Sat.Mar 09, 2019 - Fri.Mar 15, 2019

article thumbnail

Recapping RSA Conference 2019: No Silver Bullet for Security

Thales Cloud Protection & Licensing

I was really looking forward to participating in RSA 2019 and it was a great event. There was tremendous energy and buzz in our booth and on the show floor. The lively interactions in our booth validated that the Vormetric product line is still highly relevant and solves many of today’s challenges as customers move controls closer to the data, and also migrate their data to the cloud.

article thumbnail

These Cookie Warning Shenanigans Have Got to Stop

Troy Hunt

This will be short, ranty and to the point: these warnings are getting ridiculous: I know, tell you something you don't know! The whole ugly issue reared its head again on the weekend courtesy of the story in this tweet: I’m not sure if this makes it better or worse. “Cookie walls don't comply with GDPR, says Dutch DPA”: [link] — Troy Hunt (@troyhunt) March 8, 2019.

Privacy 98
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

On Surveillance in the Workplace

Schneier on Security

Data & Society just published a report entitled " Workplace Monitoring & Surveillance ": This explainer highlights four broad trends in employee monitoring and surveillance technologies: Prediction and flagging tools that aim to predict characteristics or behaviors of employees or that are designed to identify or deter perceived rule-breaking or fraud.

article thumbnail

Cover Your NAS Against Nasty Cr1ptT0r Ransomware

Data Breach Today

Crypto-Locking Extortion Targets Internet-Exposed D-Link Devices Criminals wielding a new strain of ransomware called Cr1ptT0r are targeting network-attached storage users. The campaign was first discovered in February after owners of D-Link network storage enclosures reported that their devices were being crypto-locked.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Insert Skimmer + Camera Cover PIN Stealer

Krebs on Security

Very often the most clever component of your typical ATM skimming attack is the hidden pinhole camera used to record customers entering their PINs. These little video bandits can be hidden 100 different ways, but they’re frequently disguised as ATM security features — such as an extra PIN pad privacy cover, or an all-in-one skimmer over the green flashing card acceptance slot at the ATM.

Privacy 231

More Trending

article thumbnail

Defining Intelligent Information Management

AIIM

Recently AIIM released an industry watch report titled, The State of Information Management, Getting Ahead of the Digital Information Curve. In it, AIIM makes the case that every organization is on — or should be on — a Digital Transformation journey. At the heart of this transformation journey is the need to understand, anticipate and redefine internal and external customer experiences.

article thumbnail

Citrix Hacked by Password-Spraying Attackers, FBI Warns

Data Breach Today

Cyber-Espionage Campaign Appears Separate to Recent Credential-Stuffing Breach Citrix Systems is investigating a suspected hack attack, resulting in the theft of business documents, after being tipped off by the FBI. The breach alert follows Citrix recently disclosing that in late 2018, hackers breached some of its customers' accounts via credential-stuffing attacks.

Passwords 265
article thumbnail

Ad Network Sizmek Probes Account Breach

Krebs on Security

Online advertising firm Sizmek Inc. [ NASDAQ: SZMK ] says it is investigating a security incident in which a hacker was reselling access to a user account with the ability to modify ads and analytics for a number of big-name advertisers. In a recent posting to a Russian-language cybercrime forum, an individual who’s been known to sell access to hacked online accounts kicked off an auction for “the admin panel of a big American ad platform.” “You can add new users to the

Passwords 230
article thumbnail

MY TAKE: What the Ethiopian 737 Max 8 crash should tell us about the safety of ‘smart’ jetliners

The Last Watchdog

When news broke about the crash of a Ethiopian Airlines Boeing 737, the first question that popped into my head was whether an older 737 model, still using the flawed rudder actuator, might have been involved. Related: Historical context of the rudder flaws on older model 737s. Of course it was actually the newest iteration of the 737, the Max 8. I’m no longer covering aviation.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

CVE-2019-0797 Windows Zero-Day exploited by FruityArmor and SandCat APT Groups

Security Affairs

One of the zero-day flaws ( CVE-2019-0797 ) patched this week by Microsoft has been exploited in targeted attacks by several threats groups, including FruityArmor and SandCat APT groups. This week, Microsoft released Patch Tuesday security updates for March 2019 that address 64 flaws, including two Windows zero-day vulnerabilities exploited in targeted attacks.

article thumbnail

Breach of 'Verifications.io' Exposes 763 Million Records

Data Breach Today

Experts Question How 'Big Data Email Verification Platform' Amassed Information Verifications.io, a self-described "big data email verification platform," has suffered a massive breach. Security researcher Bob Diachenko said he discovered the site was exposing 763 million records.

Big data 245
article thumbnail

Patch Tuesday, March 2019 Edition

Krebs on Security

Microsoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer , Edge , Office and Sharepoint. If you (ab)use Microsoft products, it’s time once again to start thinking about getting your patches on. Malware or bad guys can remotely exploit roughly one-quarter of the flaws fixed in today’s patch batch without any help from users.

Security 197
article thumbnail

NEW TECH: CyberGRX seeks to streamline morass of third-party cyber risk assessments

The Last Watchdog

When Target fired both its CEO and CIO in 2014, it was a wake-up call for senior management. The firings came as a result of a massive data breach which routed through an HVAC contractor’s compromised account. C-suite execs across the land suddenly realized something similar could happen to them. So they began inundating their third-party suppliers with “bespoke assessments” – customized cyber risk audits that were time consuming and redundant.

Risk 165
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Severe RCE vulnerability affected popular StackStorm Automation Software

Security Affairs

The security researcher Barak Tawilyhas discovered a severe vulnerability, tracked as CVE-2019-9580, in the popular, open source event-driven platform StackStorm. According to the expert, the flaw could be exploited by a remote attacker to trick developers into executing arbitrary commands on targeted services. StackStorm has been used to automate workflows in many industries, it allows developers to configure actions, workflows, and scheduled tasks, to perform some operations on large-scale ser

article thumbnail

Hackers Love to Strike on Saturday

Data Breach Today

Analysis of Pre-GDPR Breach Reports in UK Reveals Attack Trends If you had to guess what day of the week a hacker will hit your organization, the answer might seem obvious: Hackers prefer to strike on Saturday. And a review by Redscan of cybersecurity incidents reported to Britain's privacy regulator before GDPR took effect confirms it.

GDPR 243
article thumbnail

New Film Shows How Bellingcat Cracks the Web's Toughest Cases

WIRED Threat Level

*Truth in a Post Truth World* takes a closer look at a team of remarkably resourceful investigative journalists.

Security 111
article thumbnail

MY TAKE: Microsoft’s Active Directory lurks as a hackers’ gateway in enterprise networks

The Last Watchdog

Many of our online activities and behaviors rely on trust. From the consumer side, for example, we trust that the business is legitimate and will take care of the sensitive personal information we share with them. But that level of trust goes much deeper on the organizational side. Related: The case for ‘zero-trust’ authentication. Employees are given credentials that allow them authorized access to corporate networks and databases.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Mysterious open database included ‘BreedReady’ status for 1.8 Million Women

Security Affairs

Expert found an open database in China containing the personal information of more than 1.8 million women, including a strange “BreedReady” status. Another data leak made the headlines, this time a database containing a creepy set of details collected on more than 1.8 million women in China was left unprotected online. The huge trove of data included personal info (i.e. name, age, and date of birth, phone numbers, addresses) along with a “BreedReady” status.

Archiving 111
article thumbnail

The Role of 'Prosilience' in IoT Security

Data Breach Today

The latest edition of the ISMG Security Report features a discussion of the role of "prosilience" in IoT security, plus the problem of overnotification under GDPR and the notion of "Spartacus as a Service.

IoT 239
article thumbnail

How Hackers Pulled Off a $20 Million Mexican Bank Heist

WIRED Threat Level

Welcome to the world of fake accounts, phantom funds, and money mules.

Security 111
article thumbnail

Top 10 Takeaways from RSA Conference 2019

eSecurity Planet

After five days of sessions, events and demos, what were the key cybersecurity themes that emerged at RSA Conference 2019?

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

It is the first time in the history that civic groups hold a protest against a national CERT

Security Affairs

Demonstration in front of the National CERT of Philippines for failing to act on cyber attacks targeting regime critical media and civil society organizations. On March 12, the World Day Against Cyber-Censorship, media and civil society organizations in Philippines held a demonstration in front of NCERT (National Computer Emergency Response Team) to protest against the negligence of the NCERT to support the investigation of the three months’ long Distributed Denial of Service attacks against reg

IT 111
article thumbnail

Georgia County Pays $400,000 to Ransomware Attackers

Data Breach Today

Cybercrime Gang Wielding Ryuk Eyed as Culprit Officials in Jackson County, Georgia, along with the FBI are investigating a ransomware attack that crippled IT systems over a two-week period and reportedly led local officials to pay a bitcoin ransom worth $400,000 to restore systems and infrastructure.

article thumbnail

Firefox Send Is an Easy Way to Share Large Files Securely

WIRED Threat Level

Mozilla has made public an encrypted file-sharing service with a self-destruct twist.

article thumbnail

With Privacy as Its Shield, Facebook Hopes To Conquer the Entire Internet.

John Battelle's Searchblog

Never mind that man behind the privacy curtain. I’ll never forget a meal I had with a senior executive at Facebook many years ago, back when I was just starting to question the motives of the burgeoning startup’s ambition. I asked whether the company would ever support publishers across the “rest of the web” – perhaps through an advertising system competitive with Google’s AdSense.

Privacy 103
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Vulnerabilities in car alarm systems exposed 3 million cars to hack

Security Affairs

Security experts at Pen Test Partners discovered several vulnerabilities in two smart car alarm systems put three million vehicles globally at risk of hack. The flaws could be exploited by attackers to disable the alarm, as well as track and unlock the vehicles using it, or to start and stop the engine even when the car was moving. The experts also demonstrated that it is possible to snoop on drivers’ conversations through a microphone that is built into one of the car alarm systems, ̶

article thumbnail

Ursnif Banking Trojan Variant Steals More Than Financial Data

Data Breach Today

Researchers Say Latest Version Evades Detection A variant of the long-running Ursnif banking Trojan is able to better evade security protection and has the ability to steal not only financial information but also email user accounts, the content of inboxes and digital wallets, researchers report.

Security 232
article thumbnail

763M Email Addresses Exposed in Latest Database Misconfiguration Episode

Dark Reading

MongoDB once again used by database admin who opens unencrypted database to the whole world.

102
102