Krebs on Security

SEPTEMBER 21, 2018

It is now free in every U.S. state to freeze and unfreeze your credit file and that of your dependents, a process that blocks identity thieves and others from looking at private details in your consumer credit history. If you’ve been holding out because you’re not particularly worried about ID theft, here’s another reason to reconsider: The credit bureaus profit from selling copies of your file to others, so freezing your file also lets you deny these dinosaurs a valuable reven

Security 278

Security Insurance Military Government 278

Thales Cloud Protection & Licensing

FEBRUARY 9, 2018

With organizations around the world now deploying ever-increasing amounts of encryption solutions in an effort to ward off cybercrime, businesses are facing a combination of challenges. Whether it’s varying protection levels, differing operational techniques and policies, or juggling multiple keys, managing more than one encryption system can quickly turn into a complex web that demands time, expertise and money to manage effectively.

Security 192

Security Encryption Cybersecurity IT 192

Schneier on Security

JANUARY 19, 2018

Interesting research: " Long-term market implications of data breaches, not ," by Russell Lange and Eric W. Burger. Abstract : This report assesses the impact disclosure of data breaches has on the total returns and volatility of the affected companies' stock, with a focus on the results relative to the performance of the firms' peer industries, as represented through selected indices rather than the market as a whole.

Security 120

Security Data breaches Financial Services Marketing 120

Krebs on Security

NOVEMBER 26, 2018

Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice. New research indicates that half of all phishing scams are now hosted on Web sites whose Internet address includes the padlock and begins with “[link].

Phishing 276

Phishing Security Encryption IT 276

Speaker: Dr. Greg Loughnane and Chris Alexiuk

Technology professionals developing generative AI applications are finding that there are big leaps from POCs and MVPs to production-ready applications. They're often developing using prompting, Retrieval Augmented Generation (RAG), and fine-tuning (up to and including Reinforcement Learning with Human Feedback (RLHF)), typically in that order. However, during development – and even more so once deployed to production – best practices for operating and improving generative AI applications are le

Data science

Data Breach Today

JANUARY 16, 2018

We are amidst a new "machine identity crisis," says Jeff Hudson, CEO of Venafi. And unless we tackle this growing challenge of how to secure machine-to-machine communication, then enterprise IT and security departments are likely to be overwhelmed.

Security 222

Security Communications IT 222

OpenText Information Management

FEBRUARY 16, 2018

This article was first published in Legaltech News. “Cooperation should not result in one party exerting extensive control over another’s discovery process or the application of a heightened discovery standard.” – Anna Mercado Clark, partner at Phillips Lytle LLP Civil litigation doesn’t have to be uncivil, or so the idea goes. In the spirit of … The post Transparency in eDiscovery?

IT 131

IT 131

Information Management Resources

JANUARY 17, 2018

Recent studies suggest only one-in-four organizations are well-prepared for the data management mandate, a statistic that could have costly consequences.

GDPR 126

GDPR Data Privacy Compliance Privacy 126

IT Governance

NOVEMBER 16, 2018

Comprehensive BCM (business continuity management) measures are essential for responding effectively to a disruption and providing a minimum acceptable service during a disaster. A crucial aspect of BCM is the development of an effective BCP (business continuity plan). What is a business continuity plan? A BCP consists of the processes and procedures an organisation needs in order to continue operating during a disaster and recover as quickly as possible.

Risk 115

Risk Communications Security Government 115

Security Affairs

DECEMBER 23, 2018

Cisco Adaptive Security Appliance (ASA) Software is affected by a vulnerability that could be exploited by an attacker to retrieve files or replace software images on a device. . A privilege escalation vulnerability tracked as CVE-2018-15465 affects the Cisco Adaptive Security Appliance (ASA) software. The flaw could be exploited by an unauthenticated, remote attacker to perform privileged operations using the web management interface.

Authentication 111

Authentication IT Security Access 111

Speaker: Keith Kmett, Principal CX Advisor at Medallia

Join Keith Kmett, Principal CX Advisor, in this new webinar that will focus on: Understanding CX Orchestration Fundamentals: Gain a solid understanding of what CX orchestration is, its significance in the customer experience landscape, and how it plays a crucial role in shaping customer journeys. This includes the key concepts, strategies, and best practices involved in CX orchestration. 🔑 Connection to Customer Journey Maps: How to effectively integrate customer journey mapping into the

Customer Experience

Troy Hunt

DECEMBER 30, 2018

Patience. Frugality. Sacrifice. When you boil it down, what do those three things have in common? Those are choices. Money is not peace of mind. Money’s not happiness. Money is, at its essence, that measure of a man’s choices. This is part of the opening monologue of the Ozark series and when I first heard it, I immediately stopped the show and dropped it into this blog post.

Insurance 111

Insurance Education Risk Marketing 111

WIRED Threat Level

MAY 15, 2018

Special Counsel Robert Mueller’s job is to make sense of how Russia hacked the 2016 election. But to make sense of Mueller, you have to revisit some of the bloodiest battles of Vietnam.

Security 112

Security 112

Thales Cloud Protection & Licensing

JANUARY 31, 2018

Data breaches are the new normal. According to our 2018 Global Data Threat Report , 67% of enterprises have been breached, with that percentage rate growing every year. Regardless of the security measures and efforts put in place, organizations need to act as if a successful cyberattack is not a question of “if” but “when.”. As organizations continue to embrace digital transformation, greater amounts of sensitive data is created, stored and transferred in digital form putting more data at risk.

Digital transformation 130

Digital transformation Security Data breaches Encryption 130

Schneier on Security

FEBRUARY 26, 2018

If you're going to commit an illegal act, it's best not to discuss it in e-mail. It's also best to Google tech instructions rather than asking someone else to do it: One new detail from the indictment, however, points to just how unsophisticated Manafort seems to have been. Here's the relevant passage from the indictment. I've bolded the most important bits: Manafort and Gates made numerous false and fraudulent representations to secure the loans.

Paper 131

Paper Security IT Privacy 131

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Cybersecurity

Krebs on Security

NOVEMBER 7, 2018

A year ago, KrebsOnSecurity warned that “Informed Delivery,” a new offering from the U.S. Postal Service (USPS) that lets residents view scanned images of all incoming mail, was likely to be abused by identity thieves and other fraudsters unless the USPS beefed up security around the program and made it easier for people to opt out. This week, the U.S.

Authentication 278

Authentication Security Communications IT 278

Lenny Zeltser

MAY 7, 2018

This cheat sheet offers guidelines for IT professionals seeking to improve technical writing skills. To print it, use the one-page PDF version; you can also customize the Word version of the document. General Recommendations. Determine your write-up’s objectives and audience. Keep the write-up as short and simple as possible to achieve the objectives.

IT 111

IT Security 111

The Guardian Data Protection

JULY 10, 2018

Firm fined £500k for lack of transparency and failing to protect users’ information Facebook is to be fined £500,000, the maximum amount possible, for its part in the Cambridge Analytica scandal , the information commissioner has announced. The fine is for two breaches of the Data Protection Act. The Information Commissioner’s Office (ICO) concluded that Facebook failed to safeguard its users’ information and that it failed to be transparent about how that data was harvested by others.

Data breaches 111

Data breaches Analytics IT Privacy 111

Bill Schmarzo - Dell EMC

MARCH 29, 2018

The year was 1994 and I had the fortunate opportunity to stumble upon a company – Cygnus Support – that was “selling free software.” I remember telling my mom that I was Vice President of Sales & Marketing of a company that was selling free software. After a very long pause, she replied, “Is your resume up to date?”. Cygnus Support sold support contracts and custom consulting projects for GNU development tools (gcc, g++, gdb) to companies looking to accelerate their time-to-market in the emb

Digital transformation 111

Digital transformation Big data Analytics IoT 111

Advertisement

There’s a good reason why Apache Cassandra® is quickly becoming the NoSQL database of choice for organizations of all stripes. In this white paper, discover the key use cases that make Cassandra® such a compelling open source software – and learn the important pitfalls to avoid. From understanding its distributed architecture to unlocking its incredible power for industries like healthcare, finance, retail and more, experience how Cassandra® can transform your entire data operations.

Retail

John Battelle's Searchblog

JULY 30, 2018

I first moved to the Bay area in 1983. I graduated from high school, spent my summer as an exchange student/day laborer in England (long story), then began studies at Berkeley, where I had a Navy scholarship (another long story). 1983. 35 years ago. 1983 was one year before the introduction of the Macintosh (my first job was covering Apple and the Mac).

IT 110

IT 110

IT Governance

NOVEMBER 27, 2018

Last month I thought I’d try something new, so I focused on three stories rather than putting together a long list of breaches. It wasn’t a very popular approach. So the list is back. I count this month’s total of known leaked records to be 251,286,753. No particular stories stand out this month, but one thing I did notice is that there weren’t as many healthcare breaches as there normally are.

Data breaches 111

Data breaches Ransomware Phishing GDPR 111

Security Affairs

NOVEMBER 13, 2018

Google services were partially inaccessible on Monday due to a BGP leak that caused traffic redirection through Russia, China, and Nigeria. A BGP leak caused unavailability of Google service on Monday, the traffic was redirected through Russia, China, and Nigeria. At the time it is not clear if the incident was the result of an error or a cyber attack on the BGP protocol.

Security 111

Security Cloud Paper Analytics 111

Troy Hunt

FEBRUARY 21, 2018

Last August, I launched a little feature within Have I Been Pwned (HIBP) I called Pwned Passwords. This was a list of 320 million passwords from a range of different data breaches which organisations could use to better protect their own systems. How? NIST explains : When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised.

Passwords 111

Passwords Data breaches Security Privacy 111

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

WIRED Threat Level

FEBRUARY 5, 2018

We speak about the “Mueller probe” as a single entity, but it’s important to understand that there are no fewer than five separate investigations under the broad umbrella of the special counsel’s office.

Security 112

Security 112

Information Management Resources

JANUARY 22, 2018

Many have begun to consider whether the technology could be used to improve customer data management processes, as they relate to the upcoming EU mandate.

GDPR 111

GDPR Blockchain Compliance Data Privacy 111

Schneier on Security

JANUARY 23, 2018

This is a clever attack. After gaining control of the coin-mining software, the malware replaces the wallet address the computer owner uses to collect newly minted currency with an address controlled by the attacker. From then on, the attacker receives all coins generated, and owners are none the wiser unless they take time to manually inspect their software configuration.

Mining 111

Mining IT 111

Krebs on Security

OCTOBER 1, 2018

Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. Think you’re too smart to fall for one? Think again: Even technology experts are getting taken in by some of the more recent schemes (or very nearly).

Phishing 279

Phishing Security Cybersecurity Access 279

Advertiser: ZoomInfo

Marketing technology is essential for B2B marketers to stay competitive in a rapidly changing digital landscape — and with 53% of marketers experiencing legacy technology issues and limitations, they’re researching innovations to expand and refine their technology stacks. To help practitioners keep up with the rapidly evolving martech landscape, this special report will discuss: How practitioners are integrating technologies and systems to encourage information-sharing between departments and pr

B2B

National Archives Records Express

OCTOBER 26, 2018

Many of our readers may have seen recent items in the news media, social medi a or on listservs that make it seem like the Department of the Interior is making an unusual request to destroy Federal Records. We have been busily responding to inquiries about this schedu le from individuals and the press for a few days. Those of you who work in records management understand the records scheduling process, but to others, this process can seem mysterious.

Archiving 109

Archiving Military Records Management Government 109

The Guardian Data Protection

MAY 21, 2018

Many firms have the required consent already; others don’t have consent to send a request The vast majority of emails flooding inboxes across Europe from companies asking for consent to keep recipients on their mailing list are unnecessary and some may be illegal, privacy experts have said, as new rules over data privacy come into force at the end of this week.

GDPR 112

GDPR Data Privacy Privacy Communications 112

Bill Schmarzo - Dell EMC

MARCH 19, 2018

The “hot hand,” a metaphor applied frequently to the game of basketball, is the idea that a basketball shooter, after making several consecutive shots, will experience a higher than normal success rate on his or her ensuing shots. I discussed the “hot hand” concept, and its flaw, at a TDWI (The Data Warehouse Institute) conference many years ago. Figure 1: “The Hot Hand in Basketball” by Thomas Gilovich, Robert Vallone and Amos Tversky.

Analytics 111

Analytics Data science Big data Risk 111