GAO: After Equifax Breach, KBA No Longer Effective

Data Breach Today

New Report Calls for Other Methods of Authentication at Federal Agencies Some federal agencies inappropriately continue to rely on knowledge-based authentication to prevent fraud and abuse even though this method is no longer trustworthy because so much personal information that's been breached is readily available to fraudsters, a new U.S.

How pre-answered caller authentication helps prevent telephone bank fraud

Dark Reading

Based on the level of information the customer is requesting, the bank representative may ask a number of challenge questions. At this point, they’ve already taken up a minute or more of the customer’s valuable time using knowledge-based authentication (KBA) methods that, quite frankly, can no longer assure that the person on the other end of the line is who they say they are. Prevention vs. clean up. It’s a security question all financial institutions should ask themselves.

The Case for Integrating Physical Security & Cybersecurity

Dark Reading

You must look inside and outside your traditional knowledge base for the best way to defend against attacks Aggregating threat intel from external data sources is no longer enough.

AI Is Becoming a Trusted Sidekick for Legal and HR Departments


For example, starting with a knowledge base of language that is common to problematic contracts, machine learning algorithms can scour millions of similar contracts to find other warning signs that humans might miss.

Bank Attacks Put Password Insecurity Back in the Spotlight

The Security Ledger

Two separate attacks on banks in the United States and Pakistan revealed this week highlight once again the inherent weakness of a security practice that relies on passwords or knowledge-based credentials to protect critical information.

MY TAKE: How advanced automation of threat intel sharing has quickened incident response

The Last Watchdog

based security vendor in the thick of helping companies make more of their threat feeds. The idea was to pool intel from all sources, and make it readily available to all teams, so everyone operated off a common knowledge base. “It Bypasses Credit Freeze PIN

Krebs on Security

It then asked a series of four security questions — so-called “knowledge-based authentication” or KBA questions designed to see if I can about my recent financial history.

Tools 238

Expert found a DoS flaw in Windows Servers running IIS

Security Affairs

Microsoft published a knowledge base article to explain how to define thresholds on the number of HTTP/2 settings parameters exchanged over a connection. Windows servers running Internet Information Services (IIS) are vulnerable to denial-of-service (DoS) attacks carried out through malicious HTTP/2 requests. Microsoft revealed that Windows servers running Internet Information Services (IIS) are vulnerable to denial-of-service ( DoS ) attacks.

Here's What I'm Telling US Congress about Data Breaches

Troy Hunt

Last week I wrote about my upcoming congressional testimony and wow - you guys are awesome! Seriously, the feedback there was absolutely sensational and it's helped shape what I'll be saying to the US Congress, including lifting specific wording and phrases provided by some of you. Thank you!

MITRE evaluates Enterprise security products using the ATT&CK Framework

Security Affairs

In April, MITRE announced a new service based on its ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework to evaluate products based on their ability in detecting advanced persistent threats.

GUEST ESSAY: Why corporate culture plays such a pivotal role in deterring data breaches

The Last Watchdog

People should have the opportunity to pursue new careers within your organization based on their security expertise. A knowledge-base that’s understandable and accessible to all staff. About the essayist: Max Emelianov is CEO of HostForWeb , a Chicago-based web hosting services provider. Picture two castles. The first is impeccably built – state of the art, with impenetrable walls, a deep moat, and so many defenses that attacking it is akin to suicide.

Medical Thrillers and Digital Transformation

Perficient Data & Analytics

Physicians want an app that has the ability to provide them knowledge base, reach out to peers upon emergency, or just use it to keep track of their patients. Knowledge is power when you apply it correctly.

Kofax Awarded Nine New Patents, Validating Its Intelligent Automation Platform to Help Businesses Work Like Tomorrow – Today

Document Imaging Report

“These new patents provide further evidence that our Intelligent Automation platform is based on highly differentiated technologies that provide Kofax with competitive advantage and allow our customers to achieve a more rapid and compelling ROI,” said Jim Nicol, Executive Vice President of Research & Development at Kofax. Kofax’s 200+ Patents Lead Innovation across RPA, Process Orchestration, Cognitive Capture, Mobility & Engagement and Advanced Analytics .

Q&A: How certifying in-house IT staffers as cyber analysts, pen testers can boost SMB security

The Last Watchdog

Instead, getting trained and certified gives them a knowledge base to and contract out that expertise when their company needs it. Nowadays anyone working in IT needs at least that level of security knowledge. But in today’s environment, it has become important not just to have a pen test done, but also to do something proactive with that knowledge.

Kofax Named to Constellation ShortList for Robotic Process Automation

Document Imaging Report

Kofax RPA helps companies add workforce capacity without additional headcount by automating front and back office operations, allowing the human workforce to focus on higher-value knowledge based work.

End of Mainstream Support for Dynamics AX 2009 and AX 2012

Ascent Innovations

Self Service Support (Microsoft Knowledge Base, Microsoft Help & Support Site). Self Service Support (Microsoft Knowledge Base & Microsoft Help & Support Site). This is a good time to evaluate Cloud-based hosting and compare the ROI.

History Hub: A 21st Century Model for Archival Reference

Archives Blogs

In a resource-constrained environment, we were also excited by the possibility of enabling many-to-many interactions, helping us to serve researchers more quickly and efficiently by harnessing the collective knowledge of internal and external experts.

Updated Dynamsoft Barcode Reader SDK Allows App-Less Smartphone Scanning from Browsers

Document Imaging Report

17, 2018 – Dynamsoft has updated its Barcode Reader Software Development Kit as a pure JavaScript API Edition, based on WebAssembly, to enable cross-browser and cross-platform online barcode scanning. In many cases, businesses use a browser-based system for pre-defined workflows.

Demo 61

Alaris Offers Greater Flexibility with New Software Subscription and Professional Services Capabilities

Document Imaging Report

According to a survey conducted by IDC [i] , the acquisition cost of solutions is the largest hurdle for businesses to clear when automating document-based workflows. ROCHESTER, N.Y,

5 Reasons to Join the Adept Community Forum

Synergis Software

So, If you’re an Adept customer interested in extending your knowledge of Adept or if you’re a non-user and want to know what our customers are saying about the product before you buy, here are five great reasons why you need to join the community forum now. While our Helpdesk support team is widely accessible whenever you encounter an issue or have a question, the Adept community forum offers a unique knowledge base for users to quickly and easily retrieve information.

Tips 49

FTC Releases Guidance on COPPA Compliance

Hunton Privacy

The revised guidance addresses two newly-approved methods for obtaining parental consent: (1) answering a series of knowledge-based challenge questions that would be difficult for someone other than the parent to answer; or (2) verifying a picture of a driver’s license or other photo ID submitted by the parent and then comparing that photo to a second photo submitted by the parent, using facial recognition technology.

Here's Why [Insert Thing Here] Is Not a Password Killer

Troy Hunt

Part of the solution to this is to give people the controls to do password-based authentication better, for example by using a password manager and enabling 2FA. These days, I get a lot of messages from people on security related things.

Identifying E-signature Requirements to Accelerate Digital Adoption and Meet Global Compliance


Hence the concept of electronic identification and trust services ( eIDAS ) as defined in EU regulation 910/2014 is centered around trust and security and certificate-based signing.

The World Is Tuning Into Twitter Search

John Battelle's Searchblog

Users would be able to tap the collective knowledge of the 6 million or so members of the Twitterverse. Millions of people are contributing to the knowledge base. The tweet is the query. From Ad Age , which penned a good piece on the promise of Twitter search: In the future, searches won't only query what's being said at the moment, but will go out to the Twitter audience in the form of a question, like a faster and less-filtered Yahoo Answers or Wiki Answers.

Android Debugging Tools Also Useful for Compromising Devices, Mining Cryptocurrency

Security Affairs

In reality, devices are sometimes released in a vulnerable state without the end users’ knowledge. Based upon recent spikes in scans of TCP port 5555, someone believes that there is an exploitable vulnerability out there.

Salesforce Service Cloud Features That are Cause for Celebration

Perficient Data & Analytics

Translations for knowledge are now available in Lightning Experience along with some awesome new knowledge management features. Different flows can be set up for each channel so that you are tailoring your actions based on how the customer contacts you. Knowledge.

Cloud 54

The Modern Federal CIO: Making the most of new tools


Use teams to enhance analysis : Teaming will bring the collective knowledge base to the understanding of cost allocation decisions. FITARA, the MGT Act and IT cost analysis give CIOs what they need to move their agencies to the cloud and to streamline IT operations with strategic plans based on accurate data. The Modern Federal CIO: Making the most of new tools. premanath.puch…. Mon, 07/02/2018 - 04:52. Over the last several years, the role of the federal CIO has evolved.

I'm Testifying in Front of Congress in Washington DC about Data Breaches - What Should I Say?

Troy Hunt

For example, if your bank verifies that you are indeed who you say you are by asking you for your date of birth yet that's appeared in a data breach, how sound is it as a knowledge-based authentication (KBA) attribute? The immutability of exposed data attributes: The problem with KBA is the assumption that knowledge alone can be used for verification. There's a title I never expected to write!

ProtonMail launches Address Verification and full PGP support

Security Affairs

You can learn more about using Address Verification in our knowledge base article. As some of you may know, ProtonMail’s cryptography is already based upon PGP, and we maintain one of the world’s most widely used open source PGP libraries.

Interview: CJ Anderson ??Maximum innovation, minimum disruption


For law firms, the idea that data is as valuable as the knowledge that?s re just at the first steps on that journey, but we are starting to combine our marketing and knowledge data with our financial data, to try and support the lawyers a bit more in their client facing work.?

Petya Ransomware: What You Need to Know and Do

Andrew Hay

With similarities reminiscent to its predecessor WannaCry, this ransomware attack shut down organizations ranging from the Danish shipping conglomerate Maersk Line to a Tasmanian-based Cadbury chocolate factory. Until you can apply the patch, LEO also recommends the following steps to help reduce the attack surface: Disable SMBv1 with the steps documented at Microsoft Knowledge Base Article 2696547. By: Andrew Hay.

TaxonomyPicker.ascx No Longer Used in SharePoint 2010


The initial fix I found was on a Microsoft Knowledge Base page : This is not causing any issues except for a wrong ULS log message a single time in a web application process life time, the exception is caught and that template file is skipped.

Sharing best practices in our new Data to Diamonds book


Throughout the book, we share our knowledge based on the experiences of the 5,000 CGI professionals who work with clients on data and analytics initiatives every day. Sharing best practices in our new Data to Diamonds book. Tue, 12/15/2015 - 07:00.

Diving into the Issues: Observations from SOURCE and AtlSecCon

Andrew Hay

Specifically, she covered how adversaries might engage in research and planning, offer team support, manage conflict between group members, structure attack paths (intrusion chains), navigate disruptions to their attack paths, and how limited knowledge bases and self-induced mistakes can possibly impact adversaries.

FTC Approves COPPA Parental Consent Mechanism Proposal

Hunton Privacy

In its letter to Imperium , the FTC stated that Imperium’s method of knowledge-based authentication (“KBA”) is an acceptable method of obtaining verifiable parental consent as it is “reasonably calculated.

Kelly Twigger of ESI Attorneys: eDiscovery Trends 2018

eDiscovery Daily

ESI Attorneys works differently than a traditional law firm – they partner with businesses, law firms and municipalities that do not have discovery counsel knowledgeable to both advise on planning and preparing for eDiscovery and act as discovery counsel across litigation matters to achieve consistency and predictability. What I would love to see is the ability for more interaction to capitalize on that knowledge base. How many cloud based applications are you using?

Notes and observations about the 2012 intranet innovation award winners


An Elgg-based solution wins again. Mitre won an award from Step Two in 2010 for its Elgg-based employee network. Incidentally, an award winning Headshift Asia Pacific client that is based on Elgg also presented at Step Two's intranet conference earlier this year (PDF). Climateworks is commended for its SocialText-based wiki. The ClimateWorks Knowledge Exchange, an enterprise wiki, is a key component of their knowledge strategy.

This is the old ChiefTech blog.: Millennials, Process Continuity, Leadership and Discontinuity


This means that organizations will lose knowledge unless they can find ways to rapidly transfer it to new members, or to retain it in knowledge bases or other codified forms. We at Microsoft are seeing a growing use of wikis and blogs as impromptu knowledge bases. This is the old ChiefTech blog. Nice of you to drop in and visit. However, you need to come over and see my new blog at ©2005-2009. ©2005-2009.

This is the old ChiefTech blog.: Facebook, LinkedIn and the state of enterprise software


I see no reason why this sort of functionality couldnt be the interface for HR tools, CRM, supply chain, mail, intranet, knowledge base or any other behind the wall tool. This is the old ChiefTech blog. Nice of you to drop in and visit. However, you need to come over and see my new blog at ©2005-2009. ©2005-2009. Disclaimer: Information on this blog is of a general nature and represents my own independent opinion.

The Future of the Web | ZDNet

Collaboration 2.0

The Future of the Web By Oliver Marks | August 12, 2008, 9:29pm PDT Summary The semantic web can be quite a hard concept to grasp when discussed in an abstract way: the above video is a particularly useful, clear exposition of the enormous promise and power the future of knowledge sharing holds.