Sat.Jul 21, 2018 - Fri.Jul 27, 2018

article thumbnail

Google: Security Keys Neutralized Employee Phishing

Krebs on Security

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity. A YubiKey Security Key made by Yubico. The basic model featured here retails for $20. Security Keys are inexpensive USB-based devices that offer an alternative approach to two-factor authentication (2FA), which requires the user to log in

Phishing 217
article thumbnail

Google Chrome Now Labels HTTP Sites as 'Not Secure'

WIRED Threat Level

The world's biggest browser now lets you know when you're visiting an unencrypted site.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Facebook's Security and Privacy Overhaul Comes at a Price

Data Breach Today

CEO Mark Zuckerberg Reports Decreased Profitability, GDPR Impact Facebook is making substantial investments to improve its data security and privacy practices. But the long-term cost of those investments and impact on the bottom line appeared to spook investors, leading to a 20 percent plunge in the company's stock price in after-hours trading.

Privacy 162
article thumbnail

Russian Hackers Infiltrate U.S. Electrical Utilities: Report

Adam Levin

Russian hackers have successfully infiltrated the control system rooms of U.S. electrical utilities, the Department of Homeland Security announced earlier this week. Suspected hacking groups Dragonfly and Energetic Bear infiltrated their targets using common methods including spear-phishing and watering-hole attacks. They first targeted third-party vendors associated with the utilities, which they then leveraged to steal credentials and gain access to operating systems.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

LifeLock Bug Exposed Millions of Customer Email Addresses

Krebs on Security

Identity theft protection firm LifeLock — a company that’s built a name for itself based on the promise of helping consumers protect their identities online — may have actually exposed customers to additional attacks from ID thieves and phishers. The company just fixed a vulnerability on its site that allowed anyone with a Web browser to index email addresses associated with millions of customer accounts, or to unsubscribe users from all communications from the company.

Phishing 192

More Trending

article thumbnail

Under GDPR, Data Breach Reports in UK Have Quadrupled

Data Breach Today

Privacy Regulator Sees 1,750 Breach Reports in June, Up From 400 in April Under the EU's General Data Protection Regulation, within 72 hours of an organization learning about the data breach, it must report the breach to relevant authorities or face fines. The U.K.'s data privacy watchdog says it's already seen the volume of self-reported breaches quadruple.

article thumbnail

Digitalizing Core Business Processes — Part 1 of 3 — True Transformation is more than Digitization

AIIM

In “ The State of Intelligent Information Management: Getting Ahead of the Digital Transformation Curve ,” AIIM made the case that every organization is on – or should be on! – a Digital Transformation journey. The heart of this Transformation journey is understanding, anticipating, and redefining internal and external customer experiences. AIIM believes that Digital Transformation effectiveness is imperiled by a rising tide of information chaos and confusion, and that rising tide of information

article thumbnail

State Govts. Warned of Malware-Laden CD Sent Via Snail Mail from China

Krebs on Security

Here’s a timely reminder that email isn’t the only vector for phishing attacks: Several U.S. state and local government agencies have reported receiving strange letters via snail mail that include malware-laden compact discs (CDs) apparently sent from China, KrebsOnSecurity has learned. This particular ruse, while crude and simplistic, preys on the curiosity of recipients who may be enticed into popping the CD into a computer.

Phishing 176
article thumbnail

CCTV and the GDPR – an overview for small businesses

IT Governance

As of 25 May 2018, organisations that use CCTV to capture images of individuals are processing personal data as defined by the GDPR (General Data Protection Regulation) and must comply with the Regulation’s requirements. If your business uses CCTV – whether for security or employee monitoring purposes – and you’re unsure about your obligations under the new law and how they differ from those of the DPA (Data Protection Act) 1998, this blog outlines some of the areas you need to consider.

GDPR 96
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Shipping Giant Cosco Hit by Ransomware Attack

Data Breach Today

Networks in 8 North and South America Countries Remain Offline A "local network breakdown" - reportedly caused by a ransomware infection - has led shipping giant Cosco to shut down networks for its offices in eight North America and South America countries while it scrubs and restores systems. Some corporate websites, email and phone systems remain offline.

article thumbnail

Digitalizing Core Business Processes — Part 2 of 3 — There is still a lot of work to do with basic process improvement

AIIM

In “ The State of Intelligent Information Management: Getting Ahead of the Digital Transformation Curve ,” AIIM made the case that every organization is on – or should be on! – a Digital Transformation journey. The heart of this Transformation journey is understanding, anticipating, and redefining internal and external customer experiences. AIIM believes that Digital Transformation effectiveness is imperiled by a rising tide of information chaos and confusion, and that rising tide of information

article thumbnail

Tips for your corporate file move: Seize the opportunity to improve

TAB OnRecord

A move is a great time to make changes to your records management program and a chance to improve the way your records are stored and handled. If you have had a big project in mind, now is the time, just follow these simple steps! Read More. The post Tips for your corporate file move: Seize the opportunity to improve appeared first on TAB Records Management Blog | TAB OnRecord.

article thumbnail

Retired Malware Samples: Everything Old is New Again

Lenny Zeltser

Finding real-world malware samples that illustrate practical analysis techniques is tricky. When training professionals how to reverse-engineer malware , I’ve gone through lots of malicious programs for the purpose of educational examples. Here are some of the samples that I’ve retired from the FOR610 course over the years, because they no longer seemed current or relevant.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Nation-State Spear Phishing Attacks Remain Alive and Well

Data Breach Today

Russians Tied to Hack Attacks, But 'Two-Factor' No Silver Bullet, Google Warns Spear phishing attacks are in the news again following the Justice Department's indictment of Russian military intelligence officers for alleged attacks against U.S. politicians and county and state election boards. Here's how to play better phishing defense.

Phishing 167
article thumbnail

GDPR After the Deadline — Part 1 of 3 — The emerging challenges tied to information privacy and security

AIIM

The GDPR’s May 25, 2018 deadline set in motion a mad compliance and security scramble not only for European companies, but also for any company doing business in Europe or with European customers. We just published a new market research report on GDPR. The purpose of this survey of 262 executives was to quantify – as close to the May 25th deadline as possible – the following three key issues related to GDPR: How do organizations view the emerging challenges tied to information privacy and securi

GDPR 83
article thumbnail

Democracy at risk due to fake news and data misuse, MPs conclude

The Guardian Data Protection

Parliamentary inquiry to demand urgent action to combat ‘relentless targeting of hyper-partisan views’ The Cambridge Analytica Files: read the Observer’s full investigation Democracy is at risk unless the government and regulators take urgent action to combat a growing crisis of data manipulation, disinformation and so-called fake news, a parliamentary committee is expected to say.

Risk 75
article thumbnail

Amazon's Facial Recognition System Mistakes Members of Congress for Mugshots

WIRED Threat Level

Amazon has marketed its Rekognition facial recognition system to law enforcement. But in a new ACLU study, the technology confused 28 members of Congress with publicly available arrest photos.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Health Data Breach Tally: Lots of Hacks, Fewer Victims

Data Breach Today

Bigger Organizations 'Have Invested Wisely' in Breach Prevention. What About Smaller Ones? Hacker attacks are still dominating the data breaches added to the official federal tally so far this year. But compared to the mega-breaches of past years, this year's biggest hacks have been relatively small. Some security experts offer theories for why that's the case.

article thumbnail

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

AIIM

This is the 11th post in a series on privacy by Andrew Pery. You might also be interested in: The Re-Permissioning Dilemma Under GDPR. Data Privacy and Open Data: Secondary Uses under GDPR. Three Critical Steps for GDPR Compliance. Mitigate Data Privacy and Security Risks with Machine Learning. The Privacy and Security Dichotomy. GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law.

GDPR 83
article thumbnail

Police can access My Health Record without court order, parliamentary library warns

The Guardian Data Protection

Advice from independent researcher contradicts health minister and raises more privacy concerns The health minister, Greg Hunt, was wrong to claim that patients’ My Health Record could only be accessed by police with a court order, according to advice from the parliamentary library. The parliamentary library has warned the law governing MyHealth Records represents a “significant reduction” in safeguards on police getting medical records because the operator cannot routinely require them to get a

article thumbnail

India’s Final Draft on Data Privacy Law Issued Today

Hunton Privacy

On July 27, 2018, the Justice BN Srikrishna committee, formed by the Indian government in August 2017 with the goal of introducing a comprehensive data protection law in India, issued a report, A Free and Fair Digital Economy: Protecting Privacy, Empowering Indians (the “Committee Report”), and a draft data protection bill called the Personal Data Protection Bill, 2018 (the “Bill”).

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Head of Hacked Bitcoin Exchange Pleads Guilty to US Charges

Data Breach Today

After Theft of 6,000 Bitcoins, Joe Montrose Obstructed FBI's Investigation Jon Montroll, the former operator of a bitcoin exchange that was hacked, leading to the theft of 6,000 bitcoins, has pleaded guilty to charges that he obstructed federal investigators and deceived investors by attempting to cover up the losses.

154
154
article thumbnail

Digitalizing Core Business Processes — Part 2 of 3 — There is still a lot of work to do with basic process improvement

AIIM

In “ The State of Intelligent Information Management: Getting Ahead of the Digital Transformation Curve ,” AIIM made the case that every organization is on – or should be on! – a Digital Transformation journey. The heart of this Transformation journey is understanding, anticipating, and redefining internal and external customer experiences. AIIM believes that Digital Transformation effectiveness is imperiled by a rising tide of information chaos and confusion, and that rising tide of information

article thumbnail

My Health Record 'identical' to failed UK scheme, privacy expert says

The Guardian Data Protection

Care.data was cancelled because drug and insurance companies were able to buy patient data Australia’s impending My Health Record system is “identical” to a failed system in England that was cancelled after it was found to be selling patient data to drug and insurance companies , a British privacy expert has said. My Health Record is a digital medical record that stores medical data and shares it between medical providers.

Privacy 75
article thumbnail

Amnesty International creates new global human rights digital archive with Preservica

Preservica

The world’s largest grassroots human rights organization will use Preservica’s active digital preservation platform to create a global archive that will accelerate investigations into human rights violations and protect digital records of significant historical importance to the global movement. Oxford, UK and Boston, MA. July 26th 2018: Amnesty International, a recipient of the Nobel Peace Prize for its "defence of human dignity against torture,” has chosen Preservica’s active digital preservat

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Biggest Pediatric Hospital Breach Reported

Data Breach Today

105,000 Affected at Boys Town National Research Hospital A hacking incident at Boys Town National Research Hospital is the largest ever reported by a pediatric care provider or children's hospital, according to the federal health data breach tally. A wide variety of data on 105,000 individuals was exposed, opening the door to potential fraud.

article thumbnail

To Go Native, Or Not to Go Native. A Cautionary Tale About Database Encryption

Thales Cloud Protection & Licensing

Enterprise databases house some of the most highly-sensitive, tightly-regulated data—the very data that is sought after by malicious insiders and external attackers. As a result, database encryption has never been more crucial in order to protect the massive amounts of information that is held in the diverse mix of databases that large enterprises rely on today, including relational, SQL, NoSQL and big data environments.

article thumbnail

Parliamentary library deletes post confirming police can access My Health Record

The Guardian Data Protection

Page removed after complaint from health department about ‘potential inaccuracies’ A complaint from the federal health department has prompted the parliamentary library to pull its advice that patients’ My Health Record could be accessed by police without a court order. A spokesman for the library told Guardian Australia the parliamentary librarian, Dianne Heriot, “decided to temporarily take down the post”, which contradicted the health minister’s advice, while it is reviewed after concerns wer