2018

article thumbnail

Credit Freezes are Free: Let the Ice Age Begin

Krebs on Security

It is now free in every U.S. state to freeze and unfreeze your credit file and that of your dependents, a process that blocks identity thieves and others from looking at private details in your consumer credit history. If you’ve been holding out because you’re not particularly worried about ID theft, here’s another reason to reconsider: The credit bureaus profit from selling copies of your file to others, so freezing your file also lets you deny these dinosaurs a valuable reven

Security 278
article thumbnail

Strong, streamlined and secure: How to get the most out of centralized key management

Thales Cloud Protection & Licensing

With organizations around the world now deploying ever-increasing amounts of encryption solutions in an effort to ward off cybercrime, businesses are facing a combination of challenges. Whether it’s varying protection levels, differing operational techniques and policies, or juggling multiple keys, managing more than one encryption system can quickly turn into a complex web that demands time, expertise and money to manage effectively.

Security 192
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Security Breaches Don't Affect Stock Price

Schneier on Security

Interesting research: " Long-term market implications of data breaches, not ," by Russell Lange and Eric W. Burger. Abstract : This report assesses the impact disclosure of data breaches has on the total returns and volatility of the affected companies' stock, with a focus on the results relative to the performance of the firms' peer industries, as represented through selected indices rather than the market as a whole.

Security 120
article thumbnail

Half of all Phishing Sites Now Have the Padlock

Krebs on Security

Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice. New research indicates that half of all phishing scams are now hosted on Web sites whose Internet address includes the padlock and begins with “[link].

Phishing 276
article thumbnail

LLMs in Production: Tooling, Process, and Team Structure

Speaker: Dr. Greg Loughnane and Chris Alexiuk

Technology professionals developing generative AI applications are finding that there are big leaps from POCs and MVPs to production-ready applications. They're often developing using prompting, Retrieval Augmented Generation (RAG), and fine-tuning (up to and including Reinforcement Learning with Human Feedback (RLHF)), typically in that order. However, during development – and even more so once deployed to production – best practices for operating and improving generative AI applications are le

article thumbnail

The Machine Identity Crisis

Data Breach Today

We are amidst a new "machine identity crisis," says Jeff Hudson, CEO of Venafi. And unless we tackle this growing challenge of how to secure machine-to-machine communication, then enterprise IT and security departments are likely to be overwhelmed.

Security 222

More Trending

article thumbnail

Transparency in eDiscovery? Save it for your clients

OpenText Information Management

This article was first published in Legaltech News. “Cooperation should not result in one party exerting extensive control over another’s discovery process or the application of a heightened discovery standard.” – Anna Mercado Clark, partner at Phillips Lytle LLP Civil litigation doesn’t have to be uncivil, or so the idea goes. In the spirit of … The post Transparency in eDiscovery?

IT 131
article thumbnail

GDPR will be a harsh wake-up call for most U.S. companies

Information Management Resources

Recent studies suggest only one-in-four organizations are well-prepared for the data management mandate, a statistic that could have costly consequences.

GDPR 126
article thumbnail

How to create a business continuity plan – with free template

IT Governance

Comprehensive BCM (business continuity management) measures are essential for responding effectively to a disruption and providing a minimum acceptable service during a disaster. A crucial aspect of BCM is the development of an effective BCP (business continuity plan). What is a business continuity plan? A BCP consists of the processes and procedures an organisation needs in order to continue operating during a disaster and recover as quickly as possible.

Risk 115
article thumbnail

Cisco ASA is affacted by a privilege escalation flaw. Patch it now!

Security Affairs

Cisco Adaptive Security Appliance (ASA) Software is affected by a vulnerability that could be exploited by an attacker to retrieve files or replace software images on a device. . A privilege escalation vulnerability tracked as CVE-2018-15465 affects the Cisco Adaptive Security Appliance (ASA) software. The flaw could be exploited by an unauthenticated, remote attacker to perform privileged operations using the web management interface.

article thumbnail

Your Expert Guide to CX Orchestration & Enhancing Customer Journeys

Speaker: Keith Kmett, Principal CX Advisor at Medallia

Join Keith Kmett, Principal CX Advisor, in this new webinar that will focus on: Understanding CX Orchestration Fundamentals: Gain a solid understanding of what CX orchestration is, its significance in the customer experience landscape, and how it plays a crucial role in shaping customer journeys. This includes the key concepts, strategies, and best practices involved in CX orchestration. 🔑 Connection to Customer Journey Maps: How to effectively integrate customer journey mapping into the

article thumbnail

10 Personal Finance Lessons for Technology Professionals

Troy Hunt

Patience. Frugality. Sacrifice. When you boil it down, what do those three things have in common? Those are choices. Money is not peace of mind. Money’s not happiness. Money is, at its essence, that measure of a man’s choices. This is part of the opening monologue of the Ozark series and when I first heard it, I immediately stopped the show and dropped it into this blog post.

Insurance 111
article thumbnail

The Untold Story of Robert Mueller's Time in the Vietnam War

WIRED Threat Level

Special Counsel Robert Mueller’s job is to make sense of how Russia hacked the 2016 election. But to make sense of Mueller, you have to revisit some of the bloodiest battles of Vietnam.

Security 112
article thumbnail

Securing Data in the Digital Transformation Era

Thales Cloud Protection & Licensing

Data breaches are the new normal. According to our 2018 Global Data Threat Report , 67% of enterprises have been breached, with that percentage rate growing every year. Regardless of the security measures and efforts put in place, organizations need to act as if a successful cyberattack is not a question of “if” but “when.”. As organizations continue to embrace digital transformation, greater amounts of sensitive data is created, stored and transferred in digital form putting more data at risk.

article thumbnail

E-Mail Leaves an Evidence Trail

Schneier on Security

If you're going to commit an illegal act, it's best not to discuss it in e-mail. It's also best to Google tech instructions rather than asking someone else to do it: One new detail from the indictment, however, points to just how unsophisticated Manafort seems to have been. Here's the relevant passage from the indictment. I've bolded the most important bits: Manafort and Gates made numerous false and fraudulent representations to secure the loans.

Paper 131
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

U.S. Secret Service Warns ID Thieves are Abusing USPS’s Mail Scanning Service

Krebs on Security

A year ago, KrebsOnSecurity warned that “Informed Delivery,” a new offering from the U.S. Postal Service (USPS) that lets residents view scanned images of all incoming mail, was likely to be abused by identity thieves and other fraudsters unless the USPS beefed up security around the program and made it easier for people to opt out. This week, the U.S.

article thumbnail

Technical Writing Tips for IT Professionals

Lenny Zeltser

This cheat sheet offers guidelines for IT professionals seeking to improve technical writing skills. To print it, use the one-page PDF version; you can also customize the Word version of the document. General Recommendations. Determine your write-up’s objectives and audience. Keep the write-up as short and simple as possible to achieve the objectives.

IT 111
article thumbnail

Facebook fined for data breaches in Cambridge Analytica scandal

The Guardian Data Protection

Firm fined £500k for lack of transparency and failing to protect users’ information Facebook is to be fined £500,000, the maximum amount possible, for its part in the Cambridge Analytica scandal , the information commissioner has announced. The fine is for two breaches of the Data Protection Act. The Information Commissioner’s Office (ICO) concluded that Facebook failed to safeguard its users’ information and that it failed to be transparent about how that data was harvested by others.

article thumbnail

A Digital Transformation Lesson: Open Source Business Models

Bill Schmarzo - Dell EMC

The year was 1994 and I had the fortunate opportunity to stumble upon a company – Cygnus Support – that was “selling free software.” I remember telling my mom that I was Vice President of Sales & Marketing of a company that was selling free software. After a very long pause, she replied, “Is your resume up to date?”. Cygnus Support sold support contracts and custom consulting projects for GNU development tools (gcc, g++, gdb) to companies looking to accelerate their time-to-market in the emb

article thumbnail

Use Cases for Apache Cassandra®

There’s a good reason why Apache Cassandra® is quickly becoming the NoSQL database of choice for organizations of all stripes. In this white paper, discover the key use cases that make Cassandra® such a compelling open source software – and learn the important pitfalls to avoid. From understanding its distributed architecture to unlocking its incredible power for industries like healthcare, finance, retail and more, experience how Cassandra® can transform your entire data operations.

article thumbnail

On Leaving the Bay Area

John Battelle's Searchblog

I first moved to the Bay area in 1983. I graduated from high school, spent my summer as an exchange student/day laborer in England (long story), then began studies at Berkeley, where I had a Navy scholarship (another long story). 1983. 35 years ago. 1983 was one year before the introduction of the Macintosh (my first job was covering Apple and the Mac).

IT 110
article thumbnail

List of data breaches and cyber attacks in November 2018 – 251,286,753 records leaked

IT Governance

Last month I thought I’d try something new, so I focused on three stories rather than putting together a long list of breaches. It wasn’t a very popular approach. So the list is back. I count this month’s total of known leaked records to be 251,286,753. No particular stories stand out this month, but one thing I did notice is that there weren’t as many healthcare breaches as there normally are.

article thumbnail

Google Services down due to BGP leak, traffic hijacked through Russia, China, and Nigeria

Security Affairs

Google services were partially inaccessible on Monday due to a BGP leak that caused traffic redirection through Russia, China, and Nigeria. A BGP leak caused unavailability of Google service on Monday, the traffic was redirected through Russia, China, and Nigeria. At the time it is not clear if the incident was the result of an error or a cyber attack on the BGP protocol.

Security 111
article thumbnail

I've Just Launched "Pwned Passwords" V2 With Half a Billion Passwords for Download

Troy Hunt

Last August, I launched a little feature within Have I Been Pwned (HIBP) I called Pwned Passwords. This was a list of 320 million passwords from a range of different data breaches which organisations could use to better protect their own systems. How? NIST explains : When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised.

Passwords 111
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Bob Mueller’s Investigation Is Larger—and Further Along—Than You Think

WIRED Threat Level

We speak about the “Mueller probe” as a single entity, but it’s important to understand that there are no fewer than five separate investigations under the broad umbrella of the special counsel’s office.

Security 112
article thumbnail

The role of blockchain in helping organizations meet GDPR compliance

Information Management Resources

Many have begun to consider whether the technology could be used to improve customer data management processes, as they relate to the upcoming EU mandate.

GDPR 111
article thumbnail

New Malware Hijacks Cryptocurrency Mining

Schneier on Security

This is a clever attack. After gaining control of the coin-mining software, the malware replaces the wallet address the computer owner uses to collect newly minted currency with an address controlled by the attacker. From then on, the attacker receives all coins generated, and owners are none the wiser unless they take time to manually inspect their software configuration.

Mining 111
article thumbnail

Voice Phishing Scams Are Getting More Clever

Krebs on Security

Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. Think you’re too smart to fall for one? Think again: Even technology experts are getting taken in by some of the more recent schemes (or very nearly).

Phishing 279
article thumbnail

How to Stay Competitive in the Evolving State of Martech

Marketing technology is essential for B2B marketers to stay competitive in a rapidly changing digital landscape — and with 53% of marketers experiencing legacy technology issues and limitations, they’re researching innovations to expand and refine their technology stacks. To help practitioners keep up with the rapidly evolving martech landscape, this special report will discuss: How practitioners are integrating technologies and systems to encourage information-sharing between departments and pr

article thumbnail

Department of Interior Updating Their Records Schedule

National Archives Records Express

Many of our readers may have seen recent items in the news media, social medi a or on listservs that make it seem like the Department of the Interior is making an unusual request to destroy Federal Records. We have been busily responding to inquiries about this schedu le from individuals and the press for a few days. Those of you who work in records management understand the records scheduling process, but to others, this process can seem mysterious.

Archiving 109
article thumbnail

Most GDPR emails unnecessary and some illegal, say experts

The Guardian Data Protection

Many firms have the required consent already; others don’t have consent to send a request The vast majority of emails flooding inboxes across Europe from companies asking for consent to keep recipients on their mailing list are unnecessary and some may be illegal, privacy experts have said, as new rules over data privacy come into force at the end of this week.

GDPR 112
article thumbnail

Data Analytics and Human Heuristics: How to Avoid Making Poor Decisions

Bill Schmarzo - Dell EMC

The “hot hand,” a metaphor applied frequently to the game of basketball, is the idea that a basketball shooter, after making several consecutive shots, will experience a higher than normal success rate on his or her ensuing shots. I discussed the “hot hand” concept, and its flaw, at a TDWI (The Data Warehouse Institute) conference many years ago. Figure 1: “The Hot Hand in Basketball” by Thomas Gilovich, Robert Vallone and Amos Tversky.

Analytics 111