Sat.Mar 09, 2019 - Fri.Mar 15, 2019

article thumbnail

Recapping RSA Conference 2019: No Silver Bullet for Security

Thales Cloud Protection & Licensing

I was really looking forward to participating in RSA 2019 and it was a great event. There was tremendous energy and buzz in our booth and on the show floor. The lively interactions in our booth validated that the Vormetric product line is still highly relevant and solves many of today’s challenges as customers move controls closer to the data, and also migrate their data to the cloud.

article thumbnail

These Cookie Warning Shenanigans Have Got to Stop

Troy Hunt

This will be short, ranty and to the point: these warnings are getting ridiculous: I know, tell you something you don't know! The whole ugly issue reared its head again on the weekend courtesy of the story in this tweet: I’m not sure if this makes it better or worse. “Cookie walls don't comply with GDPR, says Dutch DPA”: [link] — Troy Hunt (@troyhunt) March 8, 2019.

Privacy 99
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

On Surveillance in the Workplace

Schneier on Security

Data & Society just published a report entitled " Workplace Monitoring & Surveillance ": This explainer highlights four broad trends in employee monitoring and surveillance technologies: Prediction and flagging tools that aim to predict characteristics or behaviors of employees or that are designed to identify or deter perceived rule-breaking or fraud.

article thumbnail

Cover Your NAS Against Nasty Cr1ptT0r Ransomware

Data Breach Today

Crypto-Locking Extortion Targets Internet-Exposed D-Link Devices Criminals wielding a new strain of ransomware called Cr1ptT0r are targeting network-attached storage users. The campaign was first discovered in February after owners of D-Link network storage enclosures reported that their devices were being crypto-locked.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Insert Skimmer + Camera Cover PIN Stealer

Krebs on Security

Very often the most clever component of your typical ATM skimming attack is the hidden pinhole camera used to record customers entering their PINs. These little video bandits can be hidden 100 different ways, but they’re frequently disguised as ATM security features — such as an extra PIN pad privacy cover, or an all-in-one skimmer over the green flashing card acceptance slot at the ATM.

Privacy 205

More Trending

article thumbnail

Defining Intelligent Information Management

AIIM

Recently AIIM released an industry watch report titled, The State of Information Management, Getting Ahead of the Digital Information Curve. In it, AIIM makes the case that every organization is on — or should be on — a Digital Transformation journey. At the heart of this transformation journey is the need to understand, anticipate and redefine internal and external customer experiences.

article thumbnail

Citrix Hacked by Password-Spraying Attackers, FBI Warns

Data Breach Today

Cyber-Espionage Campaign Appears Separate to Recent Credential-Stuffing Breach Citrix Systems is investigating a suspected hack attack, resulting in the theft of business documents, after being tipped off by the FBI. The breach alert follows Citrix recently disclosing that in late 2018, hackers breached some of its customers' accounts via credential-stuffing attacks.

Passwords 265
article thumbnail

Ad Network Sizmek Probes Account Breach

Krebs on Security

Online advertising firm Sizmek Inc. [ NASDAQ: SZMK ] says it is investigating a security incident in which a hacker was reselling access to a user account with the ability to modify ads and analytics for a number of big-name advertisers. In a recent posting to a Russian-language cybercrime forum, an individual who’s been known to sell access to hacked online accounts kicked off an auction for “the admin panel of a big American ad platform.” “You can add new users to the

Passwords 204
article thumbnail

MY TAKE: What the Ethiopian 737 Max 8 crash should tell us about the safety of ‘smart’ jetliners

The Last Watchdog

When news broke about the crash of a Ethiopian Airlines Boeing 737, the first question that popped into my head was whether an older 737 model, still using the flawed rudder actuator, might have been involved. Related: Historical context of the rudder flaws on older model 737s. Of course it was actually the newest iteration of the 737, the Max 8. I’m no longer covering aviation.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Severe RCE vulnerability affected popular StackStorm Automation Software

Security Affairs

The security researcher Barak Tawilyhas discovered a severe vulnerability, tracked as CVE-2019-9580, in the popular, open source event-driven platform StackStorm. According to the expert, the flaw could be exploited by a remote attacker to trick developers into executing arbitrary commands on targeted services. StackStorm has been used to automate workflows in many industries, it allows developers to configure actions, workflows, and scheduled tasks, to perform some operations on large-scale ser

article thumbnail

Breach of 'Verifications.io' Exposes 763 Million Records

Data Breach Today

Experts Question How 'Big Data Email Verification Platform' Amassed Information Verifications.io, a self-described "big data email verification platform," has suffered a massive breach. Security researcher Bob Diachenko said he discovered the site was exposing 763 million records.

Big data 244
article thumbnail

Patch Tuesday, March 2019 Edition

Krebs on Security

Microsoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer , Edge , Office and Sharepoint. If you (ab)use Microsoft products, it’s time once again to start thinking about getting your patches on. Malware or bad guys can remotely exploit roughly one-quarter of the flaws fixed in today’s patch batch without any help from users.

Security 163
article thumbnail

NEW TECH: CyberGRX seeks to streamline morass of third-party cyber risk assessments

The Last Watchdog

When Target fired both its CEO and CIO in 2014, it was a wake-up call for senior management. The firings came as a result of a massive data breach which routed through an HVAC contractor’s compromised account. C-suite execs across the land suddenly realized something similar could happen to them. So they began inundating their third-party suppliers with “bespoke assessments” – customized cyber risk audits that were time consuming and redundant.

Risk 165
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Vulnerabilities in car alarm systems exposed 3 million cars to hack

Security Affairs

Security experts at Pen Test Partners discovered several vulnerabilities in two smart car alarm systems put three million vehicles globally at risk of hack. The flaws could be exploited by attackers to disable the alarm, as well as track and unlock the vehicles using it, or to start and stop the engine even when the car was moving. The experts also demonstrated that it is possible to snoop on drivers’ conversations through a microphone that is built into one of the car alarm systems, ̶

article thumbnail

Hackers Love to Strike on Saturday

Data Breach Today

Analysis of Pre-GDPR Breach Reports in UK Reveals Attack Trends If you had to guess what day of the week a hacker will hit your organization, the answer might seem obvious: Hackers prefer to strike on Saturday. And a review by Redscan of cybersecurity incidents reported to Britain's privacy regulator before GDPR took effect confirms it.

GDPR 243
article thumbnail

[Podcast] Getting to Know Your AIIM19 Keynotes - Blake Morgan and Greg Verdino

AIIM

Are you counting down the days until The AIIM Conference 2019 ? Yeah, same here! But, I have a couple things that I think will help tide us over until the end of March when we all head to San Diego, CA. First, how about some fun facts about two of our keynotes, Blake Morgan and Greg Verdino? Then, find out more about what they are planning to cover during their keynote sessions at AIIM19 with your podcast host Kevin Crane.

article thumbnail

With Privacy as Its Shield, Facebook Hopes To Conquer the Entire Internet.

John Battelle's Searchblog

Never mind that man behind the privacy curtain. I’ll never forget a meal I had with a senior executive at Facebook many years ago, back when I was just starting to question the motives of the burgeoning startup’s ambition. I asked whether the company would ever support publishers across the “rest of the web” – perhaps through an advertising system competitive with Google’s AdSense.

Privacy 103
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

39% of all existing Counter-Strike 1.6 game servers online are malicious

Security Affairs

Experts at security firm Dr. Web revealed that 39% of all existing Counter-Strike 1.6 game servers online are malicious, an attacker is exploiting zero-day flaws in game clients. Bad news for gamers of the popular game Counter-Strike, according to the experts at the security firm Dr. Web, 39% of all existing Counter-Strike 1.6 game servers online are malicious.

Security 104
article thumbnail

The Role of 'Prosilience' in IoT Security

Data Breach Today

The latest edition of the ISMG Security Report features a discussion of the role of "prosilience" in IoT security, plus the problem of overnotification under GDPR and the notion of "Spartacus as a Service.

IoT 239
article thumbnail

Take your GDPR project to the next level with our compliance packages

IT Governance

For many organisations, last year’s GDPR (General Data Protection Regulation) compliance deadline was a whirlwind of privacy policy updates, data protection training courses and hours spent online researching exactly what a ‘controller’ and ‘processor’ are. In the nine months since, you’ve hopefully been able to grips with your compliance requirements.

GDPR 101
article thumbnail

Guest Blog: End-to-End Data Encryption with Data Reduction from Thales & Pure Storage

Thales Cloud Protection & Licensing

At the 2019 RSA Conference, Pure Storage and Thales introduced Vormetric Transparent Encryption for Efficient Storage – the IT and security industries’ first end-to-end data encryption framework that realizes storage array data reduction. This new capability removes the compromise between encryption and storage efficiency, providing the granular access controls security professionals have come to expect from Thales combined with the industry-leading data reduction technologies from Pure St

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

CVE-2019-0797 Windows Zero-Day exploited by FruityArmor and SandCat APT Groups

Security Affairs

One of the zero-day flaws ( CVE-2019-0797 ) patched this week by Microsoft has been exploited in targeted attacks by several threats groups, including FruityArmor and SandCat APT groups. This week, Microsoft released Patch Tuesday security updates for March 2019 that address 64 flaws, including two Windows zero-day vulnerabilities exploited in targeted attacks.

article thumbnail

Georgia County Pays $400,000 to Ransomware Attackers

Data Breach Today

Cybercrime Gang Wielding Ryuk Eyed as Culprit Officials in Jackson County, Georgia, along with the FBI are investigating a ransomware attack that crippled IT systems over a two-week period and reportedly led local officials to pay a bitcoin ransom worth $400,000 to restore systems and infrastructure.

article thumbnail

What’s the difference between containers and virtual machines?

DXC Technology

I was at a conference recently when I realized the person I was talking with thought that containers were just smaller versions of virtual machines (VM). Ah, no. No, they’re not. Yes, they can function in the same ways from a practical viewpoint. For example, they’re both commonly used to run server applications. How they […].

Cloud 95
article thumbnail

Average cost of cyber crime is now $13 million

IT Governance

The digital landscape is changing quickly, and cyber crime is on the rise. Last year there were 2.3 billion data breaches, compared to 826 million in 2017. With attacks becoming increasingly sophisticated and hard to defend against, they can cost organisations a lot of money each year. According to a new Accenture report , the average cost of cyber crime grew by more than $1 million in 2018 to $13 million (about £9.9 million) per organisation.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

It is the first time in the history that civic groups hold a protest against a national CERT

Security Affairs

Demonstration in front of the National CERT of Philippines for failing to act on cyber attacks targeting regime critical media and civil society organizations. On March 12, the World Day Against Cyber-Censorship, media and civil society organizations in Philippines held a demonstration in front of NCERT (National Computer Emergency Response Team) to protest against the negligence of the NCERT to support the investigation of the three months’ long Distributed Denial of Service attacks against reg

IT 94
article thumbnail

Ursnif Banking Trojan Variant Steals More Than Financial Data

Data Breach Today

Researchers Say Latest Version Evades Detection A variant of the long-running Ursnif banking Trojan is able to better evade security protection and has the ability to steal not only financial information but also email user accounts, the content of inboxes and digital wallets, researchers report.

Security 232
article thumbnail

Financial services are embracing multi-cloud

DXC Technology

Multi-clouds — environments made up of multiple public and private clouds typically used for different purposes — may well be the cloud of choice for banks. That’s according to an independent report by 451 Research, ‘Multi-Cloud Fundamental to Financial Services Transformation.’ I’m not here to argue. This report, which was sponsored by Canonical — the […].