Sat.Jan 19, 2019 - Fri.Jan 25, 2019

article thumbnail

How the U.S. Govt. Shutdown Harms Security

Krebs on Security

The ongoing partial U.S. federal government shutdown is having a tangible, negative impact on cybercrime investigations, according to interviews with federal law enforcement investigators and a report issued this week by a group representing the interests of FBI agents. Even if lawmakers move forward on new proposals to reopen the government, sources say the standoff is likely to have serious repercussions for federal law enforcement agencies for years to come.

Security 250
article thumbnail

How Cybercriminals Clean Their Dirty Money

Dark Reading

By using a combination of new cryptocurrencies and peer-to-peer marketplaces, cybercriminals are laundering up to an estimated $200 billion in ill-gotten gains a year. And that's just the beginning.

90
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GUEST POST: Six tangible ways ‘SOAR’ can help narrow the cybersecurity skills gap

The Last Watchdog

article thumbnail

Cisco Studies Global Impact of GDPR

Data Breach Today

Cisco is out with findings from its 2019 Data Privacy Benchmark Study, which shows the impact of GDPR compliance as well as how customers are asking more questions about how their data is secured. Cisco Chief Privacy Officer Michelle Dennedy analyzes the survey.

GDPR 269
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

Two of the most disruptive and widely-received spam email campaigns over the past few months — including an ongoing sextortion email scam and a bomb threat hoax that shut down dozens of schools, businesses and government buildings late last year — were made possible thanks to an authentication weakness at GoDaddy.com , the world’s largest domain name registrar, KrebsOnSecurity has learned.

More Trending

article thumbnail

Microsoft Exchange zero-day and exploit could allow anyone to be an admin

Security Affairs

The security expert Dirk- jan Mollema with Fox-IT discovered a privilege escalation vulnerability in Microsoft Exchange that could be exploited by a user with a mailbox to become a Domain Admin. The experts described the attack scenario in a blog post and published a proof-of-concept code. “In most organisations using Active Directory and Exchange, Exchange servers have such high privileges that being an Administrator on an Exchange server is enough to escalate to Domain Admin.” wrot

article thumbnail

France Hits Google with $57 Million GDPR Fine

Data Breach Today

Record Privacy Fine Sends Strong Signal to Data-Processing Technology Companies France has hit Google with a 50 million euro ($57 million) fine for violating the EU's General Data Protection Regulation. The country's data regulator says Google doesn't inform users in a clear way how their data is being collected and processed for targeted advertising.

GDPR 245
article thumbnail

Three Charged for Working With Serial Swatter

Krebs on Security

The U.S. Justice Department has filed criminal charges against three U.S. men accused of swatting, or making hoax reports of bomb threats or murders in a bid to trigger a heavily armed police response to a target’s address. Investigators say the men, aged 19 to 23, all carried out the attacks with the help of Tyler Barriss , a convicted serial swatter whose last stunt in late 2018 cost Kansas man his life.

IT 186
article thumbnail

Eliminate the challenges of binding: Jamf Connect now integrates with Azure Active Directory

Jamf

Now with one username and password, organizations have the ability to provide users with a simple, unified authentication and account synchronization process — while still offering the best possible Apple experience. Read the full details.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

70,000 affected in B&Q data breach

IT Governance

Home improvement retailer B&Q has suffered a data breach affecting 70,000 of its… well, not customers, exactly. The breached database contained a list of people who had been caught stealing products from B&Q stores. The document included the names of the offenders, the items they had stolen, the value of the goods and the stores they were taken from.

article thumbnail

FBI Agents Say Shutdown is Damaging Cyber Investigations

Data Breach Today

Funding Holdups for Subpoenas and Confidential Sources are Interrupting Probes FBI agents say the government shutdown is impeding their investigations, including cybersecurity probes, with the lack of funding compromising their ability to pay confidential informants, and obtain warrants or subpoenas.

article thumbnail

'The goal is to automate us': welcome to the age of surveillance capitalism

The Guardian Data Protection

Shoshana Zuboff’s new book is a chilling exposé of the business model that underpins the digital world. Observer tech columnist John Naughton explains the importance of Zuboff’s work and asks the author 10 key questions We’re living through the most profound transformation in our information environment since Johannes Gutenberg’s invention of printing in circa 1439.

IT 109
article thumbnail

Motivation is Nice, Relevance Makes Change Happen

AIIM

At AIIM, we believe that every organization is on — or should be on — a Digital Transformation journey. How effectively you navigate this journey relies on how adept your organization is at combatting the rising tide of information chaos. This requires new strategies and skills that extend beyond traditional ECM. We call this modern approach Intelligent Information Management.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Google fined £44 million in landmark GDPR ruling

IT Governance

Google has been fined €50 million (about £44 million) by CNIL, France’s data protection regulator, for a breach of the EU GDPR (General Data Protection Regulation). . It’s by far the biggest fine related to the GDPR, which took effect in May 2018 and gave regulatory bodies much stronger disciplinary powers. . What did Google do wrong? . The CNIL concluded that Google had violated the GDPR in two ways.

GDPR 107
article thumbnail

Healthcare Case Study: Identity and Access Management

Data Breach Today

How can a large healthcare delivery system efficiently handle identity and access management for thousands of clinicians and other users of patient data? Robert Siebenthaler of PeaceHealth explains how his organization, which operates 10 medical centers, has developed a fine-tuned, role-based approach.

Access 197
article thumbnail

One Man’s Obsessive Fight to Reclaim His Cambridge Analytica Data

WIRED Threat Level

David Carroll has been locked in a legal war to force the infamous company to turn over its files on him. He’s won a battle, but the struggle continues.

IT 107
article thumbnail

Unpatched Cisco critical flaw CVE-2018-15439 exposes small Business Networks to hack

Security Affairs

Unpatched critical flaw CVE-2018-15439 could be exploited by a remote, unauthenticated attacker to gain full control over the device. Cisco Small Business Switch software is affected by a critical and unpatched vulnerability (CVE-2018-15439) that could be exploited by a remote, unauthenticated attacker to gain full control over the device. Cisco Small Business Switch SOHO devices allow to manage small local area networks, they are widely adopted in cloud-based, managed and unmanaged “flavors.”.

Passwords 100
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Our Data Governance Is Broken. Let’s Reinvent It.

John Battelle's Searchblog

This is an edited version of a series of talks I first gave in New York over the past week, outlining my work at Columbia. Many thanks to Reinvent, Pete Leyden, Cap Gemini, Columbia University, Cossette/Vision7, and the New York Times for hosting and helping me. Prelude. I have spent 30-plus years in the tech and media industries, mainly as a journalist, observer, and founder of companies that either make or support journalism and storytelling.

article thumbnail

DHS Issues More Urgent Warning on DNS Hijacking

Data Breach Today

Government Agencies Should Audit DNS Settings Within 10 Days The U.S. Department of Homeland Security says executive branch agencies are being targeted by attacks aimed at modifying Domain Name System records, which are critical for locating websites and services. The warning comes as security companies have noticed a rise in DNS attacks.

article thumbnail

Cybercriminals Home in on Ultra-High Net Worth Individuals

Dark Reading

Research shows that better corporate security has resulted in some hackers shifting their sights to the estates and businesses of wealthy families.

Security 101
article thumbnail

A flaw in MySQL could allow rogue servers to steal files from clients

Security Affairs

A rogue MySQL server could be used to steal files from clients due to a design flaw in the popular an open source relational database management system (RDBMS). The flaw resides in the file transfer process between a client host and a MySQL server, it could be exploited by an attacker running a rogue MySQL server to access any data that could be read by the client.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

French CNIL Fines Google €50m for Violation of GDPR’s Transparency and Consent Requirements

Data Matters

On January 21, 2019, the French Supervisory Authority (the “ Commission Nationale de l’Informatique et des Libertés ” or “ CNIL ”) issued Google’s U.S. headquarters (“ Google ”) with a fine of €50m for failure to comply with the EU General Data Protection Regulation’s (“ GDPR ”) fundamental principles of transparency and legitimacy. The CNIL found that the general structure of Google’s privacy policy and terms & conditions was too complex for the average user and that Google, by using pre-ti

GDPR 76
article thumbnail

Police Arrest €10 Million IOTA Cryptocurrency Theft Suspect

Data Breach Today

Scheme Offered 'Free' Website for Generating Cryptocurrency Wallet Seeds Police in England have arrested a 36-year-old man as part of an investigation into the theft of at least €10 ($11.3 million) in IOTA cryptocurrency since January 2018 from 85 victims worldwide, perpetrated via a malicious cryptocurrency seed generation website that stored users' private keys.

221
221
article thumbnail

Stealthy New DDoS Attacks Target Internet Service Providers

Dark Reading

Adversaries took advantage of the large attack surface of large communications networks to spread small volumes of junk traffic across hundreds of IP prefixes in Q3 2018, Nexusguard says.

article thumbnail

PHP PEAR official site hacked, tainted package manager distributed for 6 months

Security Affairs

PHP PEAR official site hacked, attackers replaced legitimate version of the package manager with a tainted version in the past 6 months. Bad news for users that have downloaded the PHP PEAR package manager from the official website in the past 6 months because hackers have replaced it with a tainted version. The PHP Extension and Application Repository (PEAR) is a framework and distribution system that allows anyone to search and download free packages written in PHP programming language.

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Transfers of Personal Data from the EU to the U.S. in the Event of a Brexit ‘No-Deal’

Data Matters

The EU-U.S. Privacy Shield (“ Privacy Shield ”) enables the free-flow of personal data from the European Economic Area (“EEA”) to the U.S. Under the Privacy Shield, U.S. participant organisations commit to adhering to Privacy Shield principles, which include accountability for the onward transfer of personal data after receiving such data from EEA organisations, data integrity obligations and purpose limitations with respect to the personal data transferred.

article thumbnail

Why Do Data Brokers Access the Australian Electoral Roll?

Data Breach Today

Restricted Data Access Required by Anti-Money Laundering and Anti-Terrorism Laws Massive data brokers - Equifax, Experian, Illion and others - are leveraging Australia's electoral roll, which is a tightly held and valuable batch of data. While this little-known practice might sound alarming, in fact it's required under Australia's anti-money laundering and anti-terrorism rules.

Access 179
article thumbnail

DHS Issues Emergency Directive on DNS Security

Dark Reading

All government domain owners are instructed to take immediate steps to strengthen the security of their DNS servers following a successful hacking campaign.