Sat.Aug 25, 2018 - Fri.Aug 31, 2018

article thumbnail

Here’s how anyone with $20 can hire an IoT botnet to blast out a week-long DDoS attack

The Last Watchdog

Distributed denial of service (DDoS) attacks continue to erupt all across the Internet showing not the faintest hint of leveling off, much less declining, any time soon. Related video: How DDoS attacks leverage the Internet’s DNA. To the contrary, DDoS attacks appear to be scaling up and getting more sophisticated in lock step with digital transformation; DDoS attacks today are larger, more varied and come at the targeted website from so many more vectors than ever before.

IoT 215
article thumbnail

Essential security – Cyber Essentials and it’s five controls

IT Governance

Most criminal hackers aren’t state-sponsored agencies or activists looking for high-profile targets, and they don’t spend countless hours staking out and researching their targets. Instead, they’re more opportunistic, looking for poorly-protected targets. Just like an organised house burglar might send out scouts looking for signs of poorly-safeguarded properties, the modern cyber criminal will send out phishing emails or network scans looking for vulnerable systems.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

I’m worried about information leaks. How can I securely share my files?

OpenText Information Management

The internet was born to connect us to each other and to the information we need. And somewhere along the way, sharing content—whether it’s your mood on social media or your experience through message boards—became easier and easier. Sharing files is no different. It’s as easy as a click, drag and drop and your file … The post I’m worried about information leaks.

article thumbnail

T-Mobile Database Breach Exposes 2 Million Customers' Data

Data Breach Today

Attacker Wants to Sell Stolen Data, Security Researcher Warns T-Mobile has suffered a breach that may have exposed personal data for 2.3 million of its 77 million customers, and one security researcher says the hacker appears to be keen to sell the stolen data.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Who’s Behind the Screencam Extortion Scam?

Krebs on Security

The sextortion email scam last month that invoked a real password used by each recipient and threatened to release embarrassing Webcam videos almost certainly was not the work of one criminal or even one group of criminals. Rather, it’s likely that additional spammers and scammers piled on with their own versions of the phishing email after noticing that some recipients were actually paying up.

Passwords 120

More Trending

article thumbnail

7 Steps to Start Searching with Shodan

Dark Reading

The right know-how can turn the search engine for Internet-connected devices into a powerful tool for security professionals.

Security 104
article thumbnail

Russian Trolls 'Spread Vaccine Misinformation' Online

Data Breach Today

Bots and Trolls Account for Majority of Vaccine Tweets, Researchers Find Public health alert: Russian trolls have been spreading "polarized and anti-vaccine" misinformation via social media in a manner that appears designed to undercut trust in vaccines, researchers warn. Lower vaccination rates have already contributed to a rise in mass outbreaks of measles among children.

183
183
article thumbnail

Future Cyberwar

Schneier on Security

A report for the Center for Strategic and International Studies looks at surprise and war. One of the report's cyberwar scenarios is particularly compelling. It doesn't just map cyber onto today's tactics, but completely re-imagines future tactics that include a cyber component (quote starts on page 110). The U.S. secretary of defense had wondered this past week when the other shoe would drop.

article thumbnail

Digital Darwinism – Three Transformational Tactics to Consider

AIIM

Digital transformation can mean different things to different organizations. For some, it might mean simply getting rid of paper. But in these competitive times organizations need to look further. That is the subject of an upcoming AIIM webinar “ Digital Darwinism - Real Digital Transformation for Your Automation Projects ” that will explore how the processes that are most-ripe for automation are those that require a bit more thought.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

The Rise of an Overlooked Crime – Cyberstalking

Security Affairs

Cyberstalking is one of the most overlooked crimes. This is exactly why it is among the fastest growing crimes in the world. Learn all there is about cyberstalking here. The internet has been a blessing since its inception. The very concept of globalization has come into existence just because of the internet. The world that was previously unconnected soon became a global village with different cultures and traditions linking together via the information highway.

article thumbnail

Paying Ransoms: More Cons Than Pros

Data Breach Today

The March SamSam ransomware attack in Atlanta is reported to have cost the city $17 million to resolve. The attackers had asked for a $51,000 bitcoin ransom, which the city refused to pay. But Gartner Research analyst Avivah Litan stresses that paying ransoms has more cons than pros.

article thumbnail

CIA Network Exposed Through Insecure Communications System

Schneier on Security

Interesting story of a CIA intelligence network in China that was exposed partly because of a computer-security failure: Although they used some of the same coding, the interim system and the main covert communication platform used in China at this time were supposed to be clearly separated. In theory, if the interim system were discovered or turned over to Chinese intelligence, people using the main system would still be protected -- and there would be no way to trace the communication back to

article thumbnail

Six steps to improve your file classification- Part 2

TAB OnRecord

In this two-part post we share six steps you can take to improve your current file classification process. In part one we shared insights about where to begin your classification project, and strategies for effectively subdividing your files. In part two we discuss the importance of retention schedules and useful coding tools for your files. [.] Read More.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Android mobile devices from 11 vendors are exposed to AT Commands attacks

Security Affairs

A group of researchers has conducted an interesting study on AT commands attacks on modern Android devices discovering that models of 11 vendors are at risk. A group of researchers from the University of Florida, Stony Brook University, and Samsung Research America, has conducted an interesting research on the set of AT commands that are currently supported on modern Android devices.

Paper 83
article thumbnail

Air Canada: Attack Exposed 20,000 Mobile App Users' Data

Data Breach Today

Airline Hits Password-Nuke Button, Forces Reset on 1.7 Million Accounts Air Canada is forcing 1.7 million mobile app account users to reset their passwords after it detected unusual login behavior that it says may have exposed 20,000 accounts, including passport information. But the company is enforcing password complexity rules that experts advise against.

Passwords 167
article thumbnail

GDPR and a history of regulation-driven innovation

IBM Big Data Hub

Changes in rules and regulations create a fertile environment for innovation, in sports and in business. You just have to know where to look and approach things with an open mind.

GDPR 77
article thumbnail

Pwned Passwords, Now As NTLM Hashes!

Troy Hunt

I'm still pretty amazed at how much traction Pwned Passwords has gotten this year. A few months ago, I wrote about Pwned Passwords in Practice which demonstrates a whole heap of great use cases where they've been used in registration, password reset and login flows. Since that time, another big name has come on board too : I love that a service I use every day has taken something I've built and is doing awesome things with it!

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

USBHarpoon a look-like charging cable that can hack into your computer

Security Affairs

A team of security experts has devised a rogue USB charging cable named USBHarpoon that can be used to compromise a computer in just a few seconds. The team was composed of Olaf Tan and Dennis Goh of RFID Research Group , Vincent Yiu of SYON Security , and the popular Kevin Mitnick. The USBHarpoon takes inspiration on the BadUSB project built by researchers at Security Research Labs lead by Karsten Nohl.

article thumbnail

Philips, BD Yet Again Issue Medical Device Security Alerts

Data Breach Today

Experts Say Companies Offer Good Examples of Transparency Philips and Becton Dickinson have each issued multiple alerts this year regarding cybersecurity flaws in some of their medical devices. Some security experts say the two companies' transparency about cybersecurity issues - including new alerts issued last week - should be emulated by other manufacturers.

article thumbnail

Newsmaker Interview: Derek Manky on ‘Self-Organizing Botnet Swarms’

Threatpost

Botnets fused with artificial intelligence are decentralized and self-organized systems, capable of working together toward a common goal – attacking networks.

article thumbnail

Winning with AI: Industry POV on how to change the game, part 1

IBM Big Data Hub

Will artificial intelligence remake business as we know it? Will AI change the way we do our jobs – or reshape entire categories of careers? How can businesses harness the transformative potential of AI and outplay the competition? Leaders from a broad range of industries and expertise will be discussing these questions at “Changing the Game: Winning with AI,” a 13 September, 2018 event taking place live in New York City.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

DataGuidance’s Thought Leaders in Privacy: Vishnu Shankar

Data Matters

Vishnu Shankar, an associate in our London office, spoke with DataGuidance at the 2018 IAPP Data Protection Intensive. He discussed his recommendations on regulatory requirements regarding breach notification across several key pieces of legislation, including the GDPR and the NIS Directive, as well as sector-specific requirements. See More >> The post DataGuidance’s Thought Leaders in Privacy: Vishnu Shankar appeared first on Data Matters Privacy Blog.

Privacy 60
article thumbnail

Breach Reveal: PG&E Exposed 30,000 Sensitive Records

Data Breach Today

Previously Unnamed Utility Reached Record $2.7 Million Settlement Agreement A previously unnamed U.S. energy company that agreed to a record $2.7 million settlement after it left 30,000 records about its information security assets exposed online for 70 days in violation of energy sector cybersecurity regulations has been named as California utility PG&E.

article thumbnail

Simple and proactive security wins for your organisation

IT Governance

A good cyber security strategy should be built on firm foundations. As the sermon goes, you can’t build your castle on sand and expect it not to sink. Any organisation can be targeted by cyber criminals. However, SMEs (small and medium-sized enterprises) are at higher risk of being hacked than their larger counterparts. Criminal hackers know that larger organisations are better protected, whereas SMEs often lack the resources to protect themselves against evolving cyber threats.

article thumbnail

Australia banned Huawei from 5G network due to security concerns

Security Affairs

Chinese-owned telecommunications firm Huawei has been banned from Australia’s 5G network due to security concerns. The Australian government considers risky the involvement of Huawei for the rolling out of next-generation 5G communication networks. Huawei Australia defined the decision disappointing. We have been informed by the Govt that Huawei & ZTE have been banned from providing 5G technology to Australia.

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

NYDFS Cybersecurity Regulation: Additional Cybersecurity Program Safeguards Due September 4, 2018

Data Matters

Companies subject to New York’s Cybersecurity Regulation are acting quickly to finalize their compliance obligations as the fifth “due date,” September 4, 2018, quickly approaches. By September 4, 2018, Covered Entities must ensure that their cybersecurity programs have in place certain additional safeguards: an audit trail that shows detection of and response to material cybersecurity events; written security procedures, guidelines, and standards for the development of in-house applications and

article thumbnail

Police Probe Sale of 130 Million Chinese Hotel-Goers' Data

Data Breach Today

Hotel Giant Huazhu May Have Accidentally Uploaded Access Credentials to GitHub Police in Shanghai are investigating the apparent loss of 130 million customers' personal details from Huazhu Hotels Group. The data exposure may trace to the Chinese hotel group's developers accidentally accessing credentials for a production database to GitHub.

Sales 145
article thumbnail

How ISO 27001 can help you achieve GDPR compliance

IT Governance

Anyone struggling with the EU GDPR (General Data Protection Regulation) should look no further than ISO 27001. It’s the international standard for information security, and its framework is close enough to the Regulation’s that many experts consider it a perfect launchpad for a GDPR compliance project. Certifying to the Standard means you’re already halfway to GDPR compliance, plus you’ll experience the general benefits of ISO 27001 certification.

GDPR 67