IT Governance

SEPTEMBER 26, 2018

Two thirds of UK organisations are uninsured against the financial impact of a data breach, a survey has revealed. The Risk:Value 2018 Report by NTT Security discovered that only 29% of organisations have dedicated cyber insurance in place, despite 81% of senior executives touting insurance against data breaches as “vital”. According to the report, which examines business attitudes to risk and the value of information security, UK businesses would have to spend £1 million, on average, to rec

Data breaches 102

Data breaches Insurance Information Security Compliance 102

Data Breach Today

SEPTEMBER 25, 2018

Fraudsters Hijack Mobile Numbers to Crack Open Bank Accounts In Australia, it can take as few as 15 minutes to steal someone's phone number, a type of attack known as SIM hijacking. Such attacks are rising, but mobile operators have no plans to change the authentication required around number porting, which can be set in motion online with minimal personal information.

Authentication 260

Authentication IT 260

Thales Cloud Protection & Licensing

SEPTEMBER 25, 2018

My last blog about Vormetric Application Encryption covered new RESTful APIs and it revealed that those APIs provide quite a bit of granular control in the use of encryption keys. This enhances security by reducing the “attack surface” in an IT environment while maintaining IT efficiency with centralized access control policies. Combining RESTful flexibility with granular controls gives you the best of both worlds.

Encryption 73

Encryption Security Paper Access 73

Krebs on Security

SEPTEMBER 27, 2018

The U.S. Secret Service is warning financial institutions about a recent uptick in a form of ATM skimming that involves cutting cupcake-sized holes in a cash machine and then using a combination of magnets and medical devices to siphon customer account data directly from the card reader inside the ATM. According to a non-public alert distributed to banks this week and shared with KrebsOnSecurity by a financial industry source, the Secret Service has received multiple reports about a complex form

Communications 233

Communications Security IT 233

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

The Last Watchdog

SEPTEMBER 24, 2018

The recent hack of social media giant Reddit underscores the reality that all too many organizations — even high-visibility ones that ought to know better — are failing to adequately lock down their privileged accounts. Related: 6 best practices for cloud computing. An excerpt from Reddit’s mea culpa says it all: “On June 19, we learned that between June 14 and June 18, an attacker compromised a few of our employees’ accounts with our cloud and source code hosting providers.

Access 119

Access Authentication Retail Cloud 119

AIIM

SEPTEMBER 27, 2018

With a little more than 3 months left of 2018, many businesses are focusing on what goals they want to achieve in the New Year. While some have talked of digital transformation, there are still an alarming number of workplaces that have yet to fully embrace digitizing paper documents and processing digital documents. Make no mistake- if you want to achieve digital transformation and you've yet to take the leap into capturing documents, the time is now and we're here to help.

Digital transformation 106

Digital transformation Paper IT Information capture 106

Krebs on Security

SEPTEMBER 28, 2018

Facebook said today some 90 million of its users may get forcibly logged out of their accounts after the company fixed a rather glaring security vulnerability in its Web site that may have let attackers hijack user profiles. In a short blog post published this afternoon, Facebook said hackers have been exploiting a vulnerability in Facebook’s site code that impacted a feature called “View As,” which lets users see how their profile appears to other people. “This allowed t

Security 232

Security Passwords Access IT 232

IT Governance

SEPTEMBER 27, 2018

It’s time for the month’s list of breaches and cyber attacks, and it’s a big one. Almost 1 billion records were leaked this month – 925,633,824 to be exact. There were also a few more reported ransomware incidents than normal, some of which saw the victims paying the fine – something most security professionals advise against. The list tells me one thing: organisations need to get themselves ready for a data breach.

Data breaches 111

Data breaches Passwords Ransomware Phishing 111

Data Breach Today

SEPTEMBER 25, 2018

Organizations Need to Avoid Mishaps That Can Make Matters Worse Recent additions to the federal health data breach tally shine a light on the mistakes that contribute to breaches - and in some cases, make situations far worse.

Data breaches 234

Data breaches 234

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

AIIM

SEPTEMBER 28, 2018

While “technical debt” is a term that’s frequently used by technologists, the implication and understanding of it tends to be opaque to the business until it’s too late - just look at how Nokia lost the mobile market that it helped create. The business and finance side of Nokia had the usual tools for assessing financial risks - but why do we not have an equivalent tool for the operational or existential risks when the debts come from the more intangible investment in technology?

Marketing 91

Marketing Risk IT Digital transformation 91

Krebs on Security

SEPTEMBER 24, 2018

If you’re thinking of donating money to help victims of Hurricane Florence , please do your research on the charitable entity before giving: A slew of new domains apparently related to Hurricane Florence relief efforts are now accepting donations on behalf of victims without much accountability for how the money will be spent. For the past two weeks, KrebsOnSecurity has been monitoring dozens of new domain name registrations that include the terms “hurricane” and/or “flor

IT 208

IT 208

Troy Hunt

SEPTEMBER 26, 2018

I have a love-hate relationship with ad blockers. On the one hand, I despise the obnoxious ads that are forced down our throats at what seems like every turn. On the other hand, I appreciate the need for publishers to earn a living so that I can consume their hard-earned work for free. Somewhere in the middle is a responsible approach, for example the sponsorship banner you see at the top of this blog.

Analytics 109

Analytics Risk IT Security 109

Data Breach Today

SEPTEMBER 24, 2018

Massive Credit Bureau Stored Users' Plaintext Passwords in Testing Environment Massive, well-resourced companies are still using live customer data - including their plaintext passwords - in testing environments, violating not just good development practices but also privacy laws. That's yet another security failure takeaway from last year's massive Equifax breach.

Passwords 213

Passwords Privacy Security 213

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

IT Governance

SEPTEMBER 25, 2018

So, a colleague has just come to your desk and told you that your organisation’s systems have been breached. Now what? This is a situation that more and more organisations are having to deal with. According to our figures, there were at least 488 reported data breaches in 2017 , and we’re on pace for an even bigger year in 2018. Organisations need to understand that the threat is real and that they should prepare for the inevitable. 72 hours.

Data breaches 103

Data breaches GDPR Information Security Personal data 103

AIIM

SEPTEMBER 25, 2018

We are barreling toward a future of automation. A great proportion of the six million US manufacturing jobs that have disappeared over the last few decades were lost as a direct result of automation’s slow absorption of physical labor and factory work. Now the pace is quickening. Because of the rapid development of artificial intelligence, the reach of automation is expanding, too.

Artificial Intelligence 82

Artificial Intelligence Paper Manufacturing Marketing 82

Security Affairs

SEPTEMBER 28, 2018

Facebook hacked – Attackers exploited a vulnerability in the “View As” feature that allowed them to steal Facebook access tokens of 50 Million Users. Facebook hacked, this is news that is rapidly spreading across the Internet. A few hours ago, Facebook announced that an attack on its computer network exposed the personal information of roughly 50 million users.

Security 101

Security Access Data breaches IT 101

Data Breach Today

SEPTEMBER 28, 2018

Vulnerability in 'View As' Feature Exploited Facebook revealed Friday that it had discovered a breach that affected almost 50 million user accounts. Attackers exploited a vulnerability that enabled them to steal "access tokens," digital keys that keep users logged in so they don't need to re-enter their password.

Passwords 211

Passwords Access IT 211

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

WIRED Threat Level

SEPTEMBER 28, 2018

The social networking giant confirmed Friday that sites you use Facebook to login to could have been accessed as a result of its massive breach.

Security 111

Security Access IT 111

Hunton Privacy

SEPTEMBER 25, 2018

The Information Commissioner’s Office (“ICO”) in the UK has issued the first formal enforcement action under the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 (the “DPA”) on Canadian data analytics firm AggregateIQ Data Services Ltd. (“AIQ”). The enforcement action, in the form of an Enforcement Notice served under section 149 of the DPA, requires AIQ to “cease processing any personal data of UK or EU citizens obtained from UK political organizations or otherwi

GDPR 99

GDPR Personal data Analytics IT 99

Security Affairs

SEPTEMBER 26, 2018

The latest samples of the HNS bot were designed to target Android devices having the wireless debugging feature ADB enabled. The Hide and Seek (HNS) IoT botnet was first spotted early this year, since its discovery the authors continuously evolved its code. The IoT botnet appeared in the threat landscape in January, when it was first discovered on January 10th by malware researchers from Bitdefender, then it disappeared for a few days, and appeared again a few weeks later infecting in a few

IoT 96

IoT Mining Access Security 96

Data Breach Today

SEPTEMBER 28, 2018

Hacker Who Kept 'Hacky Hack Hack Methods' Folder on His Computer Gets Probation An Australian man who as a teenager managed to infiltrate Apple's networks and do it again after the company expelled him - aided by a folder on his laptop storing his "Hacky Hack Hack Methods" - has been sentenced to serve eight months of probation, according to news reports.

IT 188

IT 188

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Dark Reading

SEPTEMBER 28, 2018

A vulnerability in Facebook's "View As" feature let attackers steal security tokens linked to 50 million accounts, the company confirms.

Security 107

Security 107

Hunton Privacy

SEPTEMBER 25, 2018

On September 25, 2018, the French Data Protection Authority (the “CNIL”) published the first results of its factual assessment of the implementation of the EU General Data Protection Regulation (GDPR) in France and in Europe. When making this assessment, the CNIL first recalled the current status of the French legal framework, and provided key figures on the implementation of the GDPR from the perspective of privacy experts, private individuals and EU supervisory authorities.

GDPR 97

GDPR Compliance Data breaches Privacy 97

Security Affairs

SEPTEMBER 28, 2018

Google Project Zero disclosed details for a high severity Linux kernel a use-after-free vulnerability tracked as CVE-2018-1718. The vulnerability is a use-after-free tracked as CVE-2018-17182, it was discovered by Google Project Zero’s Jann Horn. The vulnerability was introduced in August 2014 with the release of version 3.16 of the Linux kernel. The issue could be exploited by an attacker trigger a DoS condition or to execute arbitrary code with root privileges on the vulnerable system.

Security 95

Security IT 95

Data Breach Today

SEPTEMBER 27, 2018

Cybersecurity Unit Would Be Part of a Center of Excellence for Digital Health The Food and Drug Administration plans to launch a new digital health "center of excellence" that includes a cybersecurity unit. The new unit would not only deal with cyber issues pertaining to new health technologies, but also challenges facing older medical devices.

IT 188

IT Cybersecurity 188

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

Customer Experience

WIRED Threat Level

SEPTEMBER 28, 2018

Up to 50 million Facebook users were affected—and possibly 40 million more—when hackers compromised the social network's systems.

Security 108

Security 108

TAB OnRecord

SEPTEMBER 27, 2018

In a two-part post we have been looking at strategies to improve the efficiency of your physical records storage. In part one we assessed your organization’s current and future needs. In part two we will examine your organization’s existing resources, and discuss the factors to consider when determining what to spend on any physical storage [.

Records Management 79

Records Management 79

Security Affairs

SEPTEMBER 27, 2018

Security experts from ESET have spotted the first UEFI rootkit of ever, the code tracked as LoJax was used in attacks in the wild. Security researchers from ESET have discovered a new piece of a sophisticated malware used by the Russia-linked Sednit group (aka Fancy Bear , APT28 , Pawn Storm , Sofacy Group , and STRONTIUM ) in targeted attacks aimed at government entities in the Balkans as well as in Central and Eastern Europe.

Military 92

Military Manufacturing Government Security 92