Krebs on Security

DECEMBER 1, 2018

We don’t yet know the root cause(s) that forced Marriott this week to disclose a four-year-long breach involving the personal and financial information of 500 million guests of its Starwood hotel properties. But anytime we see such a colossal intrusion go undetected for so long, the ultimate cause is usually a failure to adopt the most important principle in cybersecurity defense that applies to both corporations and consumers: Assume you are compromised.

Security 275

Security Passwords Personal data Phishing 275

Schneier on Security

DECEMBER 4, 2018

There are lots of articles about there telling people how to better secure their computers and online accounts. While I agree with some of it, this article contains some particularly bad advice: 1. Never, ever, ever use public (unsecured) Wi-Fi such as the Wi-Fi in a café, hotel or airport. To remain anonymous and secure on the Internet, invest in a Virtual Private Network account, but remember, the bad guys are very smart, so by the time this column runs, they may have figured out a way to hack

Security 96

Security Passwords Authentication Risk 96

TAB OnRecord

DECEMBER 6, 2018

Although most organizations can agree that pilot projects in general have beneficial outcomes, your pilot project can run into numerous pitfalls if you do not get the basics quite right. Here are five tips to help you accurately execute the fundamentals so your project can start out on the right foot. Tip #1 – Choose [.] Read More. The post Five tips for getting the most out of your records digitization pilot appeared first on TAB Records Management Blog | TAB OnRecord.

Records Management 60

Records Management 60

Data Breach Today

DECEMBER 6, 2018

Material Gives Insight Into Company's Views on Data Security A batch of documents meant to be kept under court seal lay bare Facebook's strategic brokering of access to user data to reward partners and punish potential rivals. The material also demonstrates Facebook's views at the time on privacy and the risks of leaking data.

Privacy 249

Privacy Risk Access Security 249

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

Krebs on Security

DECEMBER 4, 2018

Software giant Citrix Systems recently forced a password reset for many users of its Sharefile content collaboration service, warning it would be doing this on a regular basis in response to password-guessing attacks that target people who re-use passwords across multiple Web sites. Many Sharefile users interpreted this as a breach at Citrix and/or Sharefile, but the company maintains that’s not the case.

Passwords 204

Passwords Authentication Risk Marketing 204

Schneier on Security

DECEMBER 6, 2018

In an excellent blog post , Brian Krebs makes clear something I have been saying for a while: Likewise for individuals, it pays to accept two unfortunate and harsh realities: Reality #1: Bad guys already have access to personal data points that you may believe should be secret but which nevertheless aren't, including your credit card information, Social Security number, mother's maiden name, date of birth, address, previous addresses, phone number, and yes ­ even your credit file.

Personal data 106

Personal data Access Security IT 106

Data Breach Today

DECEMBER 4, 2018

Patch Container-Orchestration System Now or Risk Serious Consequences A severe vulnerability in Kubernetes, the popular, open-source software for managing Linux applications deployed within containers, could allow an attacker to remotely steal data or crash production applications. Microsoft and Red Hat have issued guidance and patches, and recommend immediate updating.

Security 248

Security Risk 248

Krebs on Security

DECEMBER 3, 2018

The parent firm of bling retailers Jared and Kay Jewelers has fixed a bug in the Web sites of both companies that exposed the order information for all of their online customers. In mid-November 2018, KrebsOnSecurity heard from a Jared customer who found something curious after receiving a receipt via email for a pair of earrings he’d just purchased as a surprise gift for his girlfriend.

Retail 195

Retail Phishing Information Security IT 195

The Last Watchdog

DECEMBER 5, 2018

The healthcare industry has poured vast resources into cybersecurity since 2015, when a surge of major breaches began. While the nature of these breaches has evolved over the last four years, the growth in total healthcare incidents has unfortunately continued unabated. Related: How to get of HIPAA hit list. The recent disclosure from Atrium Health that more than 2.65 million patients had significant amounts of PII exposed by the healthcare provider’s third-party billing vendor, AccuDoc Solutio

Data breaches 118

Data breaches Insurance Risk Ransomware 118

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Security Affairs

DECEMBER 5, 2018

Adobe released security updates for Flash Player that address two vulnerabilities, including a critical flaw, tracked as CVE-2018-15982, exploited in targeted attacks. Adobe fixed two flaws including a critical use-after-free bug, tracked as CVE-2018-15982, exploited by an advanced persistent threat actor aimed at a healthcare organization associated with the Russian presidential administration.

Archiving 110

Archiving Security Access IT 110

Data Breach Today

DECEMBER 3, 2018

Legal Experts Suspect So, But Investigation Could Take a Year or More Will Marriott be the first organization that lost control of Europeans' personal data to feel the full force of the EU's General Protection Regulation? With GDPR in full effect since May, organizations with data security practices face the potential of massive fines.

GDPR 247

GDPR Personal data Security 247

Krebs on Security

DECEMBER 7, 2018

The ringleader of a gang of cyber hooligans that made bomb threats against hundreds of schools and launched distributed denial-of-service (DDoS) attacks against Web sites — including KrebsOnSecurity on multiple occasions — has been sentenced to three years in a U.K. prison, and faces the possibility of additional charges from U.S.-based law enforcement officials.

Communications 178

Communications IT Security 178

IT Governance

DECEMBER 6, 2018

A recent survey by Ping Identity shows that customers move away from brands that have suffered data breaches. Data breaches are now a common occurrence – big-name brands affected in 2018 include FIFA , British Airways , Vision Direct , Eurostar and Marriott. These are just a few of the household names that have suffered at the hands of criminal hackers this year and under ongoing investigation; any penalties have yet to be confirmed.

Data breaches 104

Data breaches GDPR Risk Information Security 104

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Security Affairs

DECEMBER 6, 2018

Takuya Yoshida from Toyota’s InfoTechnology Center and his colleague Tsuyoshi Toyama are members of a Toyota team that developed the new tool, called PASTA (Portable Automotive Security Testbed). PASTA is an open-source testing platform specifically designed for car hacking, it was developed to help experts to test cyber security features of modern vehicles.

Security 109

Security Paper Communications Cybersecurity 109

Data Breach Today

DECEMBER 3, 2018

Massive Breach Prompts Calls for New Data Security and Minimization Laws Marriott's mega-breach underscores the challenges companies face in securing systems that come from acquisitions as well as simply storing too much consumer data for too long, computer security experts say. Meanwhile, the hotel giant has yet to answer many pressing data breach questions.

Data breaches 217

Data breaches Security 217

AIIM

DECEMBER 4, 2018

No, you read that title right – seventy THOUSAND boxes of paper in the highly restrictive environment of legal services. That’s what Susan Gleason , Manager of Records and Information Governance at Shipman & Goodwin and her team were up against. The Connecticut-based law firm was in the position that many firms face - they had been using paper-intensive records management for years and looking to build up their Information Governance , retention schedules, and ultimately move away from paper

Paper 83

Paper Digital transformation Information governance Records Management 83

WIRED Threat Level

DECEMBER 4, 2018

Opinion: The VA needs to take preventative measures to protect vets—and more broadly, our democracy—from digital manipulation and fraud.

Security 111

Security 111

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Security Affairs

DECEMBER 3, 2018

Security experts at HackenProof are warning Open Elasticsearch instances expose over 82 million users in the United States. Experts from HackenProof discovered Open Elasticsearch instances that expose over 82 million users in the United States. Elasticsearch is a Java-based search engine based on the free and open-source information retrieval software library Lucene.

Data breaches 105

Data breaches Libraries Analytics Archiving 105

Data Breach Today

DECEMBER 7, 2018

Ransomware Attack Hits Cloud-Based EHR Firm, Affecting Data of Eye Clinic Yet another cyberattack against a cloud-based electronic health records vendor has been revealed. This one involved a ransomware attack that potentially exposed data on 16,000 patients of a California eye clinic. What can healthcare organizations do to minimize vendor risks?

Ransomware 213

Ransomware Cloud Risk 213

AIIM

DECEMBER 7, 2018

A new year gives us the chance to reflect on all we've accomplished and set our sights on new challenges to conquer. If you haven't embarked on your Digital Transformation journey, this is the perfect time to begin. I invite you to join us for a free webinar: Your 2019 Information Management Resolution. We’re offering it on two days so everyone can join!

Digital transformation 80

Digital transformation Customer Experience Compliance IT 80

eSecurity Planet

DECEMBER 4, 2018

500 million people are at risk because of a data breach at Marriott's Starwood hotel chain. What steps can your organization take to limit the risk of suffering the same fate?

Data breaches 96

Data breaches IT Security Risk 96

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Security Affairs

DECEMBER 1, 2018

The MITRE Corporation’s ATT&CK framework has been used to evaluate the efficiency of several enterprise security products designed by several vendors. In April, MITRE announced a new service based on its ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework to evaluate products based on their ability in detecting advanced persistent threats.

Security 105

Security Cybersecurity Communications Marketing 105

Data Breach Today

DECEMBER 3, 2018

Attorney Ronald Raether on Building a Cybersecurity Culture Tabletop exercises are a critical way to make sure an organization's incident response plan is effective and everyone knows their roles, says Ronald Raether of the law firm Troutman Sanders.

Cybersecurity 211

Cybersecurity 211

IT Governance

DECEMBER 6, 2018

Follow our advice to make sure your organisation is GDPR-compliant and avoids disciplinary action. After a relatively quiet few months, the EU GDPR (General Data Protection Regulation) is back in the news. Organisations have been waiting uneasily since the dramatics of the 25 May 2018 compliance deadline, wondering what the Regulation will look like in practice and whether its much-discussed fines will become a reality.

GDPR 87

GDPR Compliance Data breaches Privacy 87

Schneier on Security

DECEMBER 3, 2018

Earlier this year, the US Department of Justice made a series of legal arguments as to why Facebook should be forced to help the government wiretap Facebook Messenger. Those arguments are still sealed. The ACLU is suing to make them public.

Government 87

Government 87

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Security Affairs

DECEMBER 2, 2018

The TheHackerGiraffe used the Printer Exploitation Toolkit (PRET) to hijack +50k vulnerable printers to Promote PewDiePie YouTube Channel. An anonymous hacker hijacked over 50,000 internet-connected printers worldwide to print out messages promoting the subscription to the PewDiePie YouTube channel. Felix Arvid Ulf Kjellberg, aka PewDiePie , is a popular Swedish Youtuber, comedian, and video game commentator, formerly best known for his Let’s Play commentaries and now mostly known for h

Access 104

Access Security 104

Data Breach Today

DECEMBER 7, 2018

Convincing Face-Swapping Clips Easy to Create With Gaming Laptops and Free Tools The easy availability of tools for designing face-swapping deep-fake videos drove Symantec security researchers Vijay Thaware and Niranjan Agnihotri to design a tool for spotting deep fakes, which they described in a briefing at the Black Hat Europe 2018 conference in London.

Security 196

Security 196

OpenText Information Management

DECEMBER 6, 2018

In my previous blog, I looked at operational excellence in oil and gas. In its Oil and Gas Trends 2018-19, PwC suggests that companies should ‘double down’ on digitization to drive operational excellence, citing the use of drones to inspect offshore platforms as a key example. So, how can you make the most of drones within … The post Why drones are revolutionizing asset inspection in oil and gas appeared first on OpenText Blogs.

IT 84

IT Analytics 84