Quantifying the value of risk management and compliance
TAB OnRecord
JULY 1, 2019
Threatpost
JULY 3, 2019
Amazon's acknowledgment that it saves Alexa voice recordings - even sometimes after consumers manually delete their interaction history - has thrust voice assistant privacy policies into the spotlight once again.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
WIRED Threat Level
JULY 5, 2019
Ransomware attacks, supply chain hacks, escalating tensions with Iran—the first six months of 2019 have been anything but boring.
Data Breach Today
JULY 3, 2019
Researchers Say Attackers Could Have Ties to Iranian-Backed APT Group The U.S. Cyber Command has issued a warning that attackers are attempting to exploit an older vulnerability in Microsoft Outlook to plant remote access Trojans or other types of malware within government networks. Some researchers say the exploits could be tied to an Iranian-backed threat group.
Advertisement
Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.
The Last Watchdog
JULY 1, 2019
As the presidential debate season ramps up, the specter of nation-state sponsored hackers wreaking havoc, once more, with U.S. elections, looms all too large. It’s easy to get discouraged by developments such as Sen. McConnell recently blocking a bi-partisan bill to fund better election security , as well as the disclosure that his wife, Transportation Security Elaine Chao, has accepted money from voting machine lobbyists.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Thales Cloud Protection & Licensing
JULY 3, 2019
I recently had the pleasure of sharing some industry insights from our 2019 Data Threat Report-Federal Edition on Cyberwire’s Daily Podcast –specifically addressing the gap in security responsibility many federal agencies face today as they move tremendous amounts of sensitive data into multicloud environments. We also discussed a new digital landscape where perimeter defense is no longer effective.
Data Breach Today
JULY 2, 2019
Infected City Fires IT Manager; New Victims in Florida, Georgia More U.S. cities and other governmental units reportedly have been hit by ransomware in an unrelenting wave that has proved profitable for hackers. Here's a roundup of the latest incidents.
National Archives Records Express
JULY 1, 2019
Late last week, the Office of Management and Budget (OMB) and NARA jointly issued a new memorandum with guidance on managing Federal records. The new memo, titled Transition To Electronic Records (OMB/NARA M-19-21) is available at [link]. NARA is pleased to have the Administration’s continuing support for modernizing Federal agency recordkeeping and bringing about the necessary transformation to a fully electronic government.
Security Affairs
JUNE 30, 2019
Explorer, Mozilla Firefox, Google Chrome, and Opera, no matter which web browser you use, here’s what you need to know to protect them against attacks. There are a number of web browsers available for surfing sites and accessing the content. The most popular and widely used are Internet Explorer, Mozilla Firefox, Google Chrome, and Opera. No matter which browser you use there are certain security leaks in each one of them.
Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage
Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.
Schneier on Security
JULY 4, 2019
Pretty horrible story of a US journalist who had his computer and phone searched at the border when returning to the US from Mexico. After I gave him the password to my iPhone, Moncivias spent three hours reviewing hundreds of photos and videos and emails and calls and texts, including encrypted messages on WhatsApp, Signal, and Telegram. It was the digital equivalent of tossing someone's house: opening cabinets, pulling out drawers, and overturning furniture in hopes of finding something -- any
Data Breach Today
JULY 1, 2019
Cloud-Based Databases Belonged to IT Firm Attunity Several unsecured Amazon S3 buckets belonging to IT services firm Attunity left at least 1TB of data, including files from companies such as Netflix, TD Bank and Ford, exposed to the internet, UpGuard researchers disclosed. Although the databases have been secured, an investigation is continuing.
IT Governance
JULY 4, 2019
The threat of r ansomware isn ’ t going away – in fact, it’s worse than ever, with 28 reported attacks in the past three months. . That’s not a surprise, given how often victims pay fraudsters to free their infrastructure from the crippling malware. Experts urge organisations not to negotiate with criminal hackers , yet many – like t he governments of Riviera Beach, Flo rida , and nearby Lake City – feel compelled to meet their demands. .
Security Affairs
JULY 5, 2019
Eurofins Scientific, the UK’s biggest provider of forensic services, has paid a ransom to demand to recover its data after a ransomware attack. Eurofins Scientific, the UK’s largest police forensics lab contractor, announced to have paid a ransom to crooks to recover its data after a ransomware had been encrypted them. The company is based in Brussels and manages more than 800 laboratories all over the world.
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
Schneier on Security
JULY 5, 2019
My Applied Cryptography is on a list of books banned in Oregon prisons. It's not me -- and it's not cryptography -- it's that the prisons ban books that teach people to code. The subtitle is "Algorithms, Protocols, and Source Code in C" -- and that's the reason. My more recent Cryptography Engineering is a much better book for prisoners, anyway.
Data Breach Today
JULY 2, 2019
Campaign Targeted Those Interested in Libyan Politics Malicious actors are increasingly using social media platforms to spread malware to unsuspecting victims. In the latest incident, Facebook removed more than 30 pages from its platform after security analysts with Check Point Research found that a hacker had loaded them with malware.
DLA Piper Privacy Matters
JULY 1, 2019
On July 9th, Europe’s highest court – the Court of Justice of the European Union (CJEU) – is set to hear a case concerning the validity of two key data transfer mechanisms: Standard Contractual Clauses (SCCs) and Privacy Shield – mechanisms widely used by businesses within the European Economic Area (EEA) to legitimise the transfer of personal data to countries outside the EEA.
Security Affairs
JUNE 30, 2019
Medtronic and the US government have warned that some Medtronic MiniMed insulin pumps are vulnerable to cyber attacks. Medtronic and the United States government have warned of a security vulnerability affecting some Medtronic MiniMed insulin pumps that could be exploited by hackers. The Department of Homeland Security (DHS) and Medtronic, and the Food and Drug Administration (FDA) have published a press release of a high-severity flaw affecting models of insulin pumps belonging to MiniMed 508 a
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
Schneier on Security
JULY 1, 2019
Wow, is this an embarrassing bug : Yubico is recalling a line of security keys used by the U.S. government due to a firmware flaw. The company issued a security advisory today that warned of an issue in YubiKey FIPS Series devices with firmware versions 4.4.2 and 4.4.4 that reduced the randomness of the cryptographic keys it generates. The security keys are used by thousands of federal employees on a daily basis, letting them securely log-on to their devices by issuing one-time passwords.
Data Breach Today
JULY 4, 2019
Vulnerabilities Found in APIs Controlling Croatia-Based Zipato's IoT Devices Findings from researchers who hacked Croatia-based vendor Zipato's smart hub controllers, which can manage networked locks, lights and security cameras, underscore the risks that can accompany home automation devices. "Smart home" vendor Zipato says it's fixed the flaws.
Troy Hunt
JULY 1, 2019
Early last year, I announced that I was making HIBP data on government domains for the UK and Australia freely accessible to them via searches of their respective TLDs. The Spanish government followed a few months later with each getting unbridled access to search their own domains via an authenticated API. As I explained in that initial post, the rationale was to help the departments tasked with looking after the exposure of their digital assets by unifying search and monitoring capabilities so
Security Affairs
JULY 4, 2019
Austin Thompson (23) from Utah, the hacker who carried out massive DDoS attacks on Sony, EA, and Steam gets a 27-months prison sentence. The hacker who brought offline with massive DDoS attacks online gaming networks between December 2013 and January 2014 has been sentenced to 27 months in prison. Austin Thompson (23) from Utah hit the principal gamins networks in 2013 and 2014, including Sony Online Entertainment. “Austin Thompson of Utah was sentenced in federal court today to 27 months
Advertisement
Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.
Schneier on Security
JULY 2, 2019
Google has released an open-source cryptographic tool: Private Join and Compute. From a Wired article : Private Join and Compute uses a 1970s methodology known as "commutative encryption" to allow data in the data sets to be encrypted with multiple keys, without it mattering which order the keys are used in. This is helpful for multiparty computation, where you need to apply and later peel away multiple layers of encryption without affecting the computations performed on the encrypted data.
Data Breach Today
JULY 5, 2019
Poor Password Reset Process Proves Too Convenient, as 900 Customers Affected Hackers appear to have accessed a new mobile payment app for 7-Eleven customers in Japan, taking about $500,000 from 900 customers over several days. Poor passwords and authentication designs by the company are likely to blame, according to media reports.
Dark Reading
JULY 3, 2019
Russian-speaking group has sent thousands of emails containing new malware to individuals working at financial institutions in the US, United Arab Emirates, and Singapore.
Security Affairs
JUNE 29, 2019
Attunity data integration and big data management firm exposed a significant amount of sensitive data through unprotected Amazon S3 buckets. Data integration and big data management firm Attunity exposed a significant amount of sensitive data through unprotected Amazon S3 buckets. The company, owned by Qlik , provides solutions to over 2,000 enterprises and half of the Fortune 100 firms.
Advertisement
“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.
Schneier on Security
JULY 5, 2019
New research from Science : " Civic honesty around the globe ": Abstract: Civic honesty is essential to social capital and economic development, but is often in conflict with material self-interest. We examine the trade-off between honesty and self-interest using field experiments in 355 cities spanning 40 countries around the globe. We turned in over 17,000 lost wallets with varying amounts of money at public and private institutions, and measured whether recipients contacted the owner to retur
Data Breach Today
JULY 3, 2019
Proposed Settlement Requires D-Link to Bolster Security Program D-Link has reached a proposed settlement with the U.S. Federal Trade Commission, which alleged the IoT device developer left consumers vulnerable to hackers through inadequate security practices. The terms of the settlement may serve as a warning to IoT makers to get their security checks in order.
Dark Reading
JULY 2, 2019
As nation-states and rogue actors increasingly probe critical infrastructure, policy and technology experts worry that satellite and space systems are on the front lines.
Let's personalize your content