Krebs on Security
DECEMBER 14, 2020
Communications at the U.S. Treasury and Commerce Departments were reportedly compromised by a supply chain attack on SolarWinds , a security vendor that helps the federal government and a range of Fortune 500 companies monitor the health of their IT networks. Given the breadth of the company’s customer base, experts say the incident may be just the first of many such disclosures.
Data Breach Today
NOVEMBER 2, 2020
Privacy Regulator in UK Cautions Organizations to Conduct Thorough Due Diligence Hotel giant Marriott has been hit with the second largest privacy fine in British history, after it failed to contain a massive, long-running data breach. But the final fine of $23.8 million was just 20% of the penalty initially proposed by the U.K.'s privacy watchdog, owing in part to COVID-19's ongoing impact.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
DECEMBER 31, 2020
Experts from Intezer discovered a new and self-spreading Golang-based malware that targets Windows and Linux servers. Experts from Intezer discovered a Golang-based worm that targets Windows and Linux servers. The malware has been active since early December targeting public-facing services, including MySQL, Tomcat admin panel and Jenkins that are protected with weak passwords.
Troy Hunt
NOVEMBER 19, 2020
It's increasingly hard to know what to do with data like that from Cit0Day. If that's an unfamiliar name to you, start with Catalin Cimpanu's story on the demise of the service followed by the subsequent leaking of the data. The hard bit for me is figuring out whether it's pwn-worthy enough to justify loading it into Have I Been Pwned (HIBP) or if it's just more noise that ultimately doesn't really help people make informed decisions about their security posture.
Speaker: Travis Addair, Co-Founder and CTO at Predibase
Large Language Models (LLMs) such as ChatGPT offer unprecedented potential for complex enterprise applications. However, productionzing LLMs comes with a unique set of challenges such as model brittleness, total cost of ownership, data governance and privacy, and the need for consistent, accurate outputs. Putting the right LLMOps process in place today will pay dividends tomorrow, enabling you to leverage the part of AI that constitutes your IP – your data – to build a defensible AI strategy for
Lenny Zeltser
OCTOBER 13, 2020
REMnux ® offers a curated collection of free tools for reverse-engineering or otherwise analyzing malicious software. How to find the right tool for the job, given how many useful utilities come as part of the distro? To guide you through the process of examining malware, REMnux documentation lists the installed tools by category. Each grouping, which you’ll find in the Discover the Tools section of the documentation site, represents the type of actions the analysts might need to take: Exa
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
The Guardian Data Protection
SEPTEMBER 29, 2020
Allegation follows new law that lets Hong Kong ask for sensitive data if deemed to threaten national security Big technology companies may already be complying with secret Chinese requests for user information held in Hong Kong and ought to “come clean” about the vulnerability of the data they hold there, a senior US state department official has said.
IT Governance
JUNE 1, 2020
We have just seen 8,801,171,594 breached data records in one month. Yes, 8.8 billion. Granted, the majority of those were the result of a leaky database belonging to the Thai phone network AIS that was quickly resolved – but it was a dire month even if you discount that. There were 105 incidents in total, including several that are alarming either in terms of their size or their severity.
Schneier on Security
OCTOBER 26, 2020
Gizmodo is reporting that Harris Corp. is no longer selling Stingray IMSI-catchers (and, presumably, its follow-on models Hailstorm and Crossbow) to local governments: L3Harris Technologies, formerly known as the Harris Corporation, notified police agencies last year that it planned to discontinue sales of its surveillance boxes at the local level, according to government records.
IBM Big Data Hub
MARCH 20, 2020
We recognize that these are difficult times. In response to the worldwide pandemic, IBM will be extending the SPSS Statistics Subscription trial for active and new accounts through June 15. This will allow our users time to adjust to this dynamic and unprecedented situation.
Speaker: Keith Kmett, Principal CX Advisor at Medallia
Join Keith Kmett, Principal CX Advisor, in this new webinar that will focus on: Understanding CX Orchestration Fundamentals: Gain a solid understanding of what CX orchestration is, its significance in the customer experience landscape, and how it plays a crucial role in shaping customer journeys. This includes the key concepts, strategies, and best practices involved in CX orchestration. 🔑 Connection to Customer Journey Maps: How to effectively integrate customer journey mapping into the
Dark Reading
SEPTEMBER 22, 2020
Understaffed, underfunded, and underequipped, IT teams in the K-12 sector face a slew of challenges amid remote and hybrid learning models. Here's where they can begin to protect their schools against cyberattacks.
Krebs on Security
NOVEMBER 21, 2020
Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy , the world’s largest domain name registrar, KrebsOnSecurity has learned. The incident is the latest incursion at GoDaddy that relied on tricking employees into transferring ownership and/or control over targeted domains to fraudsters.
Data Breach Today
NOVEMBER 10, 2020
Investigators Find Encryption, Monitoring, Logging and Whitelisting Failures Inadequate database and privileged account monitoring, incomplete multi-factor authentication and insufficient use of encryption: Britain's privacy regulator has cited a raft of failures that contributed to the four-year breach of the Starwood guest reservation system discovered by Marriott in 2018.
Security Affairs
DECEMBER 12, 2020
Threat actors are actively exploiting a zero-day vulnerability in the popular Easy WP SMTP WordPress plugin installed on more than 500,000 sites. Hackers are actively exploiting a zero-day vulnerability in the popular Easy WP SMTP WordPress plugin to reset passwords for admin accounts. The SMTP WordPress plugin is installed on more than 500,000 sites, but despite the security patch has been released earlier this week many sites are yet to be patched.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Troy Hunt
OCTOBER 2, 2020
Sexuality, relationships and online dating are all rather personal things. They're aspects of our lives that many people choose to keep private or at the very least, share only with people of our choosing. Grindr is "The World's Largest Social Networking App for Gay, Bi, Trans, and Queer People" which for many people, makes it particularly sensitive.
Lenny Zeltser
JULY 22, 2020
10 years after the initial release of REMnux , I’m thrilled to announce that REMnux version 7 is now available. This Linux distribution for malware analysis includes hundreds of new and classic tools for examining executables, documents, scripts, and other forms of malicious code. To start using REMnux v7, you can: Download REMnux as a virtual appliance Set up a dedicated REMnux system from scratch Add REMnux to an existing Ubuntu 18.04 host Run REMnux distro as a Docker container.
erwin
AUGUST 28, 2020
Organizations with a solid understanding of data governance (DG) are better equipped to keep pace with the speed of modern business. In this post, the erwin Experts address: What Is Data Governance? Why Is Data Governance Important? What Is Good Data Governance? What Are the Key Benefits of Data Governance? What Is the Best Data Governance Solution?
The Guardian Data Protection
AUGUST 10, 2020
Faculty, linked to senior Tories, hired to collect tweets as part of coronavirus-related contract Privacy campaigners have expressed alarm after the government revealed it had hired an artificial intelligence firm to collect and analyse the tweets of UK citizens as part of a coronavirus-related contract. Faculty, which was hired by Dominic Cummings to work for the Vote Leave campaign and counts two current and former Conservative ministers among its shareholders, was paid £400,000 by the Ministr
Advertisement
There’s a good reason why Apache Cassandra® is quickly becoming the NoSQL database of choice for organizations of all stripes. In this white paper, discover the key use cases that make Cassandra® such a compelling open source software – and learn the important pitfalls to avoid. From understanding its distributed architecture to unlocking its incredible power for industries like healthcare, finance, retail and more, experience how Cassandra® can transform your entire data operations.
OpenText Information Management
MAY 26, 2020
As we approach 100 days of quarantine or shelter in place, I wanted to take an inventory of what we know, what we need to know, and how to live and love in the time of Corona. Humanity is at a critical juncture, and our individual decisions will decide between life or death, recession or … The post To Live and Love in the Time of Corona appeared first on OpenText Blogs.
Hunton Privacy
OCTOBER 2, 2020
On October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) issued an advisory alerting companies of potential sanctions risks related to facilitating ransomware payments. The five-page advisory states that ransomware victims who pay ransom amounts, and third-party companies that negotiate or pay ransom on their behalf, “not only encourage future ransomware payment demands but also may risk violating OFAC regulations.”.
Micro Focus
DECEMBER 9, 2020
When a bright, 30-something persuaded the authorities to waive the restrictions on age and weight, and joined the US Navy in 1944, no-one could have foreseen the profound benevolent impact Grace Hopper would go on to have on computing and the world as we know it today. Today marks what would have been the 114th birthday. View Article.
John Battelle's Searchblog
JUNE 29, 2020
How Brands Can Fix the Relationship Between Platforms, Audiences, and Media Companies (Hint: It’s Not a Boycott). (Second of a series. The first post reviews the media and platform ecosystem, and laments the role brand marketers have played in its demise.) . In my first post of this series, I laid out a fundamental problem with how digital media works today.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Krebs on Security
JULY 24, 2020
Thousands of people graduate from colleges and universities each year with cybersecurity or computer science degrees only to find employers are less than thrilled about their hands-on, foundational skills. Here’s a look at a recent survey that identified some of the bigger skills gaps, and some thoughts about how those seeking a career in these fields can better stand out from the crowd.
Data Breach Today
NOVEMBER 12, 2020
WildWorks Data Breach Shows Danger of Sharing Sensitive Keys Over Chat Chat and collaboration software tools such as Slack are critical for software development teams. But a data breach experienced by Utah-based software developer WildWorks illustrates why developers should think twice before sharing sensitive database keys over chat.
Security Affairs
DECEMBER 21, 2020
While investigating the recent SolarWinds Orion supply-chain attack security researchers discovered another backdoor, tracked SUPERNOVA. The investigation of the SolarWinds Orion supply-chain attack revealed the existence of another backdoor that was likely used by a separate threat actor.
Troy Hunt
SEPTEMBER 3, 2020
You've possibly just found out you're in a data breach. The organisation involved may have contacted you and advised your password was exposed but fortunately, they encrypted it. But you should change it anyway. Huh? Isn't the whole point of encryption that it protects data when exposed to unintended parties? Ah, yes, but it wasn't encrypted it was hashed and therein lies a key difference: Saying that passwords are “encrypted” over and over again doesn’t make it so.
Advertisement
Are you thinking of adding enhanced data matching and relationship detection to your product or service? Do you need to know more about what to look for when assessing your options? The Senzing Entity Resolution Buyer’s Guide gives you step-by-step details about everything you should consider when evaluating entity resolution technologies. You’ll learn about use cases, technology and deployment options, top ten evaluation criteria and more.
Lenny Zeltser
JULY 1, 2020
Writing about cybersecurity threats, such as phishing campaigns, malware infections, and attack groups, is challenging for many reasons. How should you decide what details to include? How can you persuade the readers that your analysis is sound? How might you address the needs of multiple audiences? I’m happy to share what I’ve learned over the years about writing effective threat reports in the following 36-minute video.
erwin
OCTOBER 16, 2020
It’s certainly no secret that data has been growing in volume, variety and velocity, and most companies are overwhelmed by managing it, let alone harnessing it to put it to work. We’re now generating 2.5 quintillion bytes of data every day, and 90% of the world’s data volume has been created in the past two years alone. With this absolute data explosion, it’s nearly impossible to filter out the time-sensitive data, the information that has immediate relevance and impact o
The Guardian Data Protection
JULY 12, 2020
Boris Johnson’s chief adviser declines to explain reason for payments to Faculty A private company owned and controlled by Dominic Cummings paid more than a quarter of a million pounds to the artificial intelligence firm that worked on the Vote Leave campaign. The prime minister’s chief adviser is declining to explain the reason for the payments to Faculty, which were made in instalments over two years.
Expert insights. Personalized for you.
363 
Let's personalize your content