Schneier on Security

SEPTEMBER 6, 2018

The Five Eyes -- the intelligence consortium of the rich English-speaking countries (the US, Canada, the UK, Australia, and New Zealand) -- have issued a " Statement of Principles on Access to Evidence and Encryption " where they claim their needs for surveillance outweigh everyone's needs for security and privacy.the increasing use and sophistication of certain encryption designs present challenges for nations in combatting serious crimes and threats to national and global security.

Security 99

Security Encryption Access Government 99

Thales Cloud Protection & Licensing

SEPTEMBER 6, 2018

In my recent blog on the evolving PCI SSC initiatives in 2018, “ Minor on PCI DSS, major on almost everything else ,” I outlined how the organisation is covering new areas to reflect the migration from physical card payments to online digital payments. Much of the latest innovation involves the use of mobile devices (for both initiation and acceptance ) to provide greater flexibility in how payments can be made and offer additional methods to authenticate transactions.

Security 66

Security Encryption Compliance Risk 66

IT Governance

SEPTEMBER 7, 2018

Data breaches can happen to anybody. Incidents at large organisations – such as Dixons Carphone and Superdrug – might be reported on more often, giving you the impression that they are the most frequent targets, but these are actually the exception. Breaches occur most often at SMEs (small and medium-sized enterprises), if only because there are a lot more of them.

Data breaches 61

Data breaches GDPR Paper Personal data 61

Krebs on Security

SEPTEMBER 4, 2018

mSpy , the makers of a software-as-a-service product that claims to help more than a million paying customers spy on the mobile devices of their kids and partners, has leaked millions of sensitive records online, including passwords, call logs, text messages, contacts, notes and location data secretly collected from phones running the stealthy spyware.

Passwords 176

Passwords Encryption Authentication Mining 176

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

Data Breach Today

SEPTEMBER 3, 2018

'CEO Fraud' Social-Engineering Attacks Continue to Surge Business email compromise attacks continue to be lucrative, for the criminally inclined. With the FBI reporting that reports of such attacks have recently doubled, researchers find that tricking victims into making fraudulent wire transfers remains attackers' top goal.

170

170

Weissman's World

SEPTEMBER 5, 2018

If there’s one thing we know about doing information right – which is to say, improving the care and feeding of your critical business information – it’s that it’s really hard to know where to begin. Should we scan the boxes full of paper that’s cluttering our hallways? Should we comb through our shared drives […]. The post Doing Information Right: Where Do I Begin?

Paper 120

Paper Records Management Government 120

Krebs on Security

SEPTEMBER 6, 2018

A 19-year-old man from the United Kingdom who headed a cybercriminal group whose motto was “Feds Can’t Touch Us” pleaded guilty this week to making bomb threats against thousands of schools. On Aug. 31, officers with the U.K.’s National Crime Agency (NCA) arrested Hertfordshire resident George Duke-Cohan, who admitted making bomb threats to thousands of schools and a United Airlines flight traveling from the U.K. to San Francisco last month.

Security 161

Security IT 161

Data Breach Today

SEPTEMBER 3, 2018

Lock Down Magento E-Commerce Software or See Card Details Get Routed to Moscow In the past six months, more than 7,000 sites that run Magento e-commerce software have been infected with malicious JavaScript designed to harvest customers' payment card details as they finalize their orders, a security researcher warns.

Security 169

Security 169

The Last Watchdog

SEPTEMBER 2, 2018

Just like the best sourdough bread derives from a “mother” yeast that gets divided, passed around, and used over and over, open-source software applications get fashioned from a “mother” library of code created and passed around by developers. Related: Equifax hack highlights open source attack vectors. In today’s world, quick innovations are a necessity, and software developers would rather not lose valuable time reinventing the wheel.

Compliance 129

Compliance Libraries Sales Personal data 129

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Data Matters

SEPTEMBER 7, 2018

On September 5, 2018, the new Belgian Data Protection Act implementing the GDPR (the Belgian Act ) was published and entered into force. Despite the GDPR being an EU regulation that directly applies to all EU Member States, several provisions of the GDPR explicitly allow, and even require, Member States to enact legislation which implements the law.

GDPR 96

GDPR Archiving Privacy Compliance 96

Krebs on Security

SEPTEMBER 5, 2018

Popular file-sharing site Mega.nz is warning users that cybercriminals hacked its browser extension for Google Chrome so that any usernames and passwords submitted through the browser were copied and forwarded to a rogue server in Ukraine. This attack serves as a fresh reminder that legitimate browser extensions can and periodically do fall into the wrong hands, and that it makes good security sense to limit your exposure to such attacks by getting rid of extensions that are no longer useful or

Risk 144

Risk Access Phishing Passwords 144

Data Breach Today

SEPTEMBER 5, 2018

With the midterm elections just around the corner, Barbara Simons, author of the election security book "Broken Ballots," explains why some voting computers remain inherently flawed.

Security 167

Security 167

The Last Watchdog

SEPTEMBER 5, 2018

There is a concept in computing, called runtime, that is so essential and occurs so ubiquitously that it has long been taken for granted. Now cyber criminals have begun to leverage this heretofore innocuous component of computing to insinuate themselves deep inside of company networks. Related: The coming wave of ‘microcode’ attacks. They’ve figured out how to manipulate applications while in runtime and execute powerful and stealthy attacks that bypass conventional security tools.

Ransomware 104

Ransomware Access Marketing Cloud 104

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

TAB OnRecord

SEPTEMBER 5, 2018

Is it possible that you’re not managing your organizations records, but rather they are managing you? If panicked “All-Office” emails are common or if people are regularly searching for critical files after the information was needed, the answer may be yes. The following questions are designed to help diagnose how your organization uses and stores information.

Records Management 94

Records Management IT 94

AIIM

SEPTEMBER 5, 2018

Intelligent Information Management (IIM).It sounds great, but what the heck do those 3 words really mean? Here at AIIM, you've probably heard us use IIM to describe the core set of capabilities that are necessary for organizations to digitally transform. In fact, we believe so whole-heartedly that it's the future of Information Management that we actually changed our name to the Association of Intelligent Information Management and even wrote the book on it.

ECM 82

ECM Digital transformation Libraries Access 82

Data Breach Today

SEPTEMBER 5, 2018

But Tech-Support Fraud is Surging, via Cold Calls, Phishing and More, FBI Warns While tech-support scams have proliferated for years, the FBI says losses tied to such fraud are now higher than ever. Google has pledged to crack down on fake tech-support listings. But fraudsters regularly employ a variety of channels, including cold calls, pop-up windows and phishing emails.

Phishing 165

Phishing 165

The Last Watchdog

SEPTEMBER 7, 2018

Over the past couple of decades, some amazing advances in locking down software code have quietly unfolded in, of all places, Hollywood. Related: HBO hack spurs cyber insurance market. Makes sense, though. Digital media and entertainment giants like Netflix, Amazon, Hulu, HBO, ESPN, Sony, and Disney are obsessive about protecting their turf. These Tinsel Town powerhouses retain armies of investigators and lawyers engaged in a never-ending war to keep piracy and subscription fraud in check.

IoT 103

IoT Security Digital transformation Cloud 103

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

IT Governance

SEPTEMBER 7, 2018

Saying you’ve done something doesn’t necessarily mean you’ve actually done it. Almost every data breach begins with an organisation saying they were secure until a crook comes along and shows them otherwise. . This is one of the biggest problems facing the cyber security industry. Organisations approach issues reluctantly, creating measures that seem adequate but are in fact only, to borrow from information governance expert Andrea Simmons, “skin deep”. .

Security 98

Security Information Security Information governance Data breaches 98

AIIM

SEPTEMBER 5, 2018

Intelligent Information Management (IIM).It sounds great, but what the heck do those 3 words really mean? Here at AIIM, you've probably heard us use IIM to describe the core set of capabilities that are necessary for organizations to digitally transform. In fact, we believe so whole-heartedly that it's the future of Information Management that we actually changed our name to the Association of Intelligent Information Management and even wrote the book on it.

ECM 80

ECM Digital transformation Libraries Access 80

Data Breach Today

SEPTEMBER 7, 2018

'Personal and Financial Details' Stolen From 380,000 Website and App Transactions British Airways is warning customers that it suffered a hack attack that compromised up to 380,000 customers' payment cards as well as personal data over a 15-day period. The airline says it was alerted to the breach by a business partner that monitors its websites.

Personal data 154

Personal data IT 154

The Last Watchdog

SEPTEMBER 4, 2018

Most large enterprises today can point to multi-millions of dollars expended over the past two decades erecting “layered defenses” to protect their digital systems. Yet catastrophic network breaches continue apace. Turns out there’s a downside to “defense in depth.”. Related: Obsolecense creeps into legacy systems. There’s no doubt that monitoring and continually updating all parts of a multi-tiered security system is a must-do best practice.

Data breaches 103

Data breaches Honeypots Digital transformation Mining 103

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

IT Governance

SEPTEMBER 4, 2018

When we consider the damage a data breach can cause, we tend to focus on the cost of breach reporting, potential fines and loss of reputation. One of the ‘unseen’ costs is the potential loss or theft of an organisation’s IP (intellectual property). IP includes sensitive business or trading information and research and development information. The risk of losing your IP.

Healthcare 83

Healthcare Insurance Manufacturing Risk 83

OpenText Information Management

SEPTEMBER 7, 2018

Gone are the days of the “job ladder” – following one linear path for your entire career. Instead, professionals today tend to create their own adventure by gaining experience across a wider range of disciplines. Lynn Elwood, VP of Cloud & Services Solutions, is a prime example of this. Lynn’s desire to be challenged and … The post Thriving as a woman in tech: A Q&A with OpenText VP, Lynn Elwood appeared first on OpenText Blogs.

Cloud 80

Cloud 80

Data Breach Today

SEPTEMBER 4, 2018

Joseph Feiman of WhiteHat Security on the Need for Cultural Change Application security is not improving because about 60 percent of vulnerabilities never get fixed, says Joseph Feiman of WhiteHat Security.

Security 151

Security 151

Data Matters

SEPTEMBER 5, 2018

On Friday, August 31, the California legislature unanimously passed a host of “clean-up” amendments to the new California Consumer Privacy Act (CCPA), AB 375 , as it set about addressing flaws and other concerns in the state’s groundbreaking data privacy law. These amendments are now awaiting Governor Brown’s signature. These amendments follow closely on the heels of the State’s initial enactment of the CCPA in June.

Privacy 68

Privacy Compliance Data breaches Sales 68

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

WIRED Threat Level

SEPTEMBER 4, 2018

"Whatever we propose is going to be controversial. But it’s important we do something, because everyone is unsatisfied by URLs. They kind of suck.".

Security 85

Security 85

IT Governance

SEPTEMBER 6, 2018

This week, we discuss a data breach at Plusnet, poor security at tvlicensing.co.uk, why most BEC scams succeed, and what causes most data breaches. Hello and welcome to the IT Governance podcast for Friday, 7 September. Many thanks to Jay and Lewis for holding the fort while I was away. Here are this week’s stories. In one of the biggest projects it’s undertaken in 21 years, the broadband provider Plusnet migrated to a new customer billing system at the weekend, and – as befalls so many companie

Data breaches 75

Data breaches Phishing Information Security Access 75

Data Breach Today

SEPTEMBER 7, 2018

Variant of Hermes Poses Major Risks, HHS Warns Organizations should be on guard for an attacks involving apparent variant of Hermes ransomware - dubbed Ryuk - that attempts to encrypt network resources. It has already victimized several global organizations in the U.S. and elsewhere, according to a federal alert, which offers mitigation advice.

Ransomware 145

Ransomware Encryption Risk IT 145