Schneier on Security

JUNE 17, 2020

Zoom is doing the right thing : it's making end-to-end encryption available to all users, paid and unpaid. (This is a change; I wrote about the initial decision here.).we have identified a path forward that balances the legitimate right of all users to privacy and the safety of users on our platform. This will enable us to offer E2EE as an advanced add-on feature for all of our users around the globe -- free and paid -- while maintaining the ability to prevent and fight abuse on our platform.

Encryption 112

Encryption Authentication Privacy Risk 112

Dark Reading

JUNE 18, 2020

The coronavirus pandemic has forced changes for much of the business world, cybersecurity included. What can we expect going forward?

Cybersecurity 131

Cybersecurity 131

Daymark

JUNE 15, 2020

Conditional Access in Azure AD provides a level of security required to maintain appropriate controls over who can access confidential and privileged information. It was the topic of discussion at our most recent “ Ask the Engineer Q&A Roundtable ” where attendees learned tips for a successful Conditional Access deployment and got answers to their specific questions.

Access 95

Access Security IT 95

Krebs on Security

JUNE 17, 2020

“We must care as much about securing our systems as we care about running them if we are to make the necessary revolutionary change.” -CIA’s Wikileaks Task Force. So ends a key section of a report the U.S. Central Intelligence Agency produced in the wake of a mammoth data breach in 2016 that led to Wikileaks publishing thousands of classified documents stolen from the agency’s offensive cyber operations division.

Security 289

Security Data breaches Security awareness Authentication 289

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

Krebs on Security

JUNE 18, 2020

An information technology specialist at the Federal Emergency Management Agency (FEMA) was arrested this week on suspicion of hacking into the human resource databases of University of Pittsburgh Medical Center (UPMC) in 2014, stealing personal data on more than 65,000 UPMC employees, and selling the data on the dark web. On June 16, authorities in Michigan arrested 29-year-old Justin Sean Johnson in connection with a 43-count indictment on charges of conspiracy, wire fraud and aggravated identi

IT 326

IT Archiving Personal data Access 326

WIRED Threat Level

JUNE 15, 2020

3somes, Gay Daddy Bear, and Herpes Dating are among the nine services that leaked the data of hundreds of thousands of users.

Security 137

Security 137

Data Breach Today

JUNE 15, 2020

Personal Details on 727,000 Accounts in 14 Countries Leaked Delivery Hero, the online food delivery service, has confirmed a data breach of its Foodora brand. Breached information includes personal details for 727,000 accounts - names, addresses, phone numbers, precise location data and hashed passwords - in 14 countries.

Data breaches 358

Data breaches Passwords IT 358

Krebs on Security

JUNE 19, 2020

Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. But people who don’t take advantage of these added safeguards may find it far more difficult to regain access when their account gets hacked, because increasingly thieves will enable multi-factor options and tie the account to a device they control.

IT 362

IT Authentication Passwords Access 362

The Last Watchdog

JUNE 17, 2020

Application Programming Interfaces – APIs. Without them digital transformation would never have gotten off the ground. Related: Defending botnet-driven business logic hacks APIs made possible the astounding cloud, mobile and IoT services we have today. This happened, at a fundamental level, by freeing up software developers to innovate on the fly. APIs have exploded in enterprise use over the past several years.

Digital transformation 148

Digital transformation Risk Financial Services Military 148

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

The Guardian Data Protection

JUNE 15, 2020

Smittestopp had limited effect because of the small number of users, says data agency Coronavirus – latest updates See all our coronavirus coverage Norway’s health authorities said they suspended an app designed to help trace the spread of coronavirus after the country’s data protection agency said it was too invasive of privacy. Launched in April, the smartphone app Smittestopp (“infection stop”) was set up to collect movement data to help authorities trace the spread of Covid-19, and inform us

Privacy 142

Privacy IT 142

Data Breach Today

JUNE 13, 2020

Suspected Russia-Linked Hackers Have Previously Focused on Ukraine The Gamaredon hacking group is now using a new set of malicious tools to compromise Microsoft Outlook as a way of sending spear-phishing emails to victims' contact lists, according to security firm ESET. This hacking group, which appears to have ties to Russia, has primarily targeted Ukraine for years.

Phishing 321

Phishing Security 321

Krebs on Security

JUNE 13, 2020

For the past year, a site called Privnotes.com has been impersonating Privnote.com , a legitimate, free service that offers private, encrypted messages which self-destruct automatically after they are read. Until recently, I couldn’t quite work out what Privnotes was up to, but today it became crystal clear: Any messages containing bitcoin addresses will be automatically altered to include a different bitcoin address, as long as the Internet addresses of the sender and receiver of the mess

Phishing 195

Phishing Encryption Passwords IT 195

IT Governance

JUNE 19, 2020

Cyber criminals have many tricks up their sleeves when it comes to compromising sensitive data. They don’t always rely on system vulnerabilities and sophisticated hacks. They’re just as likely to target the an organisation’s employees. The attack methods they use to do this are known as social engineering. What is social engineering? Social engineering is a collective term for ways in which fraudsters manipulate people into performing certain actions.

IT 139

IT Phishing Sales Security 139

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

John Battelle's Searchblog

JUNE 17, 2020

It’s getting complicated out there. Marketers – especially brand marketers: Too many of you have lost the script regarding the critical role you play in society. And while well-intentioned TV spots about “getting through this together” are nice, they aren’t a structural solution. It’s time to rethink the relationship between marketers, media companies (not “content creators,” ick), and the audience.

Marketing 137

Marketing IT Risk Security 137

Data Breach Today

JUNE 15, 2020

Magecart Gangs Targeting Larger Organizations During Lockdown, Researcher Warns Jewelry retailer Claire's says Magecart attackers hits its e-commerce store, hosted on Salesforce Commerce Cloud, and stole an unspecified number of customers' payment card details. Security firm Sansec, which discovered the breach, says Magecart attacks have grown more targeted during lockdown.

Retail 308

Retail Cloud Security IT 308

AIIM

JUNE 16, 2020

Even though I’ve been an AIIM staff for more than 9 years, I continue to pay for my professional membership out of my own pocket. So it’s pretty obvious that I see the value of an AIIM membership, but you’re here to figure out if it’s worth it for YOU. My goal with this article is to give you a transparent look at both the pros and cons of an AIIM membership.

IT 110

IT Mining Content services GDPR 110

Security Affairs

JUNE 18, 2020

79 Netgear router models are vulnerable to a severe unpatched security vulnerability that can be exploited by remote attackers to take over devices. Security experts Adam Nichols from GRIMM and d4rkn3ss from the Vietnamese internet service provider VNPT have independently reported a severe unpatched security vulnerability that affects 79 Netgear router models.

Security 142

Security Communications IT Information Security 142

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

erwin

JUNE 19, 2020

Despite the similarities in name, there are a number of key differences between an enterprise architecture and solutions architecture. Much like the differences between enterprise architecture (EA) and data architecture, EA’s holistic view of the enterprise will often see enterprise and solution architects collaborate. And as with data architecture , a solution architect’s focus is narrower.

Digital transformation 130

Digital transformation Government Cloud IT 130

Data Breach Today

JUNE 19, 2020

Researchers Find Extensions Could Steal Credentials and Security Tokens Google has removed more than 70 malicious Chrome extensions after researchers with security firm Awake Security discovered the extensions could be used to steal users' credentials and security tokens.

Security 306

Security 306

The Guardian Data Protection

JUNE 17, 2020

Investigation finds cases being closed when complainants refuse ‘digital strip search’ Rape investigations are being systematically dropped after victims refuse to hand over their mobile phones for analysis, an investigation has found. Freedom of information requests reveal that about one in five complainants decline to submit to what has been termed a “digital strip search”.

Privacy 125

Privacy 125

Security Affairs

JUNE 16, 2020

Wireless carrier T-Mobile suffered a major outage in the United States, that impacted service at other carriers, due to a “massive” DDoS attack. Wireless carrier T-Mobile suffered a massive DDoS attack that caused a major outage in the United States that impacted service at other carriers due to a “massive” DDoS attack. This DDoS attack is serious. It has taken down Instagram, Facebook, T-Mobile, Verizon, and Twitch… 2020 is something else. pic.twitter.com/ztU59XMWu3 — Jordan Daley (

Communications 140

Communications Marketing Security Access 140

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Data Protection Report

JUNE 17, 2020

Just when we thought our summers might have been looking a bit dull, it was announced that the Court of Justice of the European Union ( CJEU ) will be making its final ruling in Case C-311/18, Data Protection Commissioner v Facebook Ireland & Schrems on 16 July 2020. This judgement concerns the legality of the European Commission approved Standard Contractual Clauses ( SCCs ) which many organisations rely on to transfer personal data outside of the UK and the European Economic Area ( EEA ),

Personal data 118

Personal data Communications Access GDPR 118

Data Breach Today

JUNE 19, 2020

Creating Cloud-Hosted Attack Infrastructures a Common Practice, Academic Researchers Find Many ethical hackers and other security professionals, such as penetration testers, have weaponized cloud platforms to host online attack infrastructure or have used the platforms to conduct reconnaissance, according security researchers at Texas Tech University.

Cloud 298

Cloud Security 298

IT Governance

JUNE 17, 2020

Avon has been forced to shut down its UK website in the wake of a cyber attack on 8 June. The organisation has revealed few details about the hack other than the fact that it “interrupted some systems and partially affected operations”. Avon’s Argentinian, Brazilian, Polish and Romanian websites have also been affected. The incident was identified after Avon distributors said they were having trouble accessing the organisation’s back end, where they file new product orders.

Ransomware 109

Ransomware Paper Phishing Risk 109

Security Affairs

JUNE 19, 2020

A flaw in Cisco Webex Meetings client for Windows could allow local authenticated attackers to gain access to sensitive information. A vulnerability in Cisco Webex Meetings client for Windows, tracked as CVE-2020-3347 , could be exploited by local authenticated attackers to gain access to sensitive information. “A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system.” r

Authentication 125

Authentication Access Security IT 125

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Dark Reading

JUNE 17, 2020

The hacker group recently took credit for two high-profile incidents -- but its actions aren't quite the same as they once were, some say.

IT 120

IT 120

Data Breach Today

JUNE 19, 2020

DHS Warns of Security Issues in Devices from Baxter, BD and Biotronik Federal authorities are sounding the alarm about cybersecurity vulnerabilities in six medical devices from three manufacturers. The device makers are providing risk mitigation advice.

Manufacturing 290

Manufacturing Cybersecurity Risk Security 290

Threatpost

JUNE 16, 2020

An internal investigation into the 2016 CIA breach condemned the agency's security measures, saying it “focused more on building up cyber tools than keeping them secure.".

Security 106

Security IT Government 106