WIRED Threat Level

MAY 22, 2019

Facial recognition technology has proliferated unchecked in the US so far. Congress finally seems ready to do something about it.

IT 90

IT Privacy Security 90

Data Breach Today

MAY 21, 2019

Email Addresses, Phone Numbers Potentially Exposed There's been a potential leak of personally identifiable information from Instagram, but it's not clear yet whether the data on 49 million users came directly from the social media company. A database that was left online without password protection has since been taken down.

Passwords 217

Passwords IT 217

Krebs on Security

MAY 22, 2019

Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Such scams typically notify the recipient that he/she is being sued, and instruct them to review the attached file and respond within a few days — or else. Here’s a look at a recent spam campaign that peppered more than 100,000 business email addresses with fake legal threats harboring malware.

Phishing 279

Phishing Encryption Passwords Ransomware 279

The Last Watchdog

MAY 22, 2019

Social media consumers are getting wise to the joke that when the product is free, they’re the ones being sold. But despite the growing threat of consumer exploitation, Washington still shrinks from confronting our social media giants. Why? Because the social giants have convinced the chattering class that America simply can’t do without them. Confront the industry, we’re told, and you might accidentally kill it ?

Personal data 202

Personal data Privacy IT 202

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

IT Governance

MAY 20, 2019

Earthquake. Flood. Cyber attack. The threat of disruption looms over organisations more ominously than ever, thanks to the increasing infiltration of technology in business processes, consumer expectations and the rapid rise in cyber crime. You’ll rarely get advance warning about disruptions, so you need to prepare for whatever might come your way with a BCP (business continuity plan).

Communications 109

Communications Risk IT Data breaches 109

Krebs on Security

MAY 24, 2019

The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. [ NYSE:FAF ] leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images — were available without authentication to anyone with a Web browser.

Insurance 279

Insurance Authentication Mining Sales 279

The Last Watchdog

MAY 20, 2019

Even if your company issues you a locked-down smartphone, embracing best security practices remains vital Our smartphones. Where would we be without them? Related Q&A: Diligence required of Android users If you’re anything like me, making a phone call is the fifth or sixth reason to reach for your Android or iPhone. Whichever OS you favor, a good portion of the key components that make up your digital life — email, texting, social media, shopping, banking, hobbies, and work duties — now rout

Manufacturing 138

Manufacturing Authentication Security Marketing 138

Security Affairs

MAY 20, 2019

Experts discovered a privilege escalation vulnerability in the Linux Kernel, tracked as CVE-2019-11815, that affects the implementation of RDS over TCP. Experts discovered a memory corruption vulnerability in Linux Kernel that resides in the implementation of the Reliable Datagram Sockets (RDS) over TCP. The vulnerability tracked as CVE-2019-11815 could lead to privilege escalation, it received a CVSS base score of 8.1.

Cleanup 111

Cleanup Security Cybersecurity Access 111

Data Breach Today

MAY 20, 2019

Drones May Be Sending Data Back to China, According to News Reports The Department of Homeland Security is warning that Chinese-made drones could be sending sensitive data back to their manufacturers, where it can be accessed by the government, according to news reports.

Manufacturing 257

Manufacturing Government Access Security 257

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Krebs on Security

MAY 18, 2019

Ogusers[.]com — a forum popular among people involved in hijacking online accounts and conducting SIM swapping attacks to seize control over victims’ phone numbers — has itself been hacked, exposing the email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 forum users. On May 12, the administrator of OGusers explained an outage to forum members by saying a hard drive failure had erased several months’ worth of private messages, forum post

Passwords 242

Passwords Phishing Access Security 242

AIIM

MAY 22, 2019

Good news - we’ve updated Certified Information Professional (CIP) exam! For the last six months, a group of very experienced subject matter experts has been revising the CIP exam, program, and training. With any change comes questions, so I thought I would take some time to answer some of the ones I’m sure you’re asking. Why did you update the CIP?

ECM 85

ECM Content services Compliance Analytics 85

Security Affairs

MAY 18, 2019

Unistellar attackers have already wiped roughly 12,000 unsecured MongoDB databases exposed online over the past three. Every time hackers deleted a MongoDB database they left a message asking the administrators to contact them to restore the data. Unfortunately, the criminal practice of deleting MongoDB databases and request a ransom to restore data is common, experts observed several campaigns targeting unsecured archive exposed online.

Archiving 111

Archiving Cybersecurity Security IT 111

Data Breach Today

MAY 22, 2019

Passwords Remained Encrypted for Enterprise Users Google is notifying administrators and users of its business-oriented G Suite product that the company had been storing unhashed passwords for years because of a flaw in the platform. The company believes no customer data was leaked and that all passwords remained encrypted.

Passwords 233

Passwords Encryption IT 233

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Schneier on Security

MAY 24, 2019

Der Spiegel is reporting that the German Ministry for Internal Affairs is planning to require all Internet message services to provide plaintext messages on demand, basically outlawing strong end-to-end encryption. Anyone not complying will be blocked, although the article doesn't say how. (Cory Doctorow has previously explained why this would be impossible.).

Encryption 105

Encryption 105

Troy Hunt

MAY 21, 2019

Sometimes the discussion around extended validation certificates (EV) feels a little like flogging a dead horse. In fact, it was only September that I proposed EV certificates are already dead for all sorts of good reasons that have only been reinforced since that time. Yet somehow, the discussion does seem to come up time and again as it did following this recent tweet of mine: Always find comments like this amusing: “The main concern about SSL certificates is that all of them are losing their

Phishing 101

Phishing Mining IT Security 101

Security Affairs

MAY 24, 2019

Most of the digital certificates used to sign malware samples found on VirusTotal have been issued by the Certificate Authority (CA) Comodo CA. Most of the digital certificates used to sign malware samples found on VirusTotal in 2018 have been issued by the Certificate Authority (CA) Comodo CA (aka Sectigo ). Chronicle’s security researchers have analyzed submissions May 7, 2018, and May 7, 2019 discovering that out of a total of 3,815 signed malware samples, 1,775 were signed using a digital ce

Security 110

Security Cybersecurity Access IT 110

Data Breach Today

MAY 21, 2019

Several Organizations Have Avoided Paying Ransoms, Thanks to Backup Plans Several recently reported breaches involving ransomware attacks in which organizations recovered without paying a ransom to extortionists offer a glimmer of hope that healthcare entities are getting better prepared to deal with such incidents.

Ransomware 194

Ransomware 194

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Schneier on Security

MAY 22, 2019

This clever attack allows someone to uniquely identify a phone when you visit a website, based on data from the accelerometer, gyroscope, and magnetometer sensors. We have developed a new type of fingerprinting attack, the calibration fingerprinting attack. Our attack uses data gathered from the accelerometer, gyroscope and magnetometer sensors found in smartphones to construct a globally unique fingerprint.

Paper 105

Paper 105

Adam Levin

MAY 24, 2019

Google announced a glitch that stored unencrypted passwords belonging to several business customers, a situation that had been exploitable since 2005. In a blog post released this week, the company admitted the passwords of “some” of its G Suite customers had been stored on internal servers without cryptographic protection, also known as a hash. “This issue has been fixed and, again, we have seen no evidence of improper access to or misuse of the affected passwords.

Passwords 99

Passwords Systems administration Encryption Privacy 99

Security Affairs

MAY 20, 2019

Security researchers from Chronicle, Alphabet’s cyber-security division, have spotted a Linux variant of the Winnti backdoor. Security experts from Chronicle, the Alphabet’s cyber-security division, have discovered a Linux variant of the Winnti backdoor. It is the first time that researchers found a Linux version of the backdoor user by China-linked APT groups tacked as Winnti.

Healthcare 111

Healthcare Communications Libraries Access 111

Data Breach Today

MAY 20, 2019

"If You See Something, Say Something' Applies to Banks, Money Laundering It's been nearly seven years since HSBC was fined $1.9 billion by U.S. authorities for money laundering violations involving international drug cartels. But Everett Stern, the former employee who blew the whistle on the bank, continues to tell his story because he believes similar criminal activity is ongoing.

IT 180

IT 180

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Thales Cloud Protection & Licensing

MAY 24, 2019

It’s been one year since the European Union (EU) enforced the General Data Protection Regulation (GDPR) 1 , a legislation designed to protect the personal data of EU citizens and lay specific rules and guidelines on how their data is collected, stored, processed and deleted by various entities. GDPR requires that organizations must disclose to national Data Protection Agencies (DPAs) any breaches of security leading to “the accidental or unlawful destruction, loss, alteration, unauthorized discl

Data breaches 93

Data breaches GDPR Personal data Compliance 93

Schneier on Security

MAY 20, 2019

This law review article by Noam Kolt, titled " Return on Data ," proposes an interesting new way of thinking of privacy law. Abstract: Consumers routinely supply personal data to technology companies in exchange for services. Yet, the relationship between the utility (U) consumers gain and the data (D) they supply -- "return on data" (ROD) -- remains largely unexplored.

Personal data 95

Personal data Privacy Marketing 95

Security Affairs

MAY 24, 2019

Getting your paycheck deposited directly into your bank account seems like a handy solution but in some cases. hackers can access them. Getting your paycheck deposited directly into your bank account seems like a handy solution because you don’t have to pick up the check from your workplace and take it to the bank to deposit it. It works well in many cases but is not immune to hackers.

Access 110

Access IT Phishing Cybersecurity 110

Data Breach Today

MAY 24, 2019

McKinsey CISO Dan Fitzgerald on DevSecOps and the Future of Cloud Security Migrating from on-premises data security to the cloud and then embedding security in the application development process are common challenges for enterprises. Dan Fitzgerald, a CISO at the consultancy McKinsey & Co., shares insights on how to make these transitions.

Cloud 199

Cloud Security 199

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

Dark Reading

MAY 24, 2019

Real estate title firm reportedly has closed a hole in its website that had left hundreds of millions of real estate tile insurance files accessible without authentication, according to KrebsOnSecurity.

Insurance 94

Insurance Authentication Access IT 94

WIRED Threat Level

MAY 21, 2019

On the heels of embarrassing disclosures from Facebook and Twitter, Google reveals its own password bugs—one of which lasted 14 years.

Passwords 109

Passwords IT Security 109

Security Affairs

MAY 24, 2019

Snapchat internal staff has allegedly abused their role in the company to spy on Snapchat users using and internal tools and steal data. Snapchat is a multimedia messaging app that makes pictures, videos, and messages (snaps) available for a short time before they become inaccessible to their recipients. Initially, it was only allowing person-to-person photo sharing, but now it also implements users’ “Stories” of 24 hours of chronological content.

Access 109

Access Privacy Cybersecurity Security 109