WIRED Threat Level

MAY 22, 2019

Facial recognition technology has proliferated unchecked in the US so far. Congress finally seems ready to do something about it.

IT 85

IT Privacy Security 85

Data Breach Today

MAY 21, 2019

Email Addresses, Phone Numbers Potentially Exposed There's been a potential leak of personally identifiable information from Instagram, but it's not clear yet whether the data on 49 million users came directly from the social media company. A database that was left online without password protection has since been taken down.

Passwords 243

Passwords IT 243

Krebs on Security

MAY 22, 2019

Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Such scams typically notify the recipient that he/she is being sued, and instruct them to review the attached file and respond within a few days — or else. Here’s a look at a recent spam campaign that peppered more than 100,000 business email addresses with fake legal threats harboring malware.

Phishing 277

Phishing Encryption Passwords Ransomware 277

The Last Watchdog

MAY 22, 2019

Social media consumers are getting wise to the joke that when the product is free, they’re the ones being sold. But despite the growing threat of consumer exploitation, Washington still shrinks from confronting our social media giants. Why? Because the social giants have convinced the chattering class that America simply can’t do without them. Confront the industry, we’re told, and you might accidentally kill it ?

Personal data 167

Personal data Privacy IT 167

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

Security Affairs

MAY 20, 2019

Experts discovered a privilege escalation vulnerability in the Linux Kernel, tracked as CVE-2019-11815, that affects the implementation of RDS over TCP. Experts discovered a memory corruption vulnerability in Linux Kernel that resides in the implementation of the Reliable Datagram Sockets (RDS) over TCP. The vulnerability tracked as CVE-2019-11815 could lead to privilege escalation, it received a CVSS base score of 8.1.

Cleanup 111

Cleanup Cybersecurity Security Access 111

Krebs on Security

MAY 18, 2019

Ogusers[.]com — a forum popular among people involved in hijacking online accounts and conducting SIM swapping attacks to seize control over victims’ phone numbers — has itself been hacked, exposing the email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 forum users. On May 12, the administrator of OGusers explained an outage to forum members by saying a hard drive failure had erased several months’ worth of private messages, forum post

Passwords 221

Passwords Phishing Access Security 221

The Last Watchdog

MAY 20, 2019

Even if your company issues you a locked-down smartphone, embracing best security practices remains vital Our smartphones. Where would we be without them? Related Q&A: Diligence required of Android users If you’re anything like me, making a phone call is the fifth or sixth reason to reach for your Android or iPhone. Whichever OS you favor, a good portion of the key components that make up your digital life — email, texting, social media, shopping, banking, hobbies, and work duties — now rout

Manufacturing 125

Manufacturing Authentication Security Marketing 125

Security Affairs

MAY 18, 2019

Unistellar attackers have already wiped roughly 12,000 unsecured MongoDB databases exposed online over the past three. Every time hackers deleted a MongoDB database they left a message asking the administrators to contact them to restore the data. Unfortunately, the criminal practice of deleting MongoDB databases and request a ransom to restore data is common, experts observed several campaigns targeting unsecured archive exposed online.

Archiving 110

Archiving Cybersecurity Security IT 110

Data Breach Today

MAY 20, 2019

Drones May Be Sending Data Back to China, According to News Reports The Department of Homeland Security is warning that Chinese-made drones could be sending sensitive data back to their manufacturers, where it can be accessed by the government, according to news reports.

Manufacturing 262

Manufacturing Government Access Security 262

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

AIIM

MAY 22, 2019

Good news - we’ve updated Certified Information Professional (CIP) exam! For the last six months, a group of very experienced subject matter experts has been revising the CIP exam, program, and training. With any change comes questions, so I thought I would take some time to answer some of the ones I’m sure you’re asking. Why did you update the CIP?

ECM 83

ECM Content services Compliance Analytics 83

Schneier on Security

MAY 24, 2019

Der Spiegel is reporting that the German Ministry for Internal Affairs is planning to require all Internet message services to provide plaintext messages on demand, basically outlawing strong end-to-end encryption. Anyone not complying will be blocked, although the article doesn't say how. (Cory Doctorow has previously explained why this would be impossible.).

Encryption 101

Encryption 101

Adam Levin

MAY 24, 2019

Google announced a glitch that stored unencrypted passwords belonging to several business customers, a situation that had been exploitable since 2005. In a blog post released this week, the company admitted the passwords of “some” of its G Suite customers had been stored on internal servers without cryptographic protection, also known as a hash. “This issue has been fixed and, again, we have seen no evidence of improper access to or misuse of the affected passwords.

Passwords 99

Passwords Systems administration Encryption Privacy 99

Data Breach Today

MAY 22, 2019

Passwords Remained Encrypted for Enterprise Users Google is notifying administrators and users of its business-oriented G Suite product that the company had been storing unhashed passwords for years because of a flaw in the platform. The company believes no customer data was leaked and that all passwords remained encrypted.

Passwords 251

Passwords Encryption IT 251

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Security Affairs

MAY 20, 2019

Security researchers from Chronicle, Alphabet’s cyber-security division, have spotted a Linux variant of the Winnti backdoor. Security experts from Chronicle, the Alphabet’s cyber-security division, have discovered a Linux variant of the Winnti backdoor. It is the first time that researchers found a Linux version of the backdoor user by China-linked APT groups tacked as Winnti.

Healthcare 105

Healthcare Communications Libraries Access 105

Schneier on Security

MAY 22, 2019

This clever attack allows someone to uniquely identify a phone when you visit a website, based on data from the accelerometer, gyroscope, and magnetometer sensors. We have developed a new type of fingerprinting attack, the calibration fingerprinting attack. Our attack uses data gathered from the accelerometer, gyroscope and magnetometer sensors found in smartphones to construct a globally unique fingerprint.

Paper 100

Paper 100

WIRED Threat Level

MAY 21, 2019

On the heels of embarrassing disclosures from Facebook and Twitter, Google reveals its own password bugs—one of which lasted 14 years.

Passwords 109

Passwords IT Security 109

Data Breach Today

MAY 24, 2019

McKinsey CISO Dan Fitzgerald on DevSecOps and the Future of Cloud Security Migrating from on-premises data security to the cloud and then embedding security in the application development process are common challenges for enterprises. Dan Fitzgerald, a CISO at the consultancy McKinsey & Co., shares insights on how to make these transitions.

Cloud 223

Cloud Security 223

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Dark Reading

MAY 24, 2019

Real estate title firm reportedly has closed a hole in its website that had left hundreds of millions of real estate tile insurance files accessible without authentication, according to KrebsOnSecurity.

Insurance 94

Insurance Authentication Access IT 94

erwin

MAY 23, 2019

How do organizations innovate? Taking an idea from concept to delivery requires strategic planning and the ability to execute. In the case of software development, understanding agile enterprise architecture and its relevance to DevOps is also key. DevOps, the fusion of software development and IT operations, stems from the agile development movement.

Government 91

Government Cloud Customer Experience IT 91

Security Affairs

MAY 24, 2019

Most of the digital certificates used to sign malware samples found on VirusTotal have been issued by the Certificate Authority (CA) Comodo CA. Most of the digital certificates used to sign malware samples found on VirusTotal in 2018 have been issued by the Certificate Authority (CA) Comodo CA (aka Sectigo ). Chronicle’s security researchers have analyzed submissions May 7, 2018, and May 7, 2019 discovering that out of a total of 3,815 signed malware samples, 1,775 were signed using a digital ce

Security 100

Security Cybersecurity Access IT 100

Data Breach Today

MAY 22, 2019

Did Company Also Bungle Notification for Some Victims Impacted? A misconfigured IT setting has landed a Puerto Rico-based clearinghouse and cloud software services vendor at the top of federal regulators' list of largest health data breaches so far this year. Why do these types of mistakes keep happening?

Data breaches 220

Data breaches IT Cloud 220

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Dark Reading

MAY 24, 2019

The increasing number of successful law enforcement actions and prosecutions suggest that cybercriminals have plenty of reason to be looking over their shoulders.

98

98

Reltio

MAY 21, 2019

Ankur Gupta, Sr. Product Marketing Manager, Reltio. I was in Boston last week. Coincidently, Martha had dropped a mail and wanted to talk. So I decided to take the opportunity and meet her. Martha earlier worked with one of our customers and had recently moved to another company as VP – Customer Innovation and Experience. She was delighted that we could meet in person and suggested an early morning breakfast meet.

Customer Experience 89

Customer Experience Retail B2C Marketing 89

Security Affairs

MAY 20, 2019

A new data leak made the headlines, a database containing the contact information of millions of Instagram influencers , celebrities and brand accounts has been found online. The news was first reported by the TechCrunch website, a database was left unprotected on an AWS bucket, anyone was able to access it without authentication. The unprotected database was discovered by the security researcher Anurag Sen that immediately reported its discovery to TechCrunch in an effort to find the owner.

Archiving 100

Archiving Authentication Marketing Access 100

Data Breach Today

MAY 21, 2019

Several Organizations Have Avoided Paying Ransoms, Thanks to Backup Plans Several recently reported breaches involving ransomware attacks in which organizations recovered without paying a ransom to extortionists offer a glimmer of hope that healthcare entities are getting better prepared to deal with such incidents.

Ransomware 211

Ransomware 211

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Dark Reading

MAY 22, 2019

The zero trust model might be the answer to a world in which perimeters are made to be breached. Is it right for your organization?

Security 105

Security IT 105

IBM Big Data Hub

MAY 22, 2019

IBM Cloud Pak for Data System is an integrated end-to-end platform that is cloud native by design, architected as microservices and containerized workloads. It offers instant pre-assembled provisioning and has capabilities to collect, organize and analyze data. It takes the IBM Cloud Pak for Data experience further by providing a modular approach to compute, network and storage on standard hardware, leveraging a building block approach under unified management.

Analytics 89

Analytics Cloud IT 89

Security Affairs

MAY 19, 2019

Security researchers from SRLabs have published a report that analyzed the risks for Ethereum network caused by unpatched Ethereum clients. Researchers at SRLabs published a report based on ethernodes.org data, that revealed that a large number of nodes using the popular clients Parity and Geth is still unpatched. The expert discovered that the Ethereum clients and its users remained exposed for “extended periods of time” after security patches have been released. “SRLabs research suggests

Risk 100

Risk Blockchain Security Cybersecurity 100