Data Breach Today
SEPTEMBER 1, 2020
Poor Procedures for Discarding Old Equipment Led to Breach, Lawsuit Alleges A $5 million lawsuit seeking class action status has been filed against Morgan Stanley, claiming the financial organization failed to properly safeguard personally identifiable information when the company discarded old computer equipment.
AIIM
SEPTEMBER 3, 2020
Many organizations feel forced to keep legacy applications alive to retain access to historical data – either for customer service, operational requirements, or compliance. However, keeping these old systems running can use up resources that would be better deployed driving digital transformation. And relying on legacy technology creates business risk because these older systems are much harder to fix when things go wrong and more vulnerable to security threats.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
SEPTEMBER 3, 2020
You've possibly just found out you're in a data breach. The organisation involved may have contacted you and advised your password was exposed but fortunately, they encrypted it. But you should change it anyway. Huh? Isn't the whole point of encryption that it protects data when exposed to unintended parties? Ah, yes, but it wasn't encrypted it was hashed and therein lies a key difference: Saying that passwords are “encrypted” over and over again doesn’t make it so.
Security Affairs
AUGUST 31, 2020
Hackers target QNAP NAS devices running multiple firmware versions vulnerable to a remote code execution (RCE) flaw addressed by the vendor 3 years ago. Hackers are scanning the Internet for vulnerable network-attached storage (NAS) devices running multiple QNAP firmware versions vulnerable to a remote code execution (RCE) vulnerability addressed by the vendor 3 years ago.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Data Breach Today
AUGUST 29, 2020
Email Service Provider Moving to Implement Additional Security Measures Security professionals are expressing surprise that email service provider Sendgrid did not have multifactor authentication in place to protect its customer accounts, which resulted in a large, but unknown, number being compromised with the data being sold on the darknet.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
WIRED Threat Level
SEPTEMBER 2, 2020
Facing looming election threats and a ransomware epidemic, the bureau says it has revamped its process for warning hacking victims.
Security Affairs
SEPTEMBER 2, 2020
Hackers actively exploiting a critical remote code execution vulnerability in the File Manager plugin, over 300,000 WordPress sites potentially exposed. Hackers are actively exploiting a critical remote code execution vulnerability in the File Manager WordPress plugin that could be exploited by unauthenticated attackers to upload scripts and execute arbitrary code on WordPress sites running vulnerable versions of the plugin.
Data Breach Today
SEPTEMBER 1, 2020
Healthcare Organizations Facing More Cyberthreats Two recent hacking incidents that each affected more than 100,000 individuals illustrate the variety of cyberthreats healthcare organizations face during these chaotic times. Security experts offer risk mitigation insights.
Hunton Privacy
SEPTEMBER 2, 2020
On August 24, 2020, the Data Protection Authority (“DPA”) of the German federal state of Baden-Württemberg issued guidance on international data transfers following the judgment of the Court of Justice of the European Union (“CJEU”) in the Schrems II case (decision C-311/18 of July 16, 2020). As we previously reported , the judgment of the CJEU invalidated the EU-U.S.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
WIRED Threat Level
AUGUST 31, 2020
The ubiquitous Shlayer adware has picked up a new trick, slipping past Cupertino's “notarization” defenses for the first time.
Security Affairs
AUGUST 31, 2020
Cisco warns that threat actors are attempting to exploit a high severity DoS flaw in its Cisco IOS XR software that runs on carrier-grade routers. Cisco warned over the weekend that attackers are trying to exploit a high severity memory exhaustion denial-of-service (DoS) vulnerability ( CVE-2020-3566 ) affecting the Cisco IOS XR Network OS that runs on carrier-grade routers.
Data Breach Today
AUGUST 29, 2020
Sudhish Kasaba Ramesh Caused $1.4 Million in Damages to Former Employer A one-time Cisco engineer has pleaded guilty to causing $1.4 million in damages to his former employer. Sudhish Kasaba Ramesh admitted to deleting 456 virtual machines that affected 16,000 WebEx accounts for weeks, according to the Justice Department.
Dark Reading
SEPTEMBER 1, 2020
Mass domain purchasing enables email attackers to slip by traditional defenses. Here's how artificial intelligence can stop them.
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
WIRED Threat Level
SEPTEMBER 4, 2020
Police increasingly ask Google and other tech firms for data about who was where, when. Two judges ruled the investigative tool invalid in a Chicago case.
Security Affairs
SEPTEMBER 4, 2020
The U.S. Department of Defense has disclosed the details about four critical and high severity vulnerabilities in its infrastructure. The U.S. Department of Defense has disclosed details of four vulnerabilities in its infrastructure, two high severity rating issues and other two critical flaws. The vulnerabilities could be exploited by threat actors to hijack a subdomain, execute arbitrary code remotely, or view files on the vulnerable system.
Data Breach Today
SEPTEMBER 4, 2020
What privacy and security issues are raised by patients using smartphone apps to access health records? Attorney Helen Oscislawski and security expert Jarrett Kolthoff offer an analysis.
DXC Technology
AUGUST 31, 2020
Like many others, my family and I have done our best to enjoy the unexpectedly large amount of time we have together at home due to social distancing guidelines. Adjusting to the new normal, we have relied heavily on Internet access not only for work and school, but to stay sane and keep the peace. […]. The post Remote work requirement exposes the corporate digital divide appeared first on DXC Blogs.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Threatpost
SEPTEMBER 3, 2020
The NSA argued its mass surveillance program stopped terrorist attacks - but a new U.S. court ruling found that this is not, and may have even been unconstitutional.
Security Affairs
AUGUST 29, 2020
North Korea-linked APT group BeagleBoyz intensified its operations since February, US CISA, Department of the Treasury, FBI, and USCYBERCOM warn. According to a joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury, the Federal Bureau of Investigation (FBI), and U.S. Cyber Command (USCYBERCOM) North Korea-linked APT group BeagleBoyz was very active since February 2020 targeting banks across the world.
Data Breach Today
SEPTEMBER 1, 2020
Facebook Takes Down Accounts Associated with Russia's 'Internet Research Agency' Troll Farm Facebook says the Russian troll group that interfered in the 2016 U.S. election is at it again, using sham accounts and a fake news site to spread disinformation in advance of the November election. Facebooks says it took down the accounts involved.
Dark Reading
SEPTEMBER 2, 2020
One person's exit can set off a chain of costly events.
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
Threatpost
SEPTEMBER 4, 2020
A phishing campaign uses overlay screens and email 'quarantine' policies to steal targets' Microsoft Outlook credentials.
Security Affairs
AUGUST 30, 2020
The npm security team removed a malicious JavaScript library from the npm repository that was designed to steal sensitive files from the victims. The npm security team has removed the JavaScript library “ fallguys ” from the npm portal because it was containing a malicious code used to steal sensitive files from an infected users’ browser and Discord application.
Data Breach Today
AUGUST 31, 2020
It's Unclear Who Owns the Data and If Those Affected Will Be Notified About 54,000 Australian driver's licenses were exposed in an open Amazon Simple Storage Service bucket, according to a security researcher. It remains unclear what entity or agency exposed the data and whether those affected will be notified.
WIRED Threat Level
AUGUST 30, 2020
Your laptop is a treasure trove of personal and sensitive information—make sure it's as secure as it can be.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
DXC Technology
SEPTEMBER 1, 2020
Following this year’s extraordinary events, our retail bank partners have been asking to rapidly implement contactless solutions that minimize touch points for customers. Current circumstances aside, research indicates that contactless is just one part of the future retail banking landscape. In the long term, banks will grow their customer bases and portfolios by offering frictionless […].
Security Affairs
AUGUST 29, 2020
Researchers with ETH Zurich have identified vulnerabilities in the implementation of the payment card EMV standard that can allow bypassing PIN verification. Researchers David Basin, Ralf Sasse, and Jorge Toro-Pozo from the department of computer science at ETH Zurich discovered multiple vulnerabilities in the implementation of the payment card EMV standard that allow hackers to carry out attacks targeting both the cardholder and the merchant.
Data Breach Today
SEPTEMBER 2, 2020
Darknet Market Is the Latest to See Administrators Steal Users' Cryptocurrency Message to anyone who placed or fulfilled an order via the world's largest darknet market, Empire, in recent weeks: Say bye-bye to your cryptocurrency. It's increasingly clear that Empire's administrators "exit scammed," closing up shop and leaving with a horde of digital currency.
Expert insights. Personalized for you.
363 
Let's personalize your content