Troy Hunt

SEPTEMBER 17, 2019

Allow me to be controversial for a moment: arbitrary password restrictions on banks such as short max lengths and disallowed characters don't matter. Also, allow me to argue with myself for a moment: banks shouldn't have these restrictions in place anyway. I want to put forward cases for both arguments here because seeing both sides is important. I want to help shed some light on why this practice happens and argue pragmatically both for and against.

Passwords 93

Passwords Authentication Security IT 93

Data Breach Today

SEPTEMBER 12, 2019

Researchers Say Mirai Derivatives and EternalBlue Exploits Pummel Internet-Connected Devices Two years after WannaCry wrecked havoc via flaws in SMB_v1 and three years after Mirai infected internet of things devices en masse via default credentials, attackers are increasingly targeting the same flaws, security experts warn.

IoT 241

IoT Security 241

WIRED Threat Level

SEPTEMBER 27, 2019

Any iPhone device from 2011 to 2017 could soon be jailbroken, thanks to an underlying flaw that there's no way to patch.

Security 102

Security 102

Data Breach Today

SEPTEMBER 27, 2019

'Unusual Activity' By Third-Party Service Provider to Blame Food delivery startup DoorDash says 4.9 million customer, contractor and merchant records were breached after "unusual activity" by a third-party service provider. Even aside from the usual identification data, experts say certain, specific data - such as food allergies - could pose risks in the wrong hands.

Risk 256

Risk 256

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Krebs on Security

SEPTEMBER 11, 2019

MyPayrollHR , a now defunct cloud-based payroll processing firm based in upstate New York, abruptly ceased operations this past week after stiffing employees at thousands of companies. The ongoing debacle, which allegedly involves malfeasance on the part of the payroll company’s CEO, resulted in countless people having money drained from their bank accounts and has left nearly $35 million worth of payroll and tax payments in legal limbo.

Financial Services 279

Financial Services Cloud Insurance IT 279

erwin

SEPTEMBER 5, 2019

Why planning your 5G roadmap requires significant input from enterprise architects. 5G is coming and bringing with it the promise to transform any industry. And while the focus has been on the benefits to consumers, the effects on the enterprise are far- reaching. Few examples of emerging technology have the potential to disrupt and downright revolutionize certain markets and processes than 5G.

IoT 111

IoT Marketing Cloud IT 111

Security Affairs

SEPTEMBER 12, 2019

SimJacker is a critical vulnerability in SIM cards that could be exploited by remote attackers to compromise any phones just by sending an SMS. Cybersecurity researchers at AdaptiveMobile Security disclosed a critical vulnerability in SIM cards dubbed SimJacker that could be exploited by remote attackers to compromise targeted mobile phones and spy on victims just by sending an SMS.

Manufacturing 111

Manufacturing Security Cybersecurity Risk 111

IBM Big Data Hub

SEPTEMBER 5, 2019

Among organizations investing in AI hardware, software or services, more will buy IBM and rely on Watson than any other vendor. This according to a new IDC report which names IBM as 2018’s market leader in AI. So just what sets apart IBM as leader of the AI provider pack?

Marketing 101

Marketing 101

Data Breach Today

SEPTEMBER 5, 2019

Social Network Says Problem Fixed, But Techcrunch Reports Many Still Accurate Facebook has confirmed that unprotected databases containing more than 419 million users' phone numbers contained data scraped from the social network. TechCrunch, which first reported on the development, says many of the exposed phone numbers can be tied to Facebook IDs and remain accurate.

239

239

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Krebs on Security

SEPTEMBER 27, 2019

Earlier this month, employees at more than 1,000 companies saw one or two paycheck’s worth of funds deducted from their bank accounts after the CEO of their cloud payroll provider absconded with $35 million in payroll and tax deposits from customers. On Monday, the CEO was arrested and allegedly confessed that the diversion was the last desperate gasp of a financial shell game that earned him $70 million over several years.

Financial Services 265

Financial Services Insurance Cloud IT 265

Thales Cloud Protection & Licensing

SEPTEMBER 12, 2019

Now that it’s September, the excitement is beginning to build in earnest for the 2019 Rugby World Cup. Sports fans aren’t the only ones who are looking forward to this event. Unfortunately, digital criminals are also closely following the buzz surrounding this tournament. It’s not like bad actors haven’t taken an interest in major sporting events before.

Security 105

Security IoT Personal data Military 105

erwin

SEPTEMBER 19, 2019

Data governance isn’t a one-off project with a defined endpoint. It’s an on-going initiative that requires active engagement from executives and business leaders. Data governance, today, comes back to the ability to understand critical enterprise data within a business context, track its physical existence and lineage, and maximize its value while ensuring quality and security.

Government 108

Government Risk IT Compliance 108

eSecurity Planet

SEPTEMBER 12, 2019

These IT security vendors lead the market through their innovative offerings, range of products and services, customer satisfaction and annual revenue

Cybersecurity 110

Cybersecurity Marketing Security IT 110

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Security Affairs

SEPTEMBER 5, 2019

New problems to Facebook , phone numbers associated with more than 400 million accounts of the social network giant were exposed online. A new privacy incident involved Facebook, according to TechCruch, phone numbers associated with 419 million accounts of the social network giant were exposed online. The data was found by Sanyam Jain, a security researcher and member of the GDI Foundation, who contacted TechCrunch because he was able to contact the owner of the archive. .

Privacy 111

Privacy Archiving Passwords Access 111

Data Breach Today

SEPTEMBER 19, 2019

Symantec Sees New Tortoiseshell Gang Hitting Targets in Middle East A hacker group called Tortoiseshell has been hitting targets in the Middle East since at least July 2018, apparently targeting IT service providers to gain access to many potential targets at once. The campaign is fresh proof that criminals and nation-state attackers alike continue to favor supply chain attacks.

IT 243

IT Access 243

Krebs on Security

SEPTEMBER 9, 2019

The U.S. Secret Service is investigating a breach at a Virginia-based government technology contractor that saw access to several of its systems put up for sale in the cybercrime underground, KrebsOnSecurity has learned. The contractor claims the access being auctioned off was to old test systems that do not have direct connections to its government partner networks.

IT 248

IT Government Military Access 248

Thales Cloud Protection & Licensing

SEPTEMBER 4, 2019

The weeklong “hacker summer camp” of the combined Black Hat and DefCon drew over 22,000 attendees to Las Vegas last month. Overall, we continue to think the security industry is still ripe for commoditization, especially from the cloud providers who have the capacity to simply offer features as a default. Last year we thought we saw evidence that security vendors were consolidating and on the cusp of providing higher order services to meet this threat, but we didn’t see much evidence of that str

IoT 104

IoT Paper Risk Encryption 104

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

erwin

SEPTEMBER 26, 2019

The benefits of Data Vault automation from the more abstract – like improving data integrity – to the tangible – such as clearly identifiable savings in cost and time. So Seriously … You Should Automate Your Data Vault. By Danny Sandwell. Data Vault is a methodology for architecting and managing data warehouses in complex data environments where new data types and structures are constantly introduced.

Healthcare 108

Healthcare Compliance Government Access 108

Schneier on Security

SEPTEMBER 5, 2019

A decade ago, the Doghouse was a regular feature in both my email newsletter Crypto-Gram and my blog. In it, I would call out particularly egregious -- and amusing -- examples of cryptographic " snake oil.". I dropped it both because it stopped being fun and because almost everyone converged on standard cryptographic libraries, which meant standard non-snake-oil cryptography.

Encryption 98

Encryption Artificial Intelligence Paper Analytics 98

Security Affairs

SEPTEMBER 17, 2019

Tens of millions of records belonging to passengers of two airline companies owned by Lion Air have been exposed and exchanged on forums. Data belonging to passengers of two airline companies owned by Lion Air have been exposed and exchanged on forums. The information was left exposed online on an unsecured Amazon bucket, the records were stored in two databases in a directory containing backup files mostly for Malindo Air and Thai Lion Air.

Security 111

Security IT Data breaches 111

Data Breach Today

SEPTEMBER 11, 2019

September's Patch Tuesday Addresses Elevation of Privileges Flaws As part of its September Patch Tuesday security update, Microsoft issued software fixes for two vulnerabilities in several versions of Windows that it says are being exploited by attackers in the wild. Security experts are urging IT teams to quickly patch these flaws.

Security 240

Security IT 240

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

Krebs on Security

SEPTEMBER 18, 2019

A reader forwarded what he briefly imagined might be a bold, if potentially costly, innovation on the old Nigerian prince scam that asks for help squirreling away millions in unclaimed fortune: It was sent via the U.S. Postal Service, with a postmarked stamp and everything. In truth these old fashioned “advance fee” or “419” scams predate email and have circulated via postal mail in various forms and countries over the years.

Phishing 208

Phishing Access IT 208

Thales Cloud Protection & Licensing

SEPTEMBER 17, 2019

As government agencies get back to work after summer barbeques, family vacations and once-in-a-lifetime getaways, the focus is on the priorities for the rest of 2019. Cybersecurity remains one of the top concerns and priorities for our government. The focus on the rest of 2019 and looking ahead to 2020 was very clear when I attended two recent industry events.

IoT 101

IoT Government Cloud Encryption 101

erwin

SEPTEMBER 12, 2019

Strong internal business process modeling and management helps data-driven organizations compete and lead. In short, an internal business process is a documented account of how things should be done to maximize efficiency and achieve a particular goal. In the book “Exponential Organizations” by Salim Ismail, Michael S. Malone and Yuri van Geest , the authors, examine how every company is or will evolve into an information-based entity in which costs fall to nearly zero, abundance replaces scarci

Marketing 101

Marketing Financial Services Government Communications 101

Schneier on Security

SEPTEMBER 16, 2019

Not that serious, but interesting : In late 2011, Intel introduced a performance enhancement to its line of server processors that allowed network cards and other peripherals to connect directly to a CPU's last-level cache, rather than following the standard (and significantly longer) path through the server's main memory. By avoiding system memory, Intel's DDIO­short for Data-Direct I/O­increased input/output bandwidth and reduced latency and power consumption.

Cloud 95

Cloud Access Security IT 95

Advertisement

Gearing up for 2025 annual planning? Our latest eBook from the Operators Guild is your ultimate guide. Discover real-world solutions and best practices shared by top CFOs, drawn directly from discussions within OG’s vibrant online community. Learn from senior executives at high-growth tech startups as they outline financial planning strategies, align CEO and board goals, and coordinate budgets across departments.

Education

Security Affairs

SEPTEMBER 16, 2019

A flaw in LastPass password manager leaks credentials from previous site. An expert discovered a flaw in the LastPass password manager that exposes login credentials entered on a site previously visited by a user. Tavis Ormandy, the popular white-hat hacker at Google Project Zero, has discovered a vulnerability in the LastPass password manager that exposes login credentials entered on a site previously visited by a user.

Passwords 111

Passwords Security IT Information Security 111

Lenny Zeltser

SEPTEMBER 26, 2019

What malware analysis approaches work well? Which don’t? How are the tools and methodologies evolving? The following discussion–captured as an MP3 audio file –offers friendly advice from 5 malware analysts. These are some of the practitioners who teach the reverse-engineering malware course (FOR610) at SANS Institute: Jim Clausing : Security Architect at AT&T and Internet Storm Center Handler (Panelist) Evan Dygert : Senior Security Engineer for Blue Cross Blue Shield Assoc

Security 93

Security Information Security 93

Dark Reading

SEPTEMBER 21, 2019

VPNs are critical pieces of the security infrastructure, but they can be vulnerable, hackable, and weaponized against you. Here are seven things to be aware of before you ignore your VPN.

Security 93

Security 93