Sat.Jun 30, 2018 - Fri.Jul 06, 2018

article thumbnail

Cryptojacking Displaces Ransomware as Top Malware Threat

Data Breach Today

Criminals' Quest for Cryptocurrency Continues If 2017 was the year of ransomware innovation, 2018 is well on its way to being known as the year of cryptocurrency mining malware. Numerous studies have found that the most seen malware attacks today are designed for cryptojacking. But while ransomware campaigns may be down, they're far from out.

article thumbnail

Bring your own identity (BYOI)

OpenText Information Management

In March, Grand View Research suggested that the Identity and Access Management (IAM) market will be worth over $24 billion by 2020. This healthy growth will be achieved in part, the research firm says, through the increasing popularity of bring-your-own-identity (BYOI). BYOI offers speed and convenience for users, but do the risks still outweigh the … The post Bring your own identity (BYOI) appeared first on OpenText Blogs.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Why Attackers Keep Winning at 'Patch or Perish'

Data Breach Today

Fresh Flaws Exploited Faster Than They're Patched, Says Tenable's Gavin Millard Patch management problem: Organizations must identify and fix all new vulnerabilities in their software and hardware as quickly as possible. Unfortunately, on average, attackers keep exploiting flaws faster than they're being patched, says Tenable's Gavin Millard.

100
100
article thumbnail

ExxonMobil Bungles Rewards Card Debut

Krebs on Security

Energy giant ExxonMobil recently sent snail mail letters to its Plenti rewards card members stating that the points program was being replaced with a new one called Exxon Mobil Rewards+. Unfortunately, the letter includes a confusing toll free number and directs customers to a parked page that tries to foist Web browser extensions on visitors. The mailer (the first page of which is screenshotted below) urges customers to visit exxonmobilrewardsplus[dot]com, to download its mobile app, and to cal

Marketing 138
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Warm words for the UK's intelligence privacy practices from the UN

Data Protector

I t’s not often that the UK is praised for the manner in which its intelligence agencies adopt appropriate data protection standards. So let's give due acknowledgement to Joe Cannataci, the UN’s Special Rapporteur on the right to privacy, who has recently used some very warm words to comment on these privacy practices. Of the Investigatory Powers Act, he proclaimed: "I am satisfied that the UK systematically employs multiple safeguards which go to great lengths to ensure that unauthorised survei

Privacy 120

More Trending

article thumbnail

California's New Privacy Law: It's Almost GDPR in the US

Data Breach Today

But Tech Giants are Taking Aim at the Law, Which Can Be Amended Until 2020 California's legislature has quickly introduced and passed new privacy legislation, making the state's laws the strongest in the U.S. The new law gives consumers a raft of new rights, and aims to bring more transparency to the murky trade in people's personal information.

Privacy 218
article thumbnail

The Pentagon Is Building a Dream Team of Tech-Savvy Soldiers

WIRED Threat Level

For years the Army has tried to recruit talent from Silicon Valley. A new initiative aims to nurture the rising technologists within its own ranks, too.

IT 109
article thumbnail

Privacy policies of tech giants 'still not GDPR-compliant'

The Guardian Data Protection

Consumer group says policies of Facebook, Amazon and Google are vague and unclear Privacy policies from companies including Facebook, Google and Amazon don’t fully meet the requirements of GDPR, according to the pan-European consumer group BEUC. An analysis of policies from 14 of the largest internet companies shows they use unclear language, claim “potentially problematic” rights, and provide insufficient information for users to judge what they are agreeing to.

GDPR 92
article thumbnail

Lessons from the front-lines of digital transformation – Part two

TAB OnRecord

In a three-part blog post we are sharing lessons learned from organizations that have taken documents and business processes into the digital realm. In part one, we discussed the benefits offered by digitization and robotic process automation. In part two, we explore the realities of having a hybrid records environment, and how to prepare yourself [.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

The Need to Look Beyond Endpoint Security

Data Breach Today

Kaspersky's Bhayani on Evolving to Predictive Analytics and Response With endpoint security, the fundamental concept was always to detect and prevent. Mature security strategies today are increasingly looking at response and remediation as well to complete the cycle, says Shrenik Bhayani of Kaspersky Lab.

Security 196
article thumbnail

Ransomware vs. Cryptojacking

Dark Reading

Cybercriminals are increasingly turning to cryptojacking over ransomware for a bigger payday. Here's what enterprises need to know in order to protect their digital assets and bank accounts.

article thumbnail

How to Check App Permissions on iOS, Android, Windows, and macOS

WIRED Threat Level

It's never a bad time to audit your app permissions. In fact, it's more important than ever.

IT 108
article thumbnail

30% of UK companies have sacked an employee for data breach negligence

IT Governance

Shred-it’s 2018 State of the Industry Report has revealed that 30% of UK companies that suffered a data breach terminated an employee’s contract for related negligence. . 1,000 small business owners, 1,000 C-suite executives of large organisations and 1,100 consumers/employees took part in the research, which also revealed that: . 88% of C-suites and 49% of small businesses believe that employee negligence is one of the biggest information security risks to their organisation; . 55% of larg

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Former Insider Indicted for Criminal HIPAA Violations

Data Breach Today

Latest Rare Example of Prosecutors Pursuing a HIPAA Case A federal grand jury in Pennsylvania has indicted a former patient coordinator on several counts of wrongfully obtaining and disclosing the health information of others. The case is the latest rare example of prosecutors pursuing criminal charges for HIPAA violations.

173
173
article thumbnail

European Parliament Calls for Suspension of EU-U.S. Privacy Shield Unless U.S. Can “Fully Comply”

Hunton Privacy

On July 5, 2018, the European Parliament issued a nonbinding resolution (“the Resolution”) that calls on the European Commission to suspend the EU-U.S. Privacy Shield unless U.S. authorities can “fully comply” with the framework by September 1, 2018. The Resolution states that the data transfer mechanism does not provide the adequate level of protection for personal data as required by EU data protection law.

Privacy 72
article thumbnail

Board Oversight of Cybersecurity Risks

Data Matters

*This article originally appeared in Practical Law Journal July/August 2018. In her regular column on corporate governance issues, Holly Gregory discusses the rapidly changing cybersecurity landscape, and the role of the board in addressing cybersecurity risks to the company. Read More. The post Board Oversight of Cybersecurity Risks appeared first on Data Matters Privacy Blog.

article thumbnail

UK government cracks down on cyber security

IT Governance

To improve cyber risk governance among public-sector departments and their suppliers, the UK government has issued a series of minimum cyber security standards that will be incorporated into the Government Functional Standard for Security. The first standard to be incorporated, the Minimum Cyber Security Standard (MCSS), comprises ten sections across five broad categories: Identify, Protect, Detect, Respond and Recover.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Life After Webstresser Disruption: No DDoS Holiday

Data Breach Today

Arbor's Darren Anstee Talks Terabit Attacks, Stresser/Booter Mayhem Police recently arrested the suspected administrators and top users of the stresser/booter service Webstresser.org. Unfortunately, the plethora of such services means the world is unlikely to see a reduction in DDoS attack volumes, says Darren Anstee of Arbor Networks.

172
172
article thumbnail

Security Should Never Be on Holiday

Thales Cloud Protection & Licensing

For many organizations, July and August are synonymous with holidays. And, while we all want to disconnect, no one does this completely given how connected we all are. Some successfully disconnect from work, but if they check the news on their phone, call an Uber, watch Netflix on an iPad or sign up for a yoga class via an app, they are still very much connected.

article thumbnail

First Circuit’s Decision Provides Guidance on Creating Enforceable Website Terms and Conditions

Data Matters

On June 25, the United States Court of Appeals for the First Circuit in Cullinane v. Uber Technologies, Inc., __ F.3d __, 2018 WL 3099388 (1st Cir. 2018), evaluated the enforceability of arbitration provisions in online contracts. The First Circuit found Uber’s arbitration provision, which contained a class action waiver, unenforceable because Uber did not make its terms of service sufficiently conspicuous.

Retail 60
article thumbnail

SCOTUS and Congress Leave the Right to Privacy Up for Grabs

WIRED Threat Level

As the push for more digital privacy grows, the question is whether the courts or lawmakers will step up to protect our rights—or if it will fall through the cracks.

Privacy 71
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Humana Notifying Victims of 'Identity Spoofing' Attack

Data Breach Today

Health Plan: Large Volume Log-In Attempts Coming From 'Foreign Countries' Humana is notifying individuals in multiple states that the company was a recent target of an "identity spoofing attack" that potentially compromised personal information of its members, including those participating in the health insurer's Go365 wellness programs.

Insurance 170
article thumbnail

Request for Comments on Two Draft NARA Bulletins to Update Format Guidance

National Archives Records Express

We are making a few minor changes to NARA Bulletin 2014-04, Format Guidance for the Transfer of Permanent Records. These changes will streamline the process for future updates to the format tables. We are making these changes via a new NARA Bulletin, 2018-XX. We welcome your participation in the development of this guidance. We are requesting your comments on both bulletin drafts — NARA Bulletin 2018-XX and NARA Bulletin 2014-04.

65
article thumbnail

[INFOGRAPHIC] Be a Records Management Hero!

Gimmal

Earlier this year, we unveiled our superhero theme, inviting records managers to join us at their regional ARMA events (as well as ARMA Live!) and answer the question: "what kind of records management hero are you?".

article thumbnail

Weekly podcast: NHS Digital, Typeform and ICO registration fine

IT Governance

This week, we discuss the unauthorised sharing of 150,000 patients’ confidential health data, the first ripples from the Typeform data breach, and a £4,500 fine for a company that didn’t register with the ICO. Hello and welcome to the IT Governance podcast for Friday, 6 July. Here are this week’s stories. NHS Digital has blamed a third-party coding error for a data breach in which the confidential health information of 150,000 patients was shared against their will.

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Why California's New Privacy Law is a 'Whole New Ballgame'

Data Breach Today

While California already had some of the strictest and most varied privacy laws in the country, the new California Consumer Privacy Act of 2018 "is a whole new ballgame," says privacy attorney Kirk Nahra, who explains why.

Privacy 165
article thumbnail

Microsoft MVP Award, Year 8

Troy Hunt

Back in 2011, Microsoft gave me the rather awesome (IMHO) Most Valuable Professional Award for the first time. This is Microsoft's award for community leadership within a technology discipline which for me at the time, was developer security. I'm confident that award came largely due to the work I did on the OWASP Top 10 for.NET Developers series , a 10-part epic blog series that set me on the path to where I am today.

IT 60
article thumbnail

How the Pentagon Keeps Its App Store Secure

WIRED Threat Level

To keep malware at bay, the GEOINT App Store has created a screening process that no commercial platform could ever match.

IT 76