UK learned a lesson? Several experts believe the UK’s astounding resilience to ransomware is a direct result of 2017’s WannaCry attack.

Ransomware 98

Ransomware Phishing Risk Government 98

Data Matters

APRIL 26, 2019

In light of the UK’s possible departure from the European Union (EU), currently scheduled for October 31, 2019 (“Exit Day”), the UK Government has passed the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) (No.2) Regulations 2019 (“Regulations”) which enter into force immediately before Exit Day. Under the Regulations, transfers of personal data from the UK to the U.S., that rely on the EU to U.S.

Privacy 88

Privacy Personal data Communications Government 88

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Security Affairs

APRIL 20, 2019

A white hat hacker discovered how to break Tchap, a new secure messaging app launched by the French government for officials and politicians. The popular French white hat hacker Robert Baptiste (aka @fs0c131y) discovered how to break into Tchap , a new secure messaging app launched by the French government for encrypted communications between officials and politicians.

Security 102

Security Encryption Communications Government 102

Data Breach Today

APRIL 25, 2019

APT Group Targets Banks With Backdoor Malware to Penetrate Networks TA505, a sophisticated advanced persistent threat group, is now using legitimately signed certificates to disguise malware that can penetrate banking networks, security researchers warn in a new report.

Security 233

Security 233

Dark Reading

APRIL 23, 2019

What a newly discovered missing link to Stuxnet and the now-revived Flame cyber espionage malware add to the narrative of the epic cyber-physical attack.

105

105

erwin

APRIL 25, 2019

For decades now, the professional world has put a great deal of energy into discussing the gulf that exists between business and IT teams within organizations. They speak different languages, it’s been said, and work toward different goals. Technology plans don’t seem to account for the reality of the business, and business plans don’t account for the capabilities of the technology.

Digital transformation 94

Digital transformation Government Education Communications 94

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

Customer Experience

Security Affairs

APRIL 24, 2019

Security experts are warning of a dangerous zero-day remote code vulnerability that affects the Oracle WebLogic service platform. Oracle WebLogic wls9_async and wls-wsat components are affected by a deserialization remote command execution zero-day vulnerability. New Oracle #WebLogic #RCE #Deserialization 0-day Vulnerability. No vendor fix yet! Speak to @waratek for guaranteed active protection against 0-day RCE attacks with no blacklists, signatures, or profiling #NoSourceCodeChanges [link]

Access 99

Access Security IT 99

Data Breach Today

APRIL 25, 2019

'Five Eyes' Partners Commit to Putting Threat Intelligence Into Public's Hands The director of Britain's GCHQ intelligence agency said at this week's CyberUK conference that declassifying and putting "time-critical, secret information" for stopping online threats into the public's hands "in a matter of seconds" is an imperative.

212

212

OpenText Information Management

APRIL 22, 2019

Research has consistently shown that senior management within the insurance sector think digital transformation is critical to their business. While executives see transformation as essential, achieving success is proving to be much more difficult, with a global report recently published by Cap Gemini suggests that insurance companies are lagging behind other Financial Services organizations.

Digital transformation 92

Digital transformation Insurance Financial Services Customer Experience 92