Krebs on Security

NOVEMBER 13, 2018

If you own a domain name that gets decent traffic and you fail to pay its annual renewal fee, chances are this mistake will be costly for you and for others. Lately, neglected domains have been getting scooped up by crooks who use them to set up fake e-commerce sites that steal credit card details from unwary shoppers. For nearly 10 years, Portland, Ore. resident Julie Randall posted pictures for her photography business at julierandallphotos-dot-com , and used an email address at that domain to

Sales 213

Sales Access Passwords Communications 213

Troy Hunt

NOVEMBER 14, 2018

Last week I wrote a couple of different pieces on passwords, firstly about why we're going to be stuck with them for a long time yet and then secondly, about how we all bear some responsibility for making good password choices. A few people took some of the points I made in those posts as being contentious, although on reflection I suspect it was more a case of lamenting that we shouldn't be in a position where we're still dependent on passwords and people needing to understand good password man

Passwords 104

Passwords Authentication Phishing Access 104

Schneier on Security

NOVEMBER 13, 2018

Due to ever-evolving technological advances, manufacturers are connecting consumer goods­ -- from toys to lightbulbs to major appliances­ -- to the internet at breakneck speeds. This is the Internet of Things, and it's a security nightmare. The Internet of Things fuses products with communications technology to make daily life more effortless. Think Amazon's Alexa, which not only answers questions and plays music but allows you to control your home's lights and thermostat.

IoT 88

IoT Security Manufacturing Marketing 88

Data Breach Today

NOVEMBER 15, 2018

Former Taxi Driver Receives Conditional Release From Prison in Romania The notorious Romanian hacker known as Guccifer, who revealed the existence of Hillary Clinton's private email server and admitted to hacking numerous email and social media accounts, has reportedly been extradited from Romania to begin serving his 52-month U.S. prison sentence.

251

251

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Krebs on Security

NOVEMBER 14, 2018

A California man who pleaded guilty Tuesday to causing dozens of swatting attacks — including a deadly incident in Kansas last year — now faces 20 or more years in prison. Tyler Raj Barriss, in an undated selfie. Tyler Barriss , 25, went by the nickname SWAuTistic on Twitter, and reveled in perpetrating “swatting” attacks. These dangerous hoaxes involve making false claims to emergency responders about phony hostage situations or bomb threats, with the intention of prompt

Communications 196

Communications IT 196

Weissman's World

NOVEMBER 15, 2018

Information capture has come a long way, baby! From stuffing paper through a scanner to taking pictures in the literal blink of an eye, it’s so much more than what we grew up with. Here, the illustrious Bob Larrivee and I talk about the “latest-and-greatest” in the world of capture, and the need to update […]. The post Speaking Of: (Not Your Father’s) Capture appeared first on Holly Group.

Information capture 120

Information capture Paper Information governance Government 120

Data Breach Today

NOVEMBER 13, 2018

Card-Scraping Code Has Infiltrated Over 100,000 E-Commerce Sites Over the past year, there's been a surge in so-called Magecart attacks, involving payment card data being stolen from e-commerce sites via injected attack code. Researchers say they are tracing at least six active Magecart groups, each with unique infrastructure, skimmers and targeting.

252

252

Krebs on Security

NOVEMBER 14, 2018

Microsoft on Tuesday released 16 software updates to fix more than 60 security holes in various flavors of Windows and other Microsoft products. Adobe also has security patches available for Flash Player , Acrobat and Reader users. As per usual, most of the critical flaws — those that can be exploited by malware or miscreants without any help from users — reside in Microsoft’s Web browsers Edge and Internet Explorer.

Encryption 181

Encryption Passwords Security IT 181

The Last Watchdog

NOVEMBER 13, 2018

Cyber criminals are deploying the very latest in automated weaponry, namely botnets, to financially plunder corporate networks. The attackers have a vast, pliable attack surface to bombard: essentially all of the externally-facing web apps, mobile apps and API services that organizations are increasingly embracing, in order to stay in step with digital transformation.

Security 104

Security Digital transformation B2C B2B 104

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

IT Governance

NOVEMBER 16, 2018

Comprehensive BCM (business continuity management) measures are essential for responding effectively to a disruption and providing a minimum acceptable service during a disaster. A crucial aspect of BCM is the development of an effective BCP (business continuity plan). What is a business continuity plan? A BCP consists of the processes and procedures an organisation needs in order to continue operating during a disaster and recover as quickly as possible.

Communications 118

Communications Risk Government Access 118

Data Breach Today

NOVEMBER 16, 2018

States Shouldn't Serve Up on a Platter Voters' Email Addresses and Phone Numbers Voting in the United States carries a huge privacy cost: states give away or sell voters' personal information to anyone who wants it. In this era of content micro-targeting, rampant misinformation and identity theft schemes, this trade in voters' personal data is both dangerous and irresponsible.

Privacy 233

Privacy Personal data IT 233

Security Affairs

NOVEMBER 13, 2018

Google services were partially inaccessible on Monday due to a BGP leak that caused traffic redirection through Russia, China, and Nigeria. A BGP leak caused unavailability of Google service on Monday, the traffic was redirected through Russia, China, and Nigeria. At the time it is not clear if the incident was the result of an error or a cyber attack on the BGP protocol.

Cloud 111

Cloud Analytics Paper Security 111

The Last Watchdog

NOVEMBER 12, 2018

A security-first mindset is beginning to seep into the ground floor of the IT departments of small and mid-sized companies across the land. Senior executives at these SMBs are finally acknowledging that a check-box approach to security isn’t enough, and that instilling a security mindset pervasively throughout their IT departments has become the ground stakes.

IT 103

IT Security Cybersecurity Privacy 103

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

IT Governance

NOVEMBER 14, 2018

Data controllers and data processors are an integral part of the GDPR. This article explains what those roles involve and helps you understand if you are a controller, processor or both. The terms ‘data controller’ and ‘data processor’ have been around for years, but it’s only since the EU GDPR (General Data Protection Regulation) took effect that they’ve been scrutinised.

GDPR 107

GDPR Retail Data collection Personal data 107

Data Breach Today

NOVEMBER 16, 2018

Altus Baytown Hospital Among Latest Healthcare Cyberattack Victims An attack on Altus Baytown Hospital in Texas is the latest ransomware incident reported to federal regulators as a health data breach. What other major ransomware incidents are impacting the healthcare sector?

Ransomware 231

Ransomware Data breaches 231

Security Affairs

NOVEMBER 10, 2018

Nginx developers released security updates to address several denial-of-service (DoS) vulnerabilities affecting the nginx web server. nginx is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP/UDP proxy server, it is used by 25.28% busiest sites in October 2018. Nginx development team released versions 1.15.6 and 1.14.1 to address two HTTP/2 implementation vulnerabilities that can cause a DoS condition in Nginx versions 1.9.5 through 1.15.5.

Security 110

Security IT 110

WIRED Threat Level

NOVEMBER 16, 2018

When we're being watched, we conform. We don't speak freely or try new things. But social progress happens in the gap between what’s legal and what’s moral.

Security 106

Security 106

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

IT Governance

NOVEMBER 16, 2018

Last month, cross-Channel rail service Eurostar discovered that it had suffered a hacking attempt between 15 and 19 October 2018. However, unlike other players in the travel industry that recently suffered breaches, such as BA and Cathay Pacific , Eurostar has emerged relatively unscathed. Once Eurostar realised it had suffered a data breach, it: Identified the timing and the scale of the breach; Blocked access; Emailed customers alerting them to the situation and advising them to reset password

Data breaches 106

Data breaches Passwords GDPR Access 106

Data Breach Today

NOVEMBER 16, 2018

Free Decryptor Combats 'Aggressive' Ransomware-as-a-Service Provider A new, free decryptor has been released for "aggressive" crypto-locking ransomware called GandCrab. Researchers say GandCrab has come to dominate the ransomware-as-a-service market, earning its development team an estimated $120,000 per month.

Ransomware 212

Ransomware Marketing IT 212

Security Affairs

NOVEMBER 10, 2018

North Korea-linked Lazarus Group has been using FastCash Trojan to compromise AIX servers to empty tens of millions of dollars from ATMs. Security experts from Symantec have discovered a malware, tracked as FastCash Trojan , that was used by the Lazarus APT Group , in a string of attacks against ATMs. The ATP group has been using this malware at least since 2016 to siphon millions of dollars from ATMs of small and midsize banks in Asia and Africa.

Ransomware 106

Ransomware Security IT 106

AIIM

NOVEMBER 14, 2018

Disruptive Technologies are changing existing landscapes. Technology has had a profound impact on the business world. Simply walk into any business, no matter the size, and you will see the prolific adoption of technology. Digital project boards, virtual teams scattered across the globe; are all indicators of business reliance on this “fourth industrial revolution.

Artificial Intelligence 80

Artificial Intelligence Agriculture IT IoT 80

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

IT Governance

NOVEMBER 12, 2018

In September, British Airways announced it had suffered a data breach that compromised the personal and financial data of more than 380,000 customers. However, the airline has since admitted that an extra 185,000 people may have been affected. Then and now. At the time of the attack, BA was by and large applauded for its swift and efficient response: the incident was reported to the ICO (Information Commissioner’s Office) within the 72-hour timeframe required under the EU’s GDPR (General Data Pr

Data breaches 102

Data breaches GDPR Personal data Communications 102

Data Breach Today

NOVEMBER 13, 2018

$21 Million Lost to Business Email Compromise Fraudsters French film production and distribution company Pathe fired the two senior managers overseeing its Dutch operations after they fell victim to a business email compromise scam and approved $21 million in transfers to fraudsters. Many organizations remain at high risk from such scams.

Risk 209

Risk IT 209

Data Matters

NOVEMBER 13, 2018

European Digital Rights (EDRi), a digital user rights non-for-profit organisation, on 25 October 2018, launched an online platform, ‘ GDPR Today ’. In its first edition of the GDPR Today , the EDRi published statistics collected from eight EU Member States (France, Germany, Ireland, Italy, Poland, Romania, Sweden and the United Kingdom). The statistics show that since the GDPR’s entry into force on 25 May 2018, data protection authorities (DPAs) have received thousands of complaints from EU indi

GDPR 89

GDPR Data breaches Privacy IT 89

Schneier on Security

NOVEMBER 15, 2018

A new study finds that credit card fraud has not declined since the introduction of chip cards in the US. The majority of stolen card information comes from hacked point-of-sale terminals. The reasons seem to be twofold. One, the US uses chip-and-signature instead of chip-and-PIN, obviating the most critical security benefit of the chip. And two, US merchants still accept magnetic stripe cards, meaning that thieves can steal credentials from a chip card and create a working cloned mag stripe car

Sales 99

Sales Security 99

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

Customer Experience

IT Governance

NOVEMBER 12, 2018

Under the GDPR (General Data Protection Regulation) an organisation must not keep data for longer than it is needed. Article 5(1)(e) of the GDPR states: “1. Personal data shall be: (e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or

GDPR 96

GDPR Personal data Paper Archiving 96

Data Breach Today

NOVEMBER 13, 2018

Data Routes Through Russia, Nigeria and China, Raising Security Concerns Google is investigating the unorthodox routing of traffic bound for its cloud services that instead traveled via internet service provides in Nigeria, Russia and China. Security experts say border gateway protocol is to blame, but that no easy fix is in sight.

Cloud 186

Cloud Security IT 186

Security Affairs

NOVEMBER 12, 2018

David Wells, a security expert from Tenable, devised a method to bypass Windows’ User Account Control (UAC) by spoofing the execution path of a file in a trusted directory. . A security researcher from Tenable has discovered that is possible to bypass Windows’ User Account Control (UAC) by spoofing the execution path of a file in a trusted directory.

Security 97

Security IT 97