WIRED Threat Level

FEBRUARY 16, 2021

It's is a bigger threat than ever. Here are some ways you can defend yourself.

Phishing 111

Phishing IT Security 111

Data Breach Today

FEBRUARY 15, 2021

States Would Join 3 Others That Have Already Enacted Laws Five states are making progress this year toward passing privacy legislation along the lines of California's Consumer Privacy Act, according to the International Association of Privacy Professionals. Here's a status report.

Privacy 314

Privacy 314

OpenText Information Management

FEBRUARY 17, 2021

Business and litigation go hand in hand in the 21st century. From litigation support personnel to the lawyers themselves, organizations face a common challenge: how to streamline processes and procedures to simplify and thoroughly respond to on-going litigation requests.

Data collection 70

Data collection Security 70

Krebs on Security

FEBRUARY 15, 2021

As a total sucker for anything skimming-related, I was interested to hear from a reader working security for a retail chain in the United States who recently found Bluetooth-enabled skimming devices placed over top of payment card terminals at several stores. Interestingly, these skimmers interfered with the terminal’s ability to read chip-based cards, forcing customers to swipe the stripe instead.

Retail 301

Retail Risk IT Security 301

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

AIIM

FEBRUARY 18, 2021

What is the value of Records and Information Management? To help answer that, take a quick mental inventory of all the technologies your organization utilizes that interact in some way with organizational information. Think about technology like email, personal computers, the web, smart phones, social media, etc. Think about all of the information captured, stored, and created using those technologies.

Records Management 254

Records Management e-Discovery Compliance Digital transformation 254

The Last Watchdog

FEBRUARY 15, 2021

Cybersecurity training has steadily gained traction in corporate settings over the past decade, and rightfully so. In response to continuing waves of data breaches and network disruptions, companies have made a concerted effort and poured substantial resources into promoting data security awareness among employees, suppliers and clients. Safeguarding data in workplace settings gets plenty of attention.

Education 178

Education Cybersecurity Security awareness Data breaches 178

Krebs on Security

FEBRUARY 19, 2021

The leader of Mexico’s Green Party has been removed from office following allegations that he received money from a Romanian ATM skimmer gang that stole hundreds of millions of dollars from tourists visiting Mexico’s top tourist destinations over the past five years. The scandal is the latest fallout stemming from a three-part investigation into the organized crime group by KrebsOnSecurity in 2015.

Communications 283

Communications Marketing IT Security 283

AIIM

FEBRUARY 16, 2021

The workplace in 2021 will demand a different set of skills. Now more than ever, organizations need to embrace disruption as a springboard for competitive advantage and adopt new ways of working that invigorate organizational performance. The needed capabilities include the ability to leverage remote work as an advantage, increase information agility, and drive business growth despite these challenging times.

Cloud 156

Cloud 156

Data Breach Today

FEBRUARY 16, 2021

Flaw Was Present in Microsoft Defender Since 2009, SentinelOne Finds Microsoft has patched a 12-year-old vulnerability in Microsoft Defender that, if exploited, could enable nonadministrative users to escalate privilege in the application. The patch was made after security firm SentinelOne recently notified Microsoft about the flaw.

Security 345

Security 345

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

The Guardian Data Protection

FEBRUARY 14, 2021

Tribunal ruling noted Brexit campaign and insurance company owned by its key backer had a ‘two-faced approach to regulation’ The Leave.EU campaign and the insurance company owned by the political group’s key financial backer, Arron Banks, have lost an appeal against £105,000 of fines for data protection violations in the wake of the EU referendum campaign.

Data breaches 144

Data breaches Insurance IT 144

Schneier on Security

FEBRUARY 13, 2021

Bloomberg News has a major story about the Chinese hacking computer motherboards made by Supermicro, Levono, and others. It’s been going on since at least 2008. The US government has known about it for almost as long, and has tried to keep the attack secret: China’s exploitation of products made by Supermicro, as the U.S. company is known, has been under federal scrutiny for much of the past decade, according to 14 former law enforcement and intelligence officials familiar with the m

Cybersecurity 143

Cybersecurity Manufacturing Government Communications 143

Security Affairs

FEBRUARY 18, 2021

PaloAlto Network warns of the WatchDog botnet that uses exploits to take over Windows and Linux servers and mine cryptocurrency. Security researchers at Palo Alto Networks uncovered a cryptojacking botnet, tracked as WatchDog, that is targeting Windows and Linux systems. WatchDog is one of the largest and longest-lasting Monero cryptojacking operations uncovered by security experts, its name comes from the name of a Linux daemon called watchdogd.

Mining 139

Mining Cloud Access Security 139

Data Breach Today

FEBRUARY 15, 2021

Supply Chain Attack Likely Continues, He Tells '60 Minutes' More than 1,000 developers likely worked on rewriting code for the massive SolarWinds supply chain attack that affected many companies and U.S. government agencies, Microsoft President Brad Smith said in a Sunday interview, pointing out the attack is most likely continuing.

Government 312

Government 312

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Troy Hunt

FEBRUARY 16, 2021

As I progressively make my house smarter and smarter , I find I keep butting against the intersection of where smart stuff meets dump stuff. Take light globes, for example, the simplest circuit you can imagine. Pass a current through it, light goes on. Kill the current, light goes off. We worked that out back in the 19th century and everything was fine. until now.

IoT 139

IoT IT 139

Schneier on Security

FEBRUARY 15, 2021

Vice is reporting on a new police hack: playing copyrighted music when being filmed by citizens, trying to provoke social media sites into taking the videos down and maybe even banning the filmers: In a separate part of the video, which Devermont says was filmed later that same afternoon, Devermont approaches [BHPD Sgt. Billy] Fair outside. The interaction plays out almost exactly like it did in the department — when Devermont starts asking questions, Fair turns on the music.

Archiving 139

Archiving IT 139

Security Affairs

FEBRUARY 14, 2021

The FBI is warning companies about the use of out-of-date Windows 7 systems, desktop sharing software TeamViewer, and weak account passwords. The FBI issues this week a Private Industry Notification (PIN) alert to warn companies about the risks of using out-of-date Windows 7 systems, poor account passwords, and desktop sharing software TeamViewer. The alert comes after the recent attacks on the Oldsmar water treatment plant’s network where attackers tried to raise levels of sodium hydroxid

Passwords 137

Passwords Systems administration Risk Access 137

Data Breach Today

FEBRUARY 13, 2021

Breach Occurred After System Admin Granted Unauthorized Access Russian-Dutch multinational eCommerce company Yandex sustained a data breach in which 4,887 customer accounts were compromised after an unidentified employee with systems admin privileges gave unauthorized access to attackers.

Data breaches 299

Data breaches Access 299

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Data Matters

FEBRUARY 18, 2021

On February 17, 2021 the European Medicines Agency ( EMA ) published an updated version of its good clinical practice questions and answers ( GCP Q&A ). The updated section relates to access to patient medical records by GCP inspectors from European Economic Area ( EEA ) Member States. It stresses the importance of sponsors conducting studies in countries outside the EEA obtaining the prior explicit consent of a clinical trial participant for the review of their medical records by EEA GCP

GDPR 121

GDPR Personal data Access Data collection 121

Schneier on Security

FEBRUARY 17, 2021

Interesting research on persistent web tracking using favicons. (For those who don’t know, favicons are those tiny icons that appear in browser tabs next to the page name.). Abstract: The privacy threats of online tracking have garnered considerable attention in recent years from researchers and practitioners alike. This has resulted in users becoming more privacy-cautious and browser vendors gradually adopting countermeasures to mitigate certain forms of cookie-based and cookie-less track

Paper 137

Paper Privacy IT 137

Security Affairs

FEBRUARY 15, 2021

Microsoft says it found 1,000-plus developers’ fingerprints on the SolarWinds attack. Microsoft’s analysis of the SolarWinds supply chain attack revealed that the code used by the threat actors was the work of a thousand developers. Microsoft president Brad Smith provided further details about the investigation of the SolarWinds supply chain attack, the company’s analysis of the malicious code involved in the hack suggests it was the work of a thousand developers.

Authentication 131

Authentication Government Phishing IT 131

Data Breach Today

FEBRUARY 16, 2021

Unpatched, Open-Source Versions of Centreon IT Monitoring Tool Hacked, CERT-FR Says French cybersecurity authorities are warning that widely used, open-source IT monitoring software called Centreon appears to have been hit by Russian hackers. But unlike the SolarWinds supply chain attack, in this campaign, attackers appear to have hacked outdated, unpatched versions of the software.

Cybersecurity 288

Cybersecurity IT 288

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Data Protection Report

FEBRUARY 15, 2021

It has been some months since we wrote about the ePrivacy Regulation and some years since the first draft was proposed. Since then, we have seen numerous delays in achieving an agreed form of legislation, caused in part by strong views on how privacy and confidentiality shape the development of electronic communications services and passionate industry lobbying by both the AdTech industry and privacy organisations.

Metadata 125

Metadata GDPR Privacy Marketing 125

WIRED Threat Level

FEBRUARY 14, 2021

The lucrative business of dealing in code vulnerabilities is central to espionage and war planning, which is why brokers never spoke about it—until now.

Marketing 131

Marketing IT Security 131

Security Affairs

FEBRUARY 16, 2021

Researchers from threat intelligence Cyble have discovered threat actors abusing the Ngrok platform in a fresh phishing campaign. Researchers at the threat intelligence firm Cyble discovered a new wave of phishing attacks targeting multiple organizations that are abusing the ngrok platform, a secure and introspectable tunnel to the localhost. ngrok is a cross-platform application used to expose a local development server to the Internet, the server appears to be hosted on a subdomain of ngrok (e

Phishing 126

Phishing Access Authentication Passwords 126

Data Breach Today

FEBRUARY 17, 2021

Federal Prosecutors Say Hackers Work for Military Intelligence Unit Three North Koreans have been indicted for allegedly taking part in a criminal conspiracy to steal or extort $1.3 billion in cryptocurrency and cash from banks and other organizations around the world, the U.S. Justice Department announced Wednesday.

Military 290

Military 290

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Schneier on Security

FEBRUARY 15, 2021

At the virtual Engima Conference , Google’s Project Zero’s Maggie Stone gave a talk about zero-day exploits in the wild. In it, she talked about how often vendors fix vulnerabilities only to have the attackers tweak their exploits to work again. From a MIT Technology Review article : Soon after they were spotted, the researchers saw one exploit being used in the wild.

Security 120

Security IT 120

Threatpost

FEBRUARY 18, 2021

A malicious adware-distributing application specifically targets Apple's new M1 SoC, used in its newest-generation MacBook Air, MacBook Pro and Mac mini devices.

IT 118

IT Security 118

Security Affairs

FEBRUARY 15, 2021

French agency ANSSI attributes a series of attacks targeting Centreon servers to the Russia-linked Sandworm APT group. The French security agency ANSSI is warming of a series of attacks targeting Centreon monitoring software used by multiple French organizations and attributes them to the Russia-linked Sandworm APT group. The first attack spotted by ANSSI experts dates back to the end of 2017 and the campaign continued until 2020.

Ransomware 120

Ransomware Security IT Information Security 120