Sat.Jul 21, 2018 - Fri.Jul 27, 2018

article thumbnail

Google: Security Keys Neutralized Employee Phishing

Krebs on Security

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity. A YubiKey Security Key made by Yubico. The basic model featured here retails for $20. Security Keys are inexpensive USB-based devices that offer an alternative approach to two-factor authentication (2FA), which requires the user to log in

Phishing 249
article thumbnail

Google Chrome Now Labels HTTP Sites as 'Not Secure'

WIRED Threat Level

The world's biggest browser now lets you know when you're visiting an unencrypted site.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Facebook's Security and Privacy Overhaul Comes at a Price

Data Breach Today

CEO Mark Zuckerberg Reports Decreased Profitability, GDPR Impact Facebook is making substantial investments to improve its data security and privacy practices. But the long-term cost of those investments and impact on the bottom line appeared to spook investors, leading to a 20 percent plunge in the company's stock price in after-hours trading.

Privacy 162
article thumbnail

Russian Hackers Infiltrate U.S. Electrical Utilities: Report

Adam Levin

Russian hackers have successfully infiltrated the control system rooms of U.S. electrical utilities, the Department of Homeland Security announced earlier this week. Suspected hacking groups Dragonfly and Energetic Bear infiltrated their targets using common methods including spear-phishing and watering-hole attacks. They first targeted third-party vendors associated with the utilities, which they then leveraged to steal credentials and gain access to operating systems.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

LifeLock Bug Exposed Millions of Customer Email Addresses

Krebs on Security

Identity theft protection firm LifeLock — a company that’s built a name for itself based on the promise of helping consumers protect their identities online — may have actually exposed customers to additional attacks from ID thieves and phishers. The company just fixed a vulnerability on its site that allowed anyone with a Web browser to index email addresses associated with millions of customer accounts, or to unsubscribe users from all communications from the company.

Phishing 200

More Trending

article thumbnail

Under GDPR, Data Breach Reports in UK Have Quadrupled

Data Breach Today

Privacy Regulator Sees 1,750 Breach Reports in June, Up From 400 in April Under the EU's General Data Protection Regulation, within 72 hours of an organization learning about the data breach, it must report the breach to relevant authorities or face fines. The U.K.'s data privacy watchdog says it's already seen the volume of self-reported breaches quadruple.

article thumbnail

Sony addresses remotely exploitable flaws in Sony IPELA E Network Cameras

Security Affairs

Sony fixed 2 remotely exploitable flaws in Sony IPELA E Series Network Camera products that could be exploited to execute commands or arbitrary code. Sony addressed two remotely exploitable flaws in Sony IPELA E Series Network Camera products that could be exploited to execute commands or arbitrary code on affected devices. The first vulnerability, tracked as CVE-2018-3937, is a command injection issue that affects the measurementBitrateExec features implemented in the IPELA E Series Network Cam

article thumbnail

Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M

Krebs on Security

Hackers used phishing emails to break into a Virginia bank in two separate cyber intrusions over an eight-month period, making off with more than $2.4 million total. Now the financial institution is suing its insurance provider for refusing to fully cover the losses. According to a lawsuit filed last month in the Western District of Virginia, the first heist took place in late May 2016, after an employee at The National Bank of Blacksburg fell victim to a targeted phishing email.

Insurance 198
article thumbnail

MY TAKE: How the lack of API security translates into ‘digital transformation’ security holes

The Last Watchdog

If you’re not familiar with how Facebook, Twitter and YouTube make it so easy for you and me to easily access cool content they’ve collected and stored behind their respective firewalls, then you might think “API” is a trendy type of beer. In fact, API stands for Application Programming Interface, the indispensable technology that makes it possible for software applications to exchange data across the Internet.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Shipping Giant Cosco Hit by Ransomware Attack

Data Breach Today

Networks in 8 North and South America Countries Remain Offline A "local network breakdown" - reportedly caused by a ransomware infection - has led shipping giant Cosco to shut down networks for its offices in eight North America and South America countries while it scrubs and restores systems. Some corporate websites, email and phone systems remain offline.

article thumbnail

Digitalizing Core Business Processes — Part 1 of 3 — True Transformation is more than Digitization

AIIM

In “ The State of Intelligent Information Management: Getting Ahead of the Digital Transformation Curve ,” AIIM made the case that every organization is on – or should be on! – a Digital Transformation journey. The heart of this Transformation journey is understanding, anticipating, and redefining internal and external customer experiences. AIIM believes that Digital Transformation effectiveness is imperiled by a rising tide of information chaos and confusion, and that rising tide of information

article thumbnail

State Govts. Warned of Malware-Laden CD Sent Via Snail Mail from China

Krebs on Security

Here’s a timely reminder that email isn’t the only vector for phishing attacks: Several U.S. state and local government agencies have reported receiving strange letters via snail mail that include malware-laden compact discs (CDs) apparently sent from China, KrebsOnSecurity has learned. This particular ruse, while crude and simplistic, preys on the curiosity of recipients who may be enticed into popping the CD into a computer.

Phishing 191
article thumbnail

CCTV and the GDPR – an overview for small businesses

IT Governance

As of 25 May 2018, organisations that use CCTV to capture images of individuals are processing personal data as defined by the GDPR (General Data Protection Regulation) and must comply with the Regulation’s requirements. If your business uses CCTV – whether for security or employee monitoring purposes – and you’re unsure about your obligations under the new law and how they differ from those of the DPA (Data Protection Act) 1998, this blog outlines some of the areas you need to consider.

GDPR 87
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Nation-State Spear Phishing Attacks Remain Alive and Well

Data Breach Today

Russians Tied to Hack Attacks, But 'Two-Factor' No Silver Bullet, Google Warns Spear phishing attacks are in the news again following the Justice Department's indictment of Russian military intelligence officers for alleged attacks against U.S. politicians and county and state election boards. Here's how to play better phishing defense.

Phishing 167
article thumbnail

DARPA Wants Research into Resilient Anonymous Communications

Schneier on Security

DARPA is funding research into resilient anonymous communications systems.

article thumbnail

Enterprise World recap -- The Intelligent and Connected Enterprise

AIIM

I recently spoke at the OpenText Enterprise World (#OTEW) conference in Toronto. Savvy travelers can probably tell from the photo on the left that I flew into Billy Bishop Airport, which in itself is an enjoyable and unique experience. Imagine, you can WALK from the airport to the Convention Center. I thought I would share a few notes about the Conference.

article thumbnail

What is machine learning?

IBM Big Data Hub

A 101 article on machine learning.

84
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Health Data Breach Tally: Lots of Hacks, Fewer Victims

Data Breach Today

Bigger Organizations 'Have Invested Wisely' in Breach Prevention. What About Smaller Ones? Hacker attacks are still dominating the data breaches added to the official federal tally so far this year. But compared to the mega-breaches of past years, this year's biggest hacks have been relatively small. Some security experts offer theories for why that's the case.

article thumbnail

Tips for your corporate file move: Seize the opportunity to improve

TAB OnRecord

A move is a great time to make changes to your records management program and a chance to improve the way your records are stored and handled. If you have had a big project in mind, now is the time, just follow these simple steps! Read More. The post Tips for your corporate file move: Seize the opportunity to improve appeared first on TAB Records Management Blog | TAB OnRecord.

article thumbnail

Digitalizing Core Business Processes — Part 2 of 3 — There is still a lot of work to do with basic process improvement

AIIM

In “ The State of Intelligent Information Management: Getting Ahead of the Digital Transformation Curve ,” AIIM made the case that every organization is on – or should be on! – a Digital Transformation journey. The heart of this Transformation journey is understanding, anticipating, and redefining internal and external customer experiences. AIIM believes that Digital Transformation effectiveness is imperiled by a rising tide of information chaos and confusion, and that rising tide of information

article thumbnail

How to Secure Your Accounts With Better Two-Factor Authentication

WIRED Threat Level

Two-factor authentication is a must, but don't settle for the SMS version. Use a more secure authenticator app instead.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Head of Hacked Bitcoin Exchange Pleads Guilty to US Charges

Data Breach Today

After Theft of 6,000 Bitcoins, Joe Montrose Obstructed FBI's Investigation Jon Montroll, the former operator of a bitcoin exchange that was hacked, leading to the theft of 6,000 bitcoins, has pleaded guilty to charges that he obstructed federal investigators and deceived investors by attempting to cover up the losses.

154
154
article thumbnail

Experts warn of new campaigns leveraging Mirai and Gafgyt variants

Security Affairs

Security experts are warning of an intensification of attacks powered by two notorious IoT botnets, Mirai and Gafgyt. Security experts are warning of a new wave of attacks powered by two botnets, Mirai and Gafgyt. Since the code of the infamous Mirai botnet was leaked online many variants emerged in the threat landscape. Satori , Masuta , Wicked Mirai , JenX , Omni, and the OMG botnet are just the last variants appeared online in 2018.

IoT 78
article thumbnail

GDPR After the Deadline — Part 1 of 3 — The emerging challenges tied to information privacy and security

AIIM

The GDPR’s May 25, 2018 deadline set in motion a mad compliance and security scramble not only for European companies, but also for any company doing business in Europe or with European customers. We just published a new market research report on GDPR. The purpose of this survey of 262 executives was to quantify – as close to the May 25th deadline as possible – the following three key issues related to GDPR: How do organizations view the emerging challenges tied to information privacy and securi

GDPR 83
article thumbnail

Amazon's Facial Recognition System Mistakes Members of Congress for Mugshots

WIRED Threat Level

Amazon has marketed its Rekognition facial recognition system to law enforcement. But in a new ACLU study, the technology confused 28 members of Congress with publicly available arrest photos.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Biggest Pediatric Hospital Breach Reported

Data Breach Today

105,000 Affected at Boys Town National Research Hospital A hacking incident at Boys Town National Research Hospital is the largest ever reported by a pediatric care provider or children's hospital, according to the federal health data breach tally. A wide variety of data on 105,000 individuals was exposed, opening the door to potential fraud.

article thumbnail

Retired Malware Samples: Everything Old is New Again

Lenny Zeltser

Finding real-world malware samples that illustrate practical analysis techniques is tricky. When training professionals how to reverse-engineer malware , I’ve gone through lots of malicious programs for the purpose of educational examples. Here are some of the samples that I’ve retired from the FOR610 course over the years, because they no longer seemed current or relevant.

article thumbnail

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

AIIM

This is the 11th post in a series on privacy by Andrew Pery. You might also be interested in: The Re-Permissioning Dilemma Under GDPR. Data Privacy and Open Data: Secondary Uses under GDPR. Three Critical Steps for GDPR Compliance. Mitigate Data Privacy and Security Risks with Machine Learning. The Privacy and Security Dichotomy. GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law.

GDPR 83