Sat.Feb 02, 2019 - Fri.Feb 08, 2019

article thumbnail

MY TAKE: Why Satya Nadella is wise to align with privacy advocates on regulating facial recognition

The Last Watchdog

We’re just a month and change into the new year, and already there have been two notable developments underscoring the fact that some big privacy and civil liberties questions need to be addressed before continuing the wide-scale deployment of advanced facial recognition systems. This week civil liberties groups in Europe won the right to challenge the UK’s bulk surveillance activities in the The Grand Chamber of the European Court of Human Rights.

Privacy 157
article thumbnail

Using Gmail "Dot Addresses" to Commit Fraud

Schneier on Security

In Gmail addresses, the dots don't matter. The account "bruceschneier@gmail.com" maps to the exact same address as "bruce.schneier@gmail.com" and "b.r.u.c.e.schneier@gmail.com" -- and so on. (Note: I own none of those addresses, if they are actually valid.). This fact can be used to commit fraud : Recently, we observed a group of BEC actors make extensive use of Gmail dot accounts to commit a large and diverse amount of fraud.

Sales 87
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Experts found popular beauty apps in the Play Store including malicious code

Security Affairs

Researchers at Trend Micro discovered at least 29 malicious photo editing and beauty apps that were able to perform several malicious activities. Crooks continue to abuse Google Play store to distribute malicious apps, this time experts at Trend Micro discovered at least 29 malicious photo editing and beauty apps that were stealing users’ photos.

Phishing 111
article thumbnail

Phishers Target Anti-Money Laundering Officers at U.S. Credit Unions

Krebs on Security

A highly targeted, malware-laced phishing campaign landed in the inboxes of multiple credit unions last week. The missives are raising eyebrows because they were sent only to specific anti-money laundering contacts at credit unions, and many credit union sources say they suspect the non-public data may have been somehow obtained from the National Credit Union Administration (NCUA), an independent federal agency that insures deposits at federally insured credit unions.

Phishing 262
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Data Breach Reports in Europe Under GDPR Exceed 59,000

Data Breach Today

Netherlands, Germany and UK Have Logged the Most Data Breach Reports Since the EU's GDPR went into full effect, European data protection authorities have received over 59,000 data breach reports, with the Netherlands, Germany and the U.K. receiving the greatest number of notifications, according to the law firm DLA Piper.

More Trending

article thumbnail

Android devices could be hacked by viewing a malicious PNG Image

Security Affairs

Google patched a critical flaw in its Android OS that allows an attacker to send a specially crafted PNG image file to hack a target device, Opening an image file on your smartphone could allow attackers to hack into your Android device due to three critical vulnerabilities, CVE-2019-1986, CVE-2019-1987, and CVE-2019-1988. The flaws affect millions of Android devices running versions of the Google OS, ranging from Android 7.0 Nougat to the latest Android 9.0 Pie.

article thumbnail

Crooks Continue to Exploit GoDaddy Hole

Krebs on Security

Godaddy.com , the world’s largest domain name registrar, recently addressed an authentication weakness that cybercriminals were using to blast out spam through legitimate, dormant domains. But several more recent malware spam campaigns suggest GoDaddy’s fix hasn’t gone far enough, and that scammers likely still have a sizable arsenal of hijacked GoDaddy domains at their disposal.

article thumbnail

Cottage Health Hit With $3 Million HIPAA Settlement

Data Breach Today

Latest in a Series of Substantial HHS Penalties for Violations Federal regulators have hit a California-based healthcare provider with a $3 million HIPAA settlement related to two breaches involving misconfigured IT. It's the latest in a recent series of hefty penalties issued in HIPAA cases.

IT 232
article thumbnail

AIIM19 session preview - Content Analytics & ECM Implementation across the Enterprise with John Daly

AIIM

AIIM19 is coming soon to San Diego on March 26-28 and as usual the gathering will be the place to be for information management professionals. If you plan on attending you should mark your calendar for an important roundtable session called “When You Are in the Storm: Content Analytics & ECM Implementation Across the Enterprise” being hosted by John Daly, Information Governance Manager the Metropolitan Sewer District in St.

ECM 80
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Metro Bank is the first bank that disclosed SS7 attacks against its customers

Security Affairs

Metro Bank has become the first major bank to disclose SS7 attacks against its customers, but experts believe it isn’t an isolated case. A new type of cyber attack was used for the first time against the Metro Bank, threat actors are leveraging known flaws in the SS7 signaling protocol to intercept the codes sent via text messages to customers to authorize transactions.

IT 111
article thumbnail

More Alleged SIM Swappers Face Justice

Krebs on Security

Prosecutors in Northern California have charged two men with using unauthorized SIM swaps to steal and extort money from victims. One of the individuals charged allegedly used a hacker nickname belonging to a key figure in the underground who’s built a solid reputation hijacking mobile phone numbers for profit. According to indictments unsealed this week, Tucson, Ariz. resident Ahmad Wagaafe Hared and Matthew Gene Ditman of Las Vegas were part of a group that specialized in tricking or br

article thumbnail

Failed Fraud Against UK Bank Abused Mobile Infrastructure

Data Breach Today

Fresh SS7 Fraud Highlights Ongoing Call Routing Weaknesses A U.K. bank says no customers lost money after cyberattackers attempted account takeovers by rerouting one-time passcodes, Motherboard reports. Such attacks involve unauthorized tampering with Signaling System #7, the protocol used to route mobile phone calls worldwide.

200
200
article thumbnail

A third of companies are largely unprepared for cybersecurity attacks: eSecurity Planet Survey

eSecurity Planet

A third of companies are unprepared for some of the most damaging cyber attacks, such as APTs, insider threats, ransomware and DDoS attacks.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Expert publicly disclosed the existence of 0day flaw in macOS Mojave

Security Affairs

A zero-day vulnerability in macOS Mojave can be exploited by malware to steal plaintext passwords from the Keychain. The security expert Linus Henze has disclosed the existence of a zero-day vulnerability in macOS Mojave that can be exploited by malware to steal plaintext passwords from the Keychain. According to Henze, the flaw affects macOS Mojave and earlier versions.

Passwords 111
article thumbnail

Four Use Cases Proving the Benefits of Metadata-Driven Automation

erwin

Organization’s cannot hope to make the most out of a data-driven strategy, without at least some degree of metadata-driven automation. The volume and variety of data has snowballed, and so has its velocity. As such, traditional – and mostly manual – processes associated with data management and data governance have broken down. They are time-consuming and prone to human error, making compliance, innovation and transformation initiatives more complicated, which is less than ideal in the informati

article thumbnail

Hack Attack Breaches Australian Parliament Network

Data Breach Today

No Signs of Data Theft; Password Resets Ordered Hackers have breached the Australian Parliament's network, although investigators say they have found no evidence that attackers stole any data. But Parliament's presiding officers said all users have been ordered to reset their passwords as a precaution.

Passwords 193
article thumbnail

There's No Good Reason to Trust Blockchain Technology

WIRED Threat Level

Opinion: Cryptocurrencies are useless. Blockchain solutions are frequently much worse than the systems they replace. Here's why.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Roughly 500,000 Ubiquity devices may be affected by flaw already exploited in the wild

Security Affairs

Security experts identified nearly 500,000 Ubiquity devices that may be affected by a vulnerability that has already been exploited in the wild. Security experts are warning Ubiquity users of a vulnerability that has already been exploited in the wild. Last week, the researcher Jim Troutman, consultant and director of the Northern New England Neutral Internet Exchange (NNENIX), revealed that threat actors had been targeting Ubiquity installs exposed online.

Access 109
article thumbnail

The IT Governance Cyber Resilience Framework: how it works

IT Governance

Cyber resilience is the ability to prepare for, respond to and recover from cyber attacks. It helps organisations protect themselves from cyber risks, defend against and limit the severity of attacks, and ensure that business operations continue to function. The concept is relatively new, but it has its roots in longstanding solutions to common problems and is quickly becoming an essential response to the modern threat landscape.

article thumbnail

Apple Update: Drop Everything and Patch iOS

Data Breach Today

Zero Days Being Exploited; Apple Contributes to 'FacePalm' Bug Finder's Tuition Apple has issued an iOS update that patches two flaws being exploited in the wild by attackers as well as the "FalmPalm" bug in Group FaceTime. Apple says it compensated the teenager who reported the FaceTime flaw and gave him an extra gift toward his tuition.

IT 193
article thumbnail

EDPB Adopts Opinion on Interplay Between the EU Clinical Trials Regulation and the GDPR

Data Matters

On 23 January 2019, the European Data Protection Board (EDPB) adopted an opinion on the interplay between the EU Clinical Trials Regulation (CTR) and the EU General Data Protection Regulation (GDPR). The Opinion addresses the appropriate legal basis for the processing of personal data in the context of clinical trials (primary use), and the secondary use of clinical trial data.

GDPR 81
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Severe bug in LibreOffice and OpenOffice suites allows remote code execution

Security Affairs

A security expert discovered a severe Remote Code Execution vulnerability in the popular LibreOffice and Apache OpenOffice. The security researcher Alex Inführ discovered a severe remote code execution vulnerability in LibreOffice and Apache OpenOffice that could be exploited by tricking victims into opening an ODT (OpenDocument Text) file embedding an event embedded.

article thumbnail

Ransomware Attack Via MSP Locks Customers Out of Systems

Dark Reading

Vulnerable plugin for a remote management tool gave attackers a way to encrypt systems belonging to all customers of a US-based MSP.

article thumbnail

Fewer Breaches in 2018, But More Sensitive Data Spilled

Data Breach Today

Business and Healthcare Sectors Suffered Most US Breaches, ITRC Finds In 2018, the Identity Theft Resource Center counted 1,244 U.S. data breaches - involving the likes of Facebook, Marriott and Exactis - that exposed 447 million sensitive records, such as Social Security numbers, medical diagnoses and payment card data.

article thumbnail

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

Data Matters

On December 3, 2018, twelve attorneys general (“AGs”) jointly filed a data breach lawsuit against Medical Informatics Engineering and its subsidiary, NoMoreClipboard LLC (collectively “the Company”), an electronic health records company, in federal district court in Indiana. See Indiana v. Med. Informatics Eng’g, Inc. , No. 3:18-cv-00969 (N.D. Ind. filed Dec. 3, 2018).

article thumbnail

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

article thumbnail

Roughly 500,000 Ubiquiti devices may be affected by flaw already exploited in the wild

Security Affairs

Security experts identified nearly 500,000 Ubiquit devices that may be affected by a vulnerability that has already been exploited in the wild. Security experts are warning Ubiquit users of a vulnerability that has already been exploited in the wild. Last week, the researcher Jim Troutman, consultant and director of the Northern New England Neutral Internet Exchange (NNENIX), revealed that threat actors had been targeting Ubiquiti installs exposed online.

Access 111
article thumbnail

Analyst’s view: OpenText named a leader

OpenText Information Management

OpenText™ is thrilled to be recognized by Gartner as a Leader in the 2018 Magic Quadrant for Web Content Management. In its annual review, Gartner evaluated 18 web content management vendors on objective criteria supported by customer references. The report ensures “decision makers keen to deliver effective digital experiences will be better placed to identify … The post Analyst’s view: OpenText named a leader appeared first on OpenText Blogs.

article thumbnail

Ransomware Victims Who Pay Cough Up $6,733 (on Average)

Data Breach Today

Dharma/CrySiS, GandCrab and Globelmposter Strains Most Prevalent, Study Finds Ransomware victims who opted to pay for the promise of a decryption key forked over an average of $6,733 in the fourth quarter of 2018, according to ransomware incident response firm Coveware. It says strains such as SamSam and Ryuk, which demand higher-than-average ransoms, are increasingly common.