TAB OnRecord

JULY 1, 2019

Compliance 60

Compliance Risk 60

Threatpost

JULY 3, 2019

Amazon's acknowledgment that it saves Alexa voice recordings - even sometimes after consumers manually delete their interaction history - has thrust voice assistant privacy policies into the spotlight once again.

Privacy 106

Privacy IT Data Privacy IoT 106

WIRED Threat Level

JULY 5, 2019

Ransomware attacks, supply chain hacks, escalating tensions with Iran—the first six months of 2019 have been anything but boring.

Cybersecurity 111

Cybersecurity Ransomware Security 111

Data Breach Today

JULY 3, 2019

Researchers Say Attackers Could Have Ties to Iranian-Backed APT Group The U.S. Cyber Command has issued a warning that attackers are attempting to exploit an older vulnerability in Microsoft Outlook to plant remote access Trojans or other types of malware within government networks. Some researchers say the exploits could be tied to an Iranian-backed threat group.

Government 274

Government Access 274

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

The Last Watchdog

JULY 1, 2019

As the presidential debate season ramps up, the specter of nation-state sponsored hackers wreaking havoc, once more, with U.S. elections, looms all too large. It’s easy to get discouraged by developments such as Sen. McConnell recently blocking a bi-partisan bill to fund better election security , as well as the disclosure that his wife, Transportation Security Elaine Chao, has accepted money from voting machine lobbyists.

Phishing 119

Phishing Risk Passwords Cybersecurity 119

Thales Cloud Protection & Licensing

JULY 3, 2019

I recently had the pleasure of sharing some industry insights from our 2019 Data Threat Report-Federal Edition on Cyberwire’s Daily Podcast –specifically addressing the gap in security responsibility many federal agencies face today as they move tremendous amounts of sensitive data into multicloud environments. We also discussed a new digital landscape where perimeter defense is no longer effective.

Government 120

Government Security Encryption IoT 120

Data Breach Today

JULY 2, 2019

Infected City Fires IT Manager; New Victims in Florida, Georgia More U.S. cities and other governmental units reportedly have been hit by ransomware in an unrelenting wave that has proved profitable for hackers. Here's a roundup of the latest incidents.

Ransomware 267

Ransomware IT 267

National Archives Records Express

JULY 1, 2019

Late last week, the Office of Management and Budget (OMB) and NARA jointly issued a new memorandum with guidance on managing Federal records. The new memo, titled Transition To Electronic Records (OMB/NARA M-19-21) is available at [link]. NARA is pleased to have the Administration’s continuing support for modernizing Federal agency recordkeeping and bringing about the necessary transformation to a fully electronic government.

Records Management 109

Records Management Government IT 109

Security Affairs

JUNE 30, 2019

Explorer, Mozilla Firefox, Google Chrome, and Opera, no matter which web browser you use, here’s what you need to know to protect them against attacks. There are a number of web browsers available for surfing sites and accessing the content. The most popular and widely used are Internet Explorer, Mozilla Firefox, Google Chrome, and Opera. No matter which browser you use there are certain security leaks in each one of them.

Security 107

Security Risk Authentication Passwords 107

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Schneier on Security

JULY 4, 2019

Pretty horrible story of a US journalist who had his computer and phone searched at the border when returning to the US from Mexico. After I gave him the password to my iPhone, Moncivias spent three hours reviewing hundreds of photos and videos and emails and calls and texts, including encrypted messages on WhatsApp, Signal, and Telegram. It was the digital equivalent of tossing someone's house: opening cabinets, pulling out drawers, and overturning furniture in hopes of finding something -- any

Mining 100

Mining Passwords Encryption Communications 100

Data Breach Today

JULY 1, 2019

Cloud-Based Databases Belonged to IT Firm Attunity Several unsecured Amazon S3 buckets belonging to IT services firm Attunity left at least 1TB of data, including files from companies such as Netflix, TD Bank and Ford, exposed to the internet, UpGuard researchers disclosed. Although the databases have been secured, an investigation is continuing.

Cloud 244

Cloud Security IT 244

IT Governance

JULY 4, 2019

The threat of r ansomware isn ’ t going away – in fact, it’s worse than ever, with 28 reported attacks in the past three months. . That’s not a surprise, given how often victims pay fraudsters to free their infrastructure from the crippling malware. Experts urge organisations not to negotiate with criminal hackers , yet many – like t he governments of Riviera Beach, Flo rida , and nearby Lake City – feel compelled to meet their demands. .

Ransomware 95

Ransomware Government Phishing Encryption 95

Security Affairs

JULY 5, 2019

Eurofins Scientific, the UK’s biggest provider of forensic services, has paid a ransom to demand to recover its data after a ransomware attack. Eurofins Scientific, the UK’s largest police forensics lab contractor, announced to have paid a ransom to crooks to recover its data after a ransomware had been encrypted them. The company is based in Brussels and manages more than 800 laboratories all over the world.

Ransomware 107

Ransomware Insurance Encryption Security 107

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Schneier on Security

JULY 5, 2019

My Applied Cryptography is on a list of books banned in Oregon prisons. It's not me -- and it's not cryptography -- it's that the prisons ban books that teach people to code. The subtitle is "Algorithms, Protocols, and Source Code in C" -- and that's the reason. My more recent Cryptography Engineering is a much better book for prisoners, anyway.

IT 97

IT 97

Data Breach Today

JULY 2, 2019

Campaign Targeted Those Interested in Libyan Politics Malicious actors are increasingly using social media platforms to spread malware to unsuspecting victims. In the latest incident, Facebook removed more than 30 pages from its platform after security analysts with Check Point Research found that a hacker had loaded them with malware.

Security 233

Security IT 233

DLA Piper Privacy Matters

JULY 1, 2019

On July 9th, Europe’s highest court – the Court of Justice of the European Union (CJEU) – is set to hear a case concerning the validity of two key data transfer mechanisms: Standard Contractual Clauses (SCCs) and Privacy Shield – mechanisms widely used by businesses within the European Economic Area (EEA) to legitimise the transfer of personal data to countries outside the EEA.

Privacy 94

Privacy Personal data GDPR Risk 94

Security Affairs

JUNE 30, 2019

Medtronic and the US government have warned that some Medtronic MiniMed insulin pumps are vulnerable to cyber attacks. Medtronic and the United States government have warned of a security vulnerability affecting some Medtronic MiniMed insulin pumps that could be exploited by hackers. The Department of Homeland Security (DHS) and Medtronic, and the Food and Drug Administration (FDA) have published a press release of a high-severity flaw affecting models of insulin pumps belonging to MiniMed 508 a

Communications 104

Communications Cybersecurity Authentication Access 104

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Schneier on Security

JULY 1, 2019

Wow, is this an embarrassing bug : Yubico is recalling a line of security keys used by the U.S. government due to a firmware flaw. The company issued a security advisory today that warned of an issue in YubiKey FIPS Series devices with firmware versions 4.4.2 and 4.4.4 that reduced the randomness of the cryptographic keys it generates. The security keys are used by thousands of federal employees on a daily basis, letting them securely log-on to their devices by issuing one-time passwords.

Security 93

Security Passwords Government Access 93

Data Breach Today

JULY 4, 2019

Vulnerabilities Found in APIs Controlling Croatia-Based Zipato's IoT Devices Findings from researchers who hacked Croatia-based vendor Zipato's smart hub controllers, which can manage networked locks, lights and security cameras, underscore the risks that can accompany home automation devices. "Smart home" vendor Zipato says it's fixed the flaws.

IoT 223

IoT Risk Security IT 223

Troy Hunt

JULY 1, 2019

Early last year, I announced that I was making HIBP data on government domains for the UK and Australia freely accessible to them via searches of their respective TLDs. The Spanish government followed a few months later with each getting unbridled access to search their own domains via an authenticated API. As I explained in that initial post, the rationale was to help the departments tasked with looking after the exposure of their digital assets by unifying search and monitoring capabilities so

Government 94

Government Data breaches Authentication Access 94

Security Affairs

JULY 4, 2019

Austin Thompson (23) from Utah, the hacker who carried out massive DDoS attacks on Sony, EA, and Steam gets a 27-months prison sentence. The hacker who brought offline with massive DDoS attacks online gaming networks between December 2013 and January 2014 has been sentenced to 27 months in prison. Austin Thompson (23) from Utah hit the principal gamins networks in 2013 and 2014, including Sony Online Entertainment. “Austin Thompson of Utah was sentenced in federal court today to 27 months

Computer and Electronics 105

Computer and Electronics Access Security IT 105

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Schneier on Security

JULY 2, 2019

Google has released an open-source cryptographic tool: Private Join and Compute. From a Wired article : Private Join and Compute uses a 1970s methodology known as "commutative encryption" to allow data in the data sets to be encrypted with multiple keys, without it mattering which order the keys are used in. This is helpful for multiparty computation, where you need to apply and later peel away multiple layers of encryption without affecting the computations performed on the encrypted data.

Encryption 93

Encryption IT 93

Data Breach Today

JULY 5, 2019

Poor Password Reset Process Proves Too Convenient, as 900 Customers Affected Hackers appear to have accessed a new mobile payment app for 7-Eleven customers in Japan, taking about $500,000 from 900 customers over several days. Poor passwords and authentication designs by the company are likely to blame, according to media reports.

Passwords 218

Passwords Authentication Access 218

Dark Reading

JULY 3, 2019

Russian-speaking group has sent thousands of emails containing new malware to individuals working at financial institutions in the US, United Arab Emirates, and Singapore.

92

92

Security Affairs

JUNE 29, 2019

Attunity data integration and big data management firm exposed a significant amount of sensitive data through unprotected Amazon S3 buckets. Data integration and big data management firm Attunity exposed a significant amount of sensitive data through unprotected Amazon S3 buckets. The company, owned by Qlik , provides solutions to over 2,000 enterprises and half of the Fortune 100 firms.

Big data 102

Big data Sales Passwords Marketing 102

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Schneier on Security

JULY 5, 2019

New research from Science : " Civic honesty around the globe ": Abstract: Civic honesty is essential to social capital and economic development, but is often in conflict with material self-interest. We examine the trade-off between honesty and self-interest using field experiments in 355 cities spanning 40 countries around the globe. We turned in over 17,000 lost wallets with varying amounts of money at public and private institutions, and measured whether recipients contacted the owner to retur

91

91

Data Breach Today

JULY 3, 2019

Proposed Settlement Requires D-Link to Bolster Security Program D-Link has reached a proposed settlement with the U.S. Federal Trade Commission, which alleged the IoT device developer left consumers vulnerable to hackers through inadequate security practices. The terms of the settlement may serve as a warning to IoT makers to get their security checks in order.

IoT 191

IoT Security 191

Dark Reading

JULY 2, 2019

As nation-states and rogue actors increasingly probe critical infrastructure, policy and technology experts worry that satellite and space systems are on the front lines.

Cybersecurity 91

Cybersecurity 91