Sat.Apr 27, 2019 - Fri.May 03, 2019

article thumbnail

Defending Democracies Against Information Attacks

Schneier on Security

To better understand influence attacks, we proposed an approach that models democracy itself as an information system and explains how democracies are vulnerable to certain forms of information attacks that autocracies naturally resist. Our model combines ideas from both international security and computer security, avoiding the limitations of both in explaining how influence attacks may damage democracy as a whole.

article thumbnail

2 Million IoT Devices Have P2P Software Flaw: Researcher

Data Breach Today

Vulnerabilities Found in Security Cameras, Baby Monitors and More An independent security researcher is warning about a vulnerability in peer-to-peer software used in millions of IoT devices that could allow a hacker to eavesdrop on conversations or turn these items into a botnet.

IoT 236
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GUEST ESSAY: Six risks tied to social media marketing that all businesses should heed

The Last Watchdog

While the internet and social media have been very positive for businesses, there remains an inherent risk when it comes to how brands manage their Facebook, Twitter, and Instagram accounts. Related: Defusing weaponized documents While social media on every platform has benefits, there remains risks that must be addressed so as to keep your companies’ image and data safe.

Risk 118
article thumbnail

Credit Union Sues Fintech Giant Fiserv Over Security Claims

Krebs on Security

A Pennsylvania credit union is suing financial industry technology giant Fiserv , alleging that “baffling” security vulnerabilities in the company’s software are “wreaking havoc” on its customers. The credit union said the investigation that fueled the lawsuit was prompted by a 2018 KrebsOnSecurity report about glaring security weaknesses in a Fiserv platform that exposed personal and financial details of customers across hundreds of bank Web sites.

Security 174
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Why are Remote Collaboration Tools the Future of Work?

AIIM

Before the introduction of online collaboration tools, work used to take place only in the office. However, online collaboration application has made a huge transformation. Nowadays, work is executed from the place where the team members are present. Online collaboration tools have ended up making the world a smaller place. These applications are smashing all the problems related to location and distance.

More Trending

article thumbnail

NEW TECH: How Semperis came to close a huge gap in Active Directory disaster preparedness

The Last Watchdog

In today’s complex IT environments, a million things can go wrong, though only a few systems touch everything. Related: Why Active Directory is so heavily targeted For companies running Microsoft Windows, one such touch-all systems is Active Directory, or AD, the software that organizes and provides access to information across the breadth of Windows systems.

article thumbnail

Feds Bust Up Dark Web Hub Wall Street Market

Krebs on Security

Federal investigators in the United States, Germany and the Netherlands announced today the arrest and charging of three German nationals and a Brazilian man as the alleged masterminds behind the Wall Street Market (WSM), one of the world’s largest dark web bazaars that allowed vendors to sell illegal drugs, counterfeit goods and malware. Now, at least one former WSM administrator is reportedly trying to extort money from WSM vendors and buyers (supposedly including Yours Truly) — i

Marketing 161
article thumbnail

Thanks AIIM—This Isn’t Goodbye

AIIM

Some of you may know that, when I was a kid, my dad was my high school principal and my mom was our high school drama teacher. Basically, it meant that NO ONE asked me out on a date. But it also meant that I had a unique front row seat for observing my parents in their ‘natural environments’. I knew they taught, I knew they loved what they did, and I knew they were really, really good at what they did because all the kids and teachers loved them.

ECM 148
article thumbnail

Citrix Hackers Camped in Tech Giant's Network for 6 Months

Data Breach Today

FBI Tipoff Led to Discovery; Citrix Blames Poor Password Security Citrix says the data breach it first disclosed in early March appears to have persisted for six months before being discovered and hackers ejected. In an ironic twist, the company sells the very products that might have blocked recent credential stuffing and password spraying attacks against it.

Passwords 243
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

MY TAKE: New ‘cyberthreat index’ shows SMBs cognizant of big risks, ill-prepared to deal with them

The Last Watchdog

Small and midsize businesses — so-called SMBs — face an acute risk of sustaining a crippling cyberattack. This appears to be even more true today than it was when I began writing about business cyber risks at USA TODAY more than a decade ago. Related: ‘Malvertising’ threat explained However, one small positive step is that company decision makers today, at least, don’t have their heads in the sand.

Risk 144
article thumbnail

Trump’s World Still Faces 16 Known Criminal Probes

WIRED Threat Level

Mueller is done and Rosenstein is on his way out the door, but federal and state authorities around the country are still investigating the president and those in his orbit.

Security 111
article thumbnail

[Podcast] Good Vibrations – Co-Authoring, AIIM19, and the Beach Boys

AIIM

It’s warm greetings from sunny San Diego on this episode of the AIIM on Air podcast! Your host Kevin Craine comes to you from The AIIM Conference 2019 floor with a series of interviews from the hallways, sessions, and even poolside at the Conference Party (if you listen closely, you can hear the party’s Beach Boys cover band in the background). AIIM19 welcomed over 700 information professionals from all over the world joining up to learn, network, and even party - together.

Libraries 111
article thumbnail

Vodafone, Huawei Dispute Report of Telnet 'Backdoor'

Data Breach Today

Huawei Denies Concealing Backdoors in Equipment Vodafone is disputing a Bloomberg report that security vulnerabilities and backdoors within Huawei networking equipment could have allowed unauthorized access to its fixed-line carrier network in Italy. The report comes as Huawei continues to face concerns over its engineering practices and government ties.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

MY TAKE: NIST Cybersecurity Framework has become a cornerstone for securing networks

The Last Watchdog

If your company is participating in the global supply chain, either as a first-party purchaser of goods and services from other organizations, or as a third-party supplier, sooner or later you’ll encounter the NIST Cybersecurity Framework. Related: How NIST protocols fit SMBs The essence of the NIST CSF is showing up in the privacy regulations now being enforced in Europe, as well as in a number of U.S. states.

article thumbnail

Federal cybersecurity: breaking down the barriers to adoption

Thales Cloud Protection & Licensing

Over the last two election cycles, we’ve seen an increased focus on election security, hacking and fraud. While many state and government officials are under no illusion that they are safe from a digital attack, concern should run deeper than election integrity. Most federal security issues are a result of well-known long-standing vulnerabilities that agencies have not addressed.

article thumbnail

Ignore the hysteria, Cloud Foundry is just fine

DXC Technology

Recently, Rishidot analyst Krishnan Subramanian proclaimed the Cloud Foundry, Platform-as-a-Service (PaaS) cloud, had met its demise as a standalone platform. Really? That’s news to me, and I cover Cloud Foundry like paint. What got Subramanian so frazzled was Cloud Foundry started offering Docker in place of its own container runtime, Garden.

Cloud 105
article thumbnail

Hackers Steal, Post Financial Data From Major Corporations

Data Breach Today

After Citycomp Refuses to Pay Ransom, Cybercriminals Post Customers' Data Online Cybercriminals have stolen customer data from, Citycomp, a German IT company whose clients include Oracle, Volkswagen, Airbus, Ericsson, Toshiba British Telecom and many others. After not paying the ransom, the gang posted the data online.

IT 235
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Over 23 million breached accounts were using ‘123456’ as password

Security Affairs

A cyber survey conducted by the United Kingdom’s National Cyber Security Centre (NCSC) revealed that ‘123456’ is still the most hacked password. Security experts at the United Kingdom’s National Cyber Security Centre (NCSC) analyzed the 100,000 most-commonly re-occurring breached passwords using data from Have I Been Pwned (HIBP). Have I Been Pwned allows users to search across multiple data breaches to see if their email address has been compromised.

Passwords 105
article thumbnail

Rethinking how things get done, part 4: Moving to an agile operating model

CGI

Rethinking how things get done, part 4: Moving to an agile operating model. pooja.cs@cgi.com. Wed, 05/01/2019 - 22:28. Imagine you’ve just awakened from a deep sleep, and your enterprise is operating just as you’ve always dreamed. It’s listening to customers, innovating, and designing and launching new products and services quickly. It’s also collaborating more (both internally and externally and with thought leaders) and responding agilely to changing business demands.

article thumbnail

Enterprise Architect: A Role That Keeps Evolving

erwin

Enterprise architect is a common job title within IT organizations at large companies, but the term lacks any standard definition. Ask someone on the business side what their organization’s enterprise architects do, and you’ll likely get a response like, “They work with IT,” which is true, but also pretty vague. What the enterprise architects at your organization do depends in large part on how the IT department is organized.

article thumbnail

'Five Eyes' Intelligence Agencies Discuss Strategies

Data Breach Today

The latest edition of the ISMG Security Report describes a discussion among "Five Eyes" intelligence agencies at the recent CyberUK conference. Plus, an update on a Huawei 'backdoor' allegation and new research on managing third-party risk.

Risk 226
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Cisco discovered several flaws in Sierra Wireless AirLink ES450 devices

Security Affairs

Experts at Cisco Talos group disclosed a dozen vulnerabilities uncovered in Sierra Wireless AirLink gateways and routers, including several serious flaws. Researchers at Cisco Talos group disclosed a dozen vulnerabilities affecting Sierra Wireless AirLink gateways and routers, including several serious flaws. Some of the flaws could be exploited to execute arbitrary code, modify passwords, and change system settings, Sierra Wireless AirLink gateways and routers are widely used in enterprise envi

article thumbnail

Cybersecurity for the Public Interest

Schneier on Security

The Crypto Wars have been waging off-and-on for a quarter-century. On one side is law enforcement, which wants to be able to break encryption, to access devices and communications of terrorists and criminals. On the other are almost every cryptographer and computer security expert, repeatedly explaining that there's no way to provide this capability without also weakening the security of every user of those devices and communications systems.

article thumbnail

Survey reveals just how bad the UK is at creating passwords

IT Governance

There are more than 171,000 words in the English language, and yet millions of us can’t look beyond the word that’s right in front of us when selecting a password. Yes, the NCSC (National Cyber Security Centre)’s Cyber Security Survey found that 3.6 million Britons use ‘password’ as their password. Just as bad are the 23.2 million who use ‘123456’ and the 3.8 million who use ‘qwerty’.

article thumbnail

Darknet Disruption: 'Wall Street Market' Closed for Business

Data Breach Today

Suspected Admins Arrested in Germany and Alleged Top Narcotics Vendors in US German police have disrupted Wall Street Market and arrested its alleged administrators, who apparently "exit scammed" with $13 million in bitcoins, while U.S. authorities detained two of the site's alleged top narcotics vendors. Separately, Finnish police disrupted Silkkitie, aka Valhalla Marketplace.

Marketing 207
article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

A ‘Cyber Event’ disrupted power grid operations in three US states

Security Affairs

The Department of Energy confirmed that in March a cyber event disrupted power grid operations in California, Wyoming, and Utah. The Department of Energy confirmed that on March 2019, between 9 a.m. and 7 p.m., a cyber event disrupted energy grid operations in California, Wyoming, and Utah. The news was first reported by E&E News, a “cyber event” interrupted grid operations in parts of the western United States in March, according to a report posted by the Department of Energy.

article thumbnail

Why Isn't GDPR Being Enforced?

Schneier on Security

Politico has a long article making the case that the lead GDPR regulator, Ireland, has too cozy a relationship with Silicon Valley tech companies to effectively regulate their privacy practices. Despite its vows to beef up its threadbare regulatory apparatus, Ireland has a long history of catering to the very companies it is supposed to oversee, having wooed top Silicon Valley firms to the Emerald Isle with promises of low taxes, open access to top officials, and help securing funds to build gli

GDPR 95
article thumbnail

Why intelligent cloud ERP delivers increased value

DXC Technology

Agility is the name of the game for businesses who want the ability to respond to threats and opportunities in their marketplace. The arrival of intelligent cloud ERP provides the core technology that allows organisations to build the agile foundation required for entering new markets and becoming the disruptors of their industry. Intelligent cloud ERP […].

Cloud 91