Schneier on Security

JUNE 17, 2019

97

97

Thales Cloud Protection & Licensing

JUNE 18, 2019

As organizations move more of their sensitive data to cloud platforms for the efficiency, flexibility and scalability that it promises, security and control continue to be a significant obstacle to this adoption. Although the 2019 Thales Data Threat Report-Global Edition tells us that 90% of organizations report using the cloud and 71% say they are using sensitive data in cloud environments, it also finds that, globally, 60% of organizations surveyed have been breached at some point in their his

Cloud 127

Cloud Encryption Big data Compliance 127

Data Breach Today

JUNE 21, 2019

BeyondTrust's Karl Lankford on Mitigating the Unmanaged Privilege Threat Attackers crave insider-level access to IT infrastructure and regularly target insiders - and especially administrators- to steal their credentials, says BeyondTrust's Karl Lankford, who advises organizations to ensure they manage, monitor and audit all privileged access.

Access 249

Access IT 249

Krebs on Security

JUNE 19, 2019

A medical billing firm responsible for a recent eight-month data breach that exposed the personal information on nearly 20 million Americans has filed for bankruptcy, citing “enormous expenses” from notifying affected consumers and the loss of its four largest customers. The filing, first reported by Bloomberg, comes from the Retrieval-Masters Creditors Bureau , the parent company of the American Medical Collection Agency (AMCA).

Data breaches 219

Data breaches IT 219

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

National Archives Records Express

JUNE 21, 2019

NARA is in the final stages of our records scheduling process with U.S. Immigration and Customs Enforcement (ICE) for schedule DAA-0567-2015-0013, Detainee Records. This schedule was originally proposed to NARA on October 26, 2015. NARA published notice of the pending schedule in the Federal Register on July 14, 2017. The schedule, which covers records related to deaths of detainees and allegations of sexual assault and abuse of detainees, received a record number of public comments.

IT 108

IT 108

Data Breach Today

JUNE 19, 2019

Focus on 'Total Cost of Control,' Says BlackBerry Cylance's John McClurg After years of organizations being stuck in a reactive security posture, proactive prevention is finally possible thanks to machine learning backed by AI math models, says BlackBerry Cylance's John McClurg.

Security 238

Security 238

AIIM

JUNE 19, 2019

Last week, I had the privilege of teaching our inaugural Foundations of Intelligent Information Management course in Denver, CO. We had students from a variety of industries and locations take part in the course, which is designed to provide participants with a thorough understanding of the fundamentals of information management. Over four days, we covered the entire lifecycle of information management: Creating and capturing information.

Metadata 85

Metadata Records Management Compliance Communications 85

Security Affairs

JUNE 16, 2019

On Friday, security experts at Microsoft warned of a new Linux worm, spreading via Exim ema i l servers, that already compromised some Azure installs. Bad actors continue to target cloud services in the attempt of abusing them for several malicious purposes, like storing malware or implementing command and control servers. Microsoft Azure is not immune , recently experts reported several attacks leveraging the platform to host tech-support scam and phishing templates.

Phishing 105

Phishing Authentication Cloud Security 105

Schneier on Security

JUNE 21, 2019

In 2017, some Android phones came with a backdoor pre-installed : Criminals in 2017 managed to get an advanced backdoor preinstalled on Android devices before they left the factories of manufacturers, Google researchers confirmed on Thursday. Triada first came to light in 2016 in articles published by Kaspersky here and here , the first of which said the malware was "one of the most advanced mobile Trojans" the security firm's analysts had ever encountered.

Manufacturing 101

Manufacturing Libraries Security IT 101

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Data Breach Today

JUNE 21, 2019

Barracuda's Michael Flouton on Social Engineering, Account Takeover and More The early days of email attacks - so much noise in the form of malware, spam and links - have given way to attacks that often rely on little more than words, and email gateways often struggle to arrest social engineering ploys, says Michael Flouton of Barracuda Networks.

228

228

Dark Reading

JUNE 18, 2019

How data and technology can help businesses make the right fraud decisions, protect people's identities, and create an improved customer experience.

Customer Experience 105

Customer Experience 105

Security Affairs

JUNE 17, 2019

Security researchers at Cofense have spotted a phishing campaign aimed at commercial banking customers distributing a new remote access trojan (RAT) tracked as WSH RAT. Security experts at Cofense Phishing Defence Center have spotted a phishing campaign aimed at commercial banking customers that is distributing a new remote access trojan tracked as WSH RAT.

Phishing 102

Phishing Access Archiving Passwords 102

Schneier on Security

JUNE 19, 2019

Stuart Schechter writes about the security risks of using a password manager. It's a good piece, and nicely discusses the trade-offs around password managers: which one to choose, which passwords to store in it, and so on. My own Password Safe is mentioned. My particular choices about security and risk is to only store passwords on my computer -- not on my phone -- and not to put anything in the cloud.

Passwords 98

Passwords Risk Cloud Security 98

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Data Breach Today

JUNE 20, 2019

State's Department of Human Services Now Says 645,000 Affected The number of individuals affected by a phishing-related breach disclosed in March by the Oregon Department of Human Services has nearly doubled, according to a new notification statement, which offers more details.

Phishing 228

Phishing 228

IT Governance

JUNE 21, 2019

Anyone looking for advice on how to achieve effective cyber security should consider the NCSC’s (National Cyber Security Centre) 10-step guide. Originally published in 2012, it is now used by the majority of FTSE 350 organisations. In this blog, we explain each step and provide advice on how to get started. 1. Risk management regime. Organisations must understand the risks they face before implementing security measures.

Security 91

Security Data breaches Risk Access 91

Security Affairs

JUNE 15, 2019

Cybercriminals are attempting to exploit an API misconfiguration in Docker containers to infiltrate them and run the Linux bot AESDDoS. Hackers are attempting to exploit an API misconfiguration in the open-source version of the popular DevOps tool Docker Engine-Community to infiltrate containers and run the Linux bot AESDDoS (Backdoor.Linux.DOFLOO.AA).

File names 95

File names Mining Access Communications 95

Schneier on Security

JUNE 20, 2019

Security researchers Gabriel Campana and Jean-Baptiste Bédrune are giving a hardware security module (HSM) talk at BlackHat in August: This highly technical presentation targets an HSM manufactured by a vendor whose solutions are usually found in major banks and large cloud service providers. It will demonstrate several attack paths, some of them allowing unauthenticated attackers to take full control of the HSM.

Security 90

Security Manufacturing Paper Access 90

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Data Breach Today

JUNE 17, 2019

Agency Says It Tested Remote Code Execution Exploit Yet another warning has been issued about the BlueKeep vulnerability in older versions of Microsoft Windows. The latest comes from the Department of Homeland Security, which tested a remote code execution exploit.

Security 213

Security IT 213

IBM Big Data Hub

JUNE 18, 2019

In my last blog , I stressed the need for a modern data architecture (MDA) to underpin the next generation of the cognitive enterprise , fully harness data using the latest technologies, and sustain a

92

92

Security Affairs

JUNE 17, 2019

Today I’d like to share an interesting and heavily obfuscated Malware which made me thinking about the meaning of ‘Targeted Attack’ Nowadays a Targeted Attack is mostly used to address state assets or business areas. For example a targeted attack might address Naval industry ( MartyMcFly example is definitely a great example) or USA companies ( Botnet Against USA, Canada and Italy is another great example) and are mainly built focusing specific target sectors.

Computer and Electronics 91

Computer and Electronics Cybersecurity Security IT 91

Dark Reading

JUNE 20, 2019

Early information suggests threat actors gained access to the managed service provider's remote monitoring and management tools and used them to attack the firm's clients.

Ransomware 90

Ransomware Access 90

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Data Breach Today

JUNE 20, 2019

More Data, Use of the Cloud and IoT Presage Even More Big, Bad Breaches Bad news for anyone who might have hoped that the data breach problem was getting better. "Anecdotally, it just feels like we're seeing a massive increase recently," says Troy Hunt, the creator of the free "Have I Been Pwned?" breach-notification service. Unfortunately, he says, the problem is likely to worsen.

Data breaches 211

Data breaches IoT Cloud IT 211

IBM Big Data Hub

JUNE 17, 2019

AutoAI in IBM Watson Studio makes it possible for you to automate many of the often complicated and laborious tasks associated with designing, optimizing and governing AI in the enterprise.

Government 89

Government IT 89

Security Affairs

JUNE 21, 2019

Security experts at Malwarebytes have discovered a new macOS crypto miner, tracked as Bird Miner, that works by emulating Linux. Researchers at MalwareBytes have spotted a new cryptominer, tracked as Bird Miner, that targets macOS and emulates Linux. The malware spreads via a cracked installer for the music production software Ableton Live that is distributed on a piracy website called VST Crack, and that is over 2.6 GB in size. “ A new Mac cryptocurrency miner Malwarebytes detects as Bird

IT 90

IT Security Information Security 90

Dark Reading

JUNE 19, 2019

Cyber thieves aren't bound by a code of ethics. They look for weak targets and high rewards, which is exactly what Saint Ambrose Catholic offered.

Phishing 98

Phishing 98

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

Customer Experience

Data Breach Today

JUNE 19, 2019

Court Documents Outline a 'Host of Negative Consequences' The parent company of American Medical Collection Agency has filed for bankruptcy in the wake of a data breach affecting millions of patients. The filing provides an inside look at the "cascade of events" and financial havoc wreaked by a security incident.

Data breaches 211

Data breaches Security 211

Schneier on Security

JUNE 20, 2019

Matthew Green intelligently speculates about how Apple's new "Find My" feature works. If you haven't already been inspired by the description above, let me phrase the question you ought to be asking: how is this system going to avoid being a massive privacy nightmare? Let me count the concerns: If your device is constantly emitting a BLE signal that uniquely identifies it, the whole world is going to have (yet another) way to track you.

Privacy 87

Privacy Marketing IT 87

Security Affairs

JUNE 20, 2019

The Riviera Beach City, Florida, agreed to pay $600,000 in ransom to decrypt its data after a ransomware-based attack hit its computer system. The Riviera Beach City Council voted unanimously to pay $600,000 in ransom to decrypt its records after a ransomware attack hit its systems. The council has previously agreed to spend $941,000 to modernize the entire IT infrastructure after hackers broke into the city’s system three weeks ago, ecrypting data managed by the City.

Insurance 89

Insurance Ransomware Encryption Government 89