Sat.Mar 02, 2019 - Fri.Mar 08, 2019

article thumbnail

Data Governance Stock Check: Using Data Governance to Take Stock of Your Data Assets

erwin

For regulatory compliance (e.g., GDPR) and to ensure peak business performance, organizations often bring consultants on board to help take stock of their data assets. This sort of data governance “stock check” is important but can be arduous without the right approach and technology. That’s where data governance comes in …. While most companies hold the lion’s share of operational data within relational databases, it also can live in many other places and various other formats.

article thumbnail

Cybersecurity for the Public Interest

Schneier on Security

The Crypto Wars have been waging off-and-on for a quarter-century. On one side is law enforcement, which wants to be able to break encryption, to access devices and communications of terrorists and criminals. On the other are almost every cryptographer and computer security expert, repeatedly explaining that there's no way to provide this capability without also weakening the security of every user of those devices and communications systems.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Consumer Privacy: Reasons for Optimism As Well As Concern

Data Breach Today

ACLU's Jon Callas Briefs RSA Conference on Evolution of Privacy Discussion At the start of RSA Conference 2019, Jon Callas of the ACLU discusses how attitudes toward privacy continue to evolve and why the general tenor of the conversation is not as bad as some headlines suggest.

Privacy 230
article thumbnail

MyEquifax.com Bypasses Credit Freeze PIN

Krebs on Security

Most people who have frozen their credit files with Equifax have been issued a numeric Personal Identification Number (PIN) which is supposed to be required before a freeze can be lifted or thawed. Unfortunately, if you don’t already have an account at the credit bureau’s new myEquifax portal , it may be simple for identity thieves to lift an existing credit freeze at Equifax and bypass the PIN armed with little more than your, name, Social Security number and birthday.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

The Last Watchdog

A common thread runs through the cyber attacks that continue to defeat the best layered defenses money can buy. Related: We’re in the midst of ‘cyber Pearl Harbor’ Peel back the layers of just about any sophisticated, multi-staged network breach and you’ll invariably find memory hacking at the core. In fact, memory attacks have quietly emerged as a powerful and versatile new class of hacking technique that threat actors in the vanguard are utilizing to subvert conventional IT s

More Trending

article thumbnail

Health Data Hacking Incident Affects 400,000

Data Breach Today

Columbia Surgical Specialists of Spokane Reports Breach Columbia Surgical Specialists of Spokane has reported a breach impacting 400,000 individuals, the largest added to the federal health data breach tally so far in 2019. Meanwhile, a medical center in Chicago has also reported a major breach.

article thumbnail

Hackers Sell Access to Bait-and-Switch Empire

Krebs on Security

Cybercriminals are auctioning off access to customer information stolen from an online data broker behind a dizzying array of bait-and-switch Web sites that sell access to a vast range of data on U.S. consumers, including DMV and arrest records, genealogy reports, phone number lookups and people searches. In an ironic twist, the marketing empire that owns the hacked online properties appears to be run by a Canadian man who’s been sued for fraud by the U.S.

Access 183
article thumbnail

Google Chrome Zero-Day Vulnerability CVE-2019-5786 actively exploited in the wild

Security Affairs

A new zero-day vulnerability in Google Chrome, tracked as CVE-2019-5786, is actively exploited in attacks in the wild. A new zero-day vulnerability in Google Chrome is actively exploited in attacks in the wild. The vulnerability was discovered late February by Clement Lecigne, a security researcher at the Google Threat Analysis Group. The high severity zero-day flaw in Chrome could be exploited by a remote attacker to execute arbitrary code and take full control of the target computer.

Libraries 111
article thumbnail

Infographic: List of data breaches in 2018

IT Governance

2018 saw some of the biggest data breaches yet , with Marriott, Under Armour and Facebook suffering breaches that affected 500 million, 150 million and 100 million people respectively. It was also the year of the GDPR (General Data Protection Regulation) , which changed the way organisations handle customers’ personal data and introduced hefty fines for non-compliance.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Live Webinar | Automate Threat Hunting with Security Analytics & Machine Learning

Data Breach Today

Multi-stage attacks use diverse and distributed methods to circumvent existing defenses and evade detection - spanning endpoints, networks, email and other vectors in an attempt to land and expand. Meanwhile, individual tools including DLP, EDR, CASBs, email security and advanced threat protection are only designed to identify individual elements of a campaign, putting the onus on human analysts to piece together the bigger picture - when time and resources allow.

Analytics 221
article thumbnail

Revealed: Facebook’s global lobbying against data privacy laws

The Guardian Data Protection

Social network targeted legislators around the world, promising or threatening to withhold investment Facebook has targeted politicians around the world – including the former chancellor, George Osborne – promising investments and incentives while seeking to pressure them into lobbying on Facebook’s behalf against data privacy legislation, an explosive new leak of internal Facebook documents has revealed.

article thumbnail

FBI informed software giant Citrix of a security breach

Security Affairs

The American multinational software company Citrix disclosed a security breach, according to the firm an international cyber criminals gang gained access to its internal network. The American multinational software company Citrix is the last victim of a security breach, according to the company an international cyber criminal gang gained access to its internal network, Hackers were able to steal business documents, but its products or services were impacted by the attack.

Security 106
article thumbnail

Improving the Public Comment Process for Records Schedules

National Archives Records Express

We are changing the process for public review and comment of proposed records schedules to one using the Federal eRulemaking Portal, [link]. We posted a Federal Register notice detailing this change in process today. Currently, we publish notice in the Federal Register of agency records schedules open for comment. People who wish to review and comment on the schedules must request copies of the actual documents, submit comments, and receive responses via mail or email.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Guilty Plea in Rare HIPAA Criminal Case

Data Breach Today

Former Patient Coordinator Wrongfully Disclosed Patient Information A former patient coordinator at UPMC, a medical center in Pittsburgh, has pleaded guilty to wrongfully disclosing health information in a rare case involving criminal prosecution for violating HIPAA.

219
219
article thumbnail

The Evolving World of DNS Security

PerezBox

I was recently at an event listening to representatives of ICANN and CloudFlare speak on security with DNS and it occurred to me that very few of us really understand. Read More. The post The Evolving World of DNS Security appeared first on PerezBox.

article thumbnail

More than billion records exposed online by email validation biz Verifications.io

Security Affairs

Experts found an unprotected server exposing online 4 MongoDB databases belonging to the email validation company Verifications.io. A new mega data leak made the headlines, an unprotected MongoDB database (150GB) belonging to a marketing company exposed up to 809 million records. The archive includes 808,539,849 records containing: emailrecords = 798,171,891 records emailWithPhone = 4,150,600 records businessLeads = 6,217,358 records.

Archiving 106
article thumbnail

The Netherlands – S.A. states that websites must be accessible at all times; cookie wall not allowed

DLA Piper Privacy Matters

On 7 March 2019, the Dutch Supervisory Authority (“S.A.”) created quite some buzz in the online Dutch (advertising) industry: websites that only give visitors access to their site if they agree to tracking cookies (or similar technologies) do not comply with the GDPR. This also means that the so-called cookie walls that are placed on websites, preventing visitors access to websites if they do not consent to tracking cookies, are not allowed in the view of the Dutch S.A.

Access 97
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Who Faces Biggest Financial Risks From Cyberattacks?

Data Breach Today

Moody's Says Hospitals, Banks Among Those That Have the Most Significant Potential Impact Four business sectors - hospitals, banks, securities firms and market infrastructure providers - potentially face the most significant financial impact from cyberattacks that could lead to a weakened credit profile, according to a new report from Moody's Investors Service.

Risk 207
article thumbnail

Continuous delivery of data drives continuous intelligence

IBM Big Data Hub

Success with AI models depends on achieving success with collecting and organizing your data, then analyzing the data to make smarter business decisions.

105
105
article thumbnail

NSA released Ghidra, its multi-platform reverse engineering framework

Security Affairs

The NSA released the Ghidra, a multi-platform reverse engineering framework that could be used to find vulnerabilities and security holes in applications. In January 2019, the National Security Agency (NSA) announced the release at the RSA Conference of the free reverse engineering framework GHIDRA. GHIDRA is a multi-platform reverse engineering framework that runs on major OSs (Windows, macOS, and Linux).

IT 102
article thumbnail

What are the best books on data privacy?

IT Governance

Organisations are always looking for affordable ways to keep their data secure, but sometimes the simplest solutions are the best – and nothing beats the simplicity of a book. With books, you get expert advice at your fingertips. You can study whenever is convenient and you can access the information for as long as you need it. The problem, of course, is that there are so many guides to data privacy out there that it’s hard to know which one is right for you.

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

GRC: A Status Report

Data Breach Today

Matt Kunkel of LogicGate Offers Update on Governance, Risk Management and Compliance How are governance, risk management and compliance changing as a result of evolving privacy regulations? Matt Kunkel of LogicGate offers an update.

article thumbnail

EDPB Releases Overview on the Implementation and Enforcement of the GDPR

Hunton Privacy

On February 26, 2019, the European Data Protection Board (the “EDPB”) presented its first overview of the GDPR’s implementation and the roles and means of the national supervisory authorities to the European Parliament (the “Overview”). The Overview provides key statistics relating to the consistency mechanism among national data protection authorities (“DPAs”), the cooperation mechanism of the EDPB, the means and powers of the DPAs and enforcement of the GDPR at the national level.

GDPR 88
article thumbnail

Google discloses Windows zero-day actively exploited in targeted attacks

Security Affairs

Google this week revealed a Windows zero-day that is being actively exploited in targeted attacks alongside a recently fixed Chrome flaw. Google this week disclosed a Windows zero-day vulnerability that is being actively exploited in targeted attacks alongside a recently addressed flaw in Chrome flaw ( CVE-2019-5786). The Windows zero-day vulnerability is a local privilege escalation issue in the win32k.sys kernel driver and it can be exploited for security sandbox escape. “It is a local p

article thumbnail

GDPR compliance and information security: reducing data breach risks

IT Governance

The GDPR (General Data Protection Regulation) isn’t only about preventing data breaches (it’s equally focused on strengthening data subjects’ rights), but organisations have understandably honed in on the importance of effective data protection. Both objectives have clear benefits for organisations, but the ability to tackle risks is more complex and will take more resources to implement and maintain.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

A Vision of the Role for Machines in Security

Data Breach Today

RSA President Rohit Ghai on Humans and Machines Working Together as 'Trustworthy Twins' In a keynote address at the RSA Conference 2019, RSA President Rohit Ghai encouraged attendees to work in the coming years to "implement a security program with machines and humans working together. Humans asking questions; machines hunting answers.

Security 200
article thumbnail

Drones of the future will be smart (and maybe dangerous)

DXC Technology

Drones have been around for a few years now, but the truth is their usefulness largely has been limited to providing visual information to users in the form of photos and video captured by their onboard digital cameras. That’s great if you’re a photographer, need to inspect an inaccessible piece of equipment or some farm […].

article thumbnail

The Wireshark Foundation released Wireshark 3.0.0

Security Affairs

The Wireshark Foundation released Wireshark 3.0.0, the latest release of the popular open-source packet analyzer. The Wireshark Foundation announced the release of Wireshark 3.0.0, the latest release of the popular open-source packet analyzer. The new version addresses several bugs and introduces tens of new features, it also improved existing features.