Sat.Jan 29, 2022 - Fri.Feb 04, 2022

article thumbnail

GUEST ESSAY: The case for shifting to ‘personal authentication’ as the future of identity

The Last Watchdog

I currently have over 450 accounts that use passwords combined with a variety of two-factor authentication methods. Related: How the Fido Alliance enables password-less authentication. I don’t know every password; indeed, each password is long, complex and unique. In effect, my passwords are now “keys” — and I must authenticate across many accounts, multiple times per day, on a variety of device platforms.

article thumbnail

Aggressive BlackCat Ransomware on the Rise

Dark Reading

The cybercriminals behind the malware claim to have compromised more than a dozen companies; they have aggressively outed victims and purportedly paid a significant share of ransoms back to affiliates.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How Phishers Are Slinking Their Links Into LinkedIn

Krebs on Security

If you received a link to LinkedIn.com via email, SMS or instant message, would you click it? Spammers, phishers and other ne’er-do-wells are hoping you will, because they’ve long taken advantage of a marketing feature on the business networking site which lets them create a LinkedIn.com link that bounces your browser to other websites, such as phishing pages that mimic top online brands (but chiefly Linkedin’s parent firm Microsoft ).

Phishing 309
article thumbnail

How to Implement ISO 9001: Step-by-Step Guide

IT Governance

ISO 9001 is the international standard that describes best practices for a QMS (quality management system). It contains seven principles that help organisations monitor and control their operations, while also benchmarking their performance and service. Adopting a QMS is no easy feat, requiring you to rethink the way your business operates and what your strategic goals are.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

The UK’s new International Data Transfer Agreement Released

Data Matters

On 28 January 2022, the UK Government Department for Digital, Culture, Media & Sport ( DCMS ) laid before the UK Parliament its International Data Transfer Agreement ( IDTA ) and International Data Transfer Addendum ( UK Addendum ) to the European Commission’s Standard Contractual Clauses ( EU SCCs ). If no objections are raised by the UK Parliament, the IDTA and the UK Addendum will come into force on 21 March 2022.

GDPR 120

More Trending

article thumbnail

Fake Investor John Bernard Sinks Norwegian Green Shipping Dreams

Krebs on Security

Several articles here have delved into the history of John Bernard , the pseudonym used by a fake billionaire technology investor who tricked dozens of startups into giving him tens of millions of dollars. Bernard’s latest victim — a Norwegian company hoping to build a fleet of environmentally friendly shipping vessels — is now embroiled in a lawsuit over a deal gone bad, in which Bernard falsely claimed to have secured $100 million from six other wealthy investors, including t

IT 242
article thumbnail

The Protection of Your Salesforce Account is Your Responsibility

Thales Cloud Protection & Licensing

The Protection of Your Salesforce Account is Your Responsibility. madhav. Tue, 02/01/2022 - 04:53. Back in March 2021, Salesforce made an announcement that has profound implications, although initially very few people paid attention to it. Starting from February 1, 2022, Salesforce will require all customers to enable multi-factor authentication (MFA) to access their accounts.

article thumbnail

California AG Issues CCPA Non-Compliance Notices to Businesses Operating Loyalty Programs

Hunton Privacy

On January 28, 2022, California Attorney General Rob Bonta published a statement regarding recent investigations conducted by the California Office of Attorney General (“AG”) with respect to businesses operating loyalty programs and their compliance with the California Consumer Privacy Act’s (“CCPA’s”) financial incentive requirements. As a result of the investigations, the AG’s Office sent non-compliance notices to major corporations across multiple sectors, including retail, food services, tra

article thumbnail

The EARN IT Act Is Back

Schneier on Security

Senators have reintroduced the EARN IT Act, requiring social media companies (among others) to administer a massive surveillance operation on their users: A group of lawmakers led by Sen. Richard Blumenthal (D-CT) and Sen. Lindsey Graham (R-SC) have re-introduced the EARN IT Act , an incredibly unpopular bill from 2020 that was dropped in the face of overwhelming opposition.

IT 122
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Europe invests in cloud computing, yet compliance is a barrier

OpenText Information Management

Many EU government agencies have invested substantially in cloud computing initiatives to boost the adoption of cloud solutions. The rising demand to personalize customer interactions with customer data has driven the demand for SaaS solutions, further enticing enterprises to move to the cloud. The Europe Cloud Computing Market? size exceeded USD 35 billion in 2020 … The post Europe invests in cloud computing, yet compliance is a barrier appeared first on OpenText Blogs.

article thumbnail

Thousands of Data Center Management Apps Exposed to Internet

eSecurity Planet

Tens of thousands of applications that are critical to the operations of data centers around the globe are exposed to the internet, with many secured with default factory passwords, posing a significant cyber risk to enterprises worldwide. Researchers with cybersecurity firm Cyble this week said that along with the public-facing data center infrastructure management (DCIM) software, they also found intelligent monitoring devices, thermal cooling management and power monitors for racks vulnerable

Passwords 106
article thumbnail

Belgian DPA Finds IAB Europe Transparency and Consent Framework in Violation of the GDPR

Hunton Privacy

On February 2, 2022, the Litigation Chamber of the Belgian Data Protection Authority (the “Belgian DPA”) imposed a €250,000 fine against the Interactive Advertising Bureau Europe (“IAB Europe”) for several alleged infringements of the EU General Data Protection Regulation (the “GDPR”), following an investigation into IAB Europe Transparency and Consent Framework (“TCF”).

GDPR 111
article thumbnail

Interview with the Head of the NSA’s Research Directorate

Schneier on Security

MIT Technology Review published an interview with Gil Herrera, the new head of the NSA’s Research Directorate. There’s a lot of talk about quantum computing, monitoring 5G networks, and the problems of big data: The math department, often in conjunction with the computer science department, helps tackle one of NSA’s most interesting problems: big data.

Big data 109
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Oil terminals in Europe’s biggest ports hit by a cyberattack

Security Affairs

A cyber attack hit the oil terminals of some of the biggest European ports impacting their operations. Some of the major oil terminals in Western Europe’s biggest ports have been targeted with a cyberattack. Threat actors have hit multiple oil facilities in Belgium’s ports, including Antwerp, which is the second biggest port in Europe after Rotterdam.

Security 104
article thumbnail

JNUC 2022 Call for sessions

Jamf

Ever thought about presenting at JNUC? We’d love to hear your tech success story at the 2022 conference in San Diego.

122
122
article thumbnail

Colorado AG Publishes Guidance on Data Security Practices and Announces Upcoming Rulemaking Under the Colorado Privacy Act

Hunton Privacy

On January 28, 2022, in celebration of Data Privacy Day, the Colorado Attorney General’s Office issued prepared remarks from Colorado Attorney General Phil Weiser and published guidance on data security best practices. In his remarks, Attorney General Weiser highlighted the importance of protecting data security and outlined his office’s plans for implementing the Colorado Privacy Act (“CPA”), which takes effect July 1, 2023.

Privacy 102
article thumbnail

Managing Detections is Not the Same as Stopping Breaches

Dark Reading

Enterprises interested in managed detection and response (MDR) services to monitor endpoints and workloads should make sure the providers have rock-solid expertise in detecting and responding to threats.

100
100
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

FBI confirms it obtained NSO’s Pegasus spyware

The Guardian Data Protection

Bureau says sophisticated hacking tool was never used in support of any investigation The FBI has confirmed that it obtained NSO Group’s powerful Pegasus spyware, suggesting that it bought access to the Israeli surveillance tool to “stay abreast of emerging technologies and tradecraft”. In a statement released to the Guardian, the bureau said it had procured a “limited licence” to access Pegasus for “product testing and evaluation only”, and suggested that its evaluation of the tool partly relat

IT 97
article thumbnail

macOS Security Basics series: The One About Macs (Not) Getting Malware

Jamf

Malware can infect your Mac. It’s not a question of if but rather when it will happen — but utilizing powerful endpoint protection software can mitigate much of this risk by shoring up macOS vulnerability and providing Mac malware removal. It may even alleviate the fallout from unknown threats by minimizing the severity of how they can exploit endpoints to compromise your privacy and data.

Privacy 98
article thumbnail

How to Prepare for an Evacuation

Record Nations

As wildfires, floods, and natural disasters continue to creep into the suburbs, having an evacuation plan is essential. It’s not often that we write about personal experiences. However, it’s one of these experiences that led to the writing of this article. On December 30th, 2021, the historic Marshall fire ripped through the Colorado suburbs of […].

97
article thumbnail

Want to Be an Ethical Hacker? Here's Where to Begin

Dark Reading

By utilizing these resources, beginner hackers can find their specific passions within the cybersecurity space and eventually make their own mark in the ethical hacking profession.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

UK: International data transfer agreement and addendum laid before Parliament

DLA Piper Privacy Matters

Following the ICO’s public consultation , launched in August last year, the final version of the international data transfer agreement ( IDTA ), as well as the international data transfer addendum to the European Commission’s standard contractual clauses for international data transfers ( Addendum ), has been laid before Parliament. The IDTA aims to address the UK’s regulatory position, following exit from the EU, in relation to the Schrems II decision of the CJEU and the need to refresh the (le

article thumbnail

Sugar Ransomware, a new RaaS in the threat landscape

Security Affairs

Cyber security team at retail giant Walmart dissected a new ransomware family dubbed Sugar, which implements a ransomware-as-a-service model. The cyber threat team at retail giant Walmart has analyzed a new ransomware family dubbed Sugar, which is offered through a ransomware-as-a-service (RaaS) model. Unlike other ransomware operations, Sugar ransomware appears to primarily focus on individual computers instead of entire enterprises.

article thumbnail

Key GDPR Compliance Issues to Watch in the Artificial Intelligence Space

Hunton Privacy

Organizations increasingly use artificial intelligence- (“AI”) driven solutions in their day-to-day business operations. Generally, these AI-driven solutions require the processing of significant amounts of personal data for the AI model’s own training, which often is not the purpose for which the personal data originally was collected. There is a clear tension between such further use of vast amounts of personal data and some of the key data protection principles outlined in EU privacy regulati

article thumbnail

The UK’s Competition and Markets Authority’s Music Streaming Market Study

Data Matters

1. What has the Competition and Markets Authority (CMA) announced? On January 27, The UK’s competition regulator, the CMA, has formally launched a market study into music streaming; see its Market Study Notice. The market study will look at whether competition in the music streaming value chain is working well for consumers. It will focus on three key areas: competition among music companies; competition among music streaming services; and the impact on competition of agreements between music c

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Finding Vulnerabilities in Open Source Projects

Schneier on Security

The Open Source Security Foundation announced $10 million in funding from a pool of tech and financial companies, including $5 million from Microsoft and Google, to find vulnerabilities in open source projects: The “Alpha” side will emphasize vulnerability testing by hand in the most popular open-source projects, developing close working relationships with a handful of the top 200 projects for testing each year. “Omega” will look more at the broader landscape of open sour

article thumbnail

Massive social engineering waves have impacted banks in several countries

Security Affairs

A massive social engineering campaign targeting banks has been delivered in the last two years in several countries. A massive social engineering campaign has been delivered in the last two years in several countries, including Portugal, Spain, Brazil, Mexico, Chile, the UK, and France. According to Segurança Informática publication , the malicious waves have impacted banking organizations with the goal of stealing the users’ secrets, accessing the home banking portals, and also controlling all

article thumbnail

NSO offered US mobile security firm ‘bags of cash’, whistleblower claims

The Guardian Data Protection

Israeli spyware firm denies doing business with Mobileum and co-founder ‘has no recollection of using the phrase’ A whistleblower has alleged that an executive at NSO Group offered a US-based mobile security company “bags of cash” in exchange for access to a global signalling network used to track individuals through their mobile phone, according to a complaint that was made to the US Department of Justice.