Sat.Nov 02, 2019 - Fri.Nov 08, 2019

article thumbnail

Understanding the Ripple Effect: Large Enterprise Data Breaches Threaten Everyone

Threatpost

Fallout from giants at the top is one of the largest drivers of cyber-impacts on everyday people and companies.

article thumbnail

The Growing Presence (and Security Risks) of IoT

Thales Cloud Protection & Licensing

As most of us know, IoT devices are on the rise in enterprise networks. According to McKinsey & Company , the proportion of organizations that use IoT products has grown from 13 percent in 2014 to 25 percent today. That pace is unlikely to slow down over the coming years; Pagely noted that organizations are still turning to IoT devices as a way to automate and optimize their business processes as well as save on energy costs.

IoT 122
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Website Cookie Consent: Is the Cookie Starting to Crumble?

Data Matters

Two important decisions have recently occurred relating to website operators’ use of cookies. First, the Court of Justice of the European Union (the “ CJEU ” or the “ Court ”) has issued its judgement in Planet49, a case which looked at the standards of consent and transparency for the use of cookies and similar technologies in the context of the e-Privacy Directive and the GDPR and determined that opt-out consent, by way of a pre-ticked checkbox, was insufficient to obtain GDPR-standard consen

GDPR 76
article thumbnail

Where should information management live in the organization?

AIIM

I returned to downtown Washington, DC, last week to teach the AIIM Foundations of Intelligent Information Management (FIIM) course. The class started with some icebreaker exercises, including asking the students to define, in their own words, “ What is information management? ” There were some fantastic definitions generated from the students for this and other discussion questions throughout the course.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Bill Would Create a Federal Digital Privacy Agency

Data Breach Today

Legislation Spells Out Privacy Rights and Enforcement Measures Two Democratic members of the U.S. House have proposed a national privacy law that calls for the formation of a new federal agency to enforce the privacy rights that it defines.

Privacy 113

More Trending

article thumbnail

Predictive analytics for detection and response

OpenText Information Management

Enterprise security professionals today can prevent many attacks on their organization’s endpoints, thanks to ever-improving defensive tools that work across public and private clouds as well as on premise. But would-be attackers are also continually working to step up their capabilities in the expanding IT landscape, so some attacks will inevitably slip through.

article thumbnail

Study: Ransomware, Data Breaches at Hospitals tied to Uptick in Fatal Heart Attacks

Krebs on Security

Hospitals that have been hit by a data breach or ransomware attack can expect to see an increase in the death rate among heart patients in the following months or years because of cybersecurity remediation efforts, a new study posits. Health industry experts say the findings should prompt a larger review of how security — or the lack thereof — may be impacting patient outcomes.

article thumbnail

NEW TECH: Can an ‘operational system of record’ alleviate rising knowledge worker frustrations?

The Last Watchdog

An undercurrent of discontent is spreading amongst knowledge workers in enterprises across the United States and Europe. Related: Phishing-proof busy employees White collar employees today have amazingly capable communications and collaboration tools at their beck and call. Yet the majority feel unsatisfied with narrow daily assignments and increasingly disconnected from the strategic goals of their parent organization.

article thumbnail

Analysis: Using Twitter for Espionage

Data Breach Today

The latest edition of the ISMG Security Report offers an analysis of how Twitter allegedly was used to spy on critics of the Saudi Arabian government. Also featured: A preview of the new NIST Privacy Framework and an update on business email compromise attacks.

Privacy 171
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

So, what did I think of ARMA InfoCon 2019? Here, let me tell you!

Weissman's World

ARMA InfoCon 2019 was an eye-opener, thanks in large part to a healthy injection of information governance into the proceedings. (Thanks, no doubt, to the merger of the Information Coalition with ARMA last year.) The detection of risk management as an overt emerging theme also set it apart from ARMA Conferences of recent vintage, which […]. The post So, what did I think of ARMA InfoCon 2019?

article thumbnail

NCR Barred Mint, QuickBooks from Banking Platform During Account Takeover Storm

Krebs on Security

Banking industry giant NCR Corp. [ NYSE: NCR ] late last month took the unusual step of temporarily blocking third-party financial data aggregators Mint and QuicBooks Online from accessing Digital Insight , an online banking platform used by hundreds of financial institutions. That ban, which came in response to a series of bank account takeovers in which cybercriminals used aggregation sites to surveil and drain consumer accounts, has since been rescinded.

Passwords 123
article thumbnail

NEW TECH: Silverfort deploys ‘multi-factor authentication’ to lock down ‘machine identities’

The Last Watchdog

From the start, two-factor authentication, or 2FA , established itself as a simple, effective way to verify identities with more certainty. Related: A primer on IoT security risks The big hitch with 2FA, and what it evolved into – multi-factor authentication, or MFA – has always been balancing user convenience and security. That seminal tension still exists today even as the global cybersecurity community is moving to extend MFA as a key security component in much more complex digital systems sp

article thumbnail

BlueKeep Attacks Arrive, Bearing Cryptomining Malware

Data Breach Today

Exploit Isn't a Worm, but Experts Remain Braced for Mayhem The cybersecurity community had been holding its breath in anticipation of mass attacks targeting the severe BlueKeep vulnerability in Windows, which Microsoft has patched. The first in-the-wild exploits have now been seen, although they don't appear to constitute an emergency - at least yet.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Specially Crafted ZIP archives allow bypassing secure email gateways

Security Affairs

Experts observed a new phishing campaign that used a specially crafted ZIP archive that was designed to bypass secure email gateways to distribute malware. Attackers have devised a new technique to distribute malware bypassing secure email gateways and other security solutions by using a specially crafted ZIP file. The structure of a ZIP archive contains compressed data, information about the compressed files and a single “End of Central Directory” (EOCD) record, that delimits the end of t

Archiving 111
article thumbnail

Twitter Insiders Allegedly Spied for Saudi Arabia

WIRED Threat Level

Hackers are one thing. But too few companies take the threat of an inside job seriously enough. .

Security 110
article thumbnail

How Adopting A Zero Trust Mentality Is Positive When It Comes To Staying Secure In the Cloud

Thales Cloud Protection & Licensing

In a previous blog post ( [link] ) we explored the relationship between GPDR and applications in the cloud. Trust is generally the foundation and basis of any good relationship, but when it comes to protecting your organization, sometimes a Zero Trust mentality is your best bet. Today, Zero Trust, is a tech buzz word heard often, but what is the thought process behind it?

Cloud 109
article thumbnail

Trend Micro Employee Sold Consumer Data to Scammers

Data Breach Today

Employee Has Been Fired; 68,000 Customers Affected A Trend Micro employee stole and then sold contact information for 68,000 of the company's consumer subscribers, which led to a raft of unsolicited tech support scam calls, the company says. The employee has been fired. The incident highlights the risk of insider threats.

Risk 165
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

First Cyber Attack ‘Mass Exploiting’ BlueKeep RDP Flaw Spotted in the Wild

Security Affairs

Experts have spotted the first mass-hacking campaign exploiting the BlueKeep exploit , crooks leverage the exploit to install a cryptocurrency miner. Security researchers have spotted the first mass-hacking campaign exploiting the BlueKeep exploit , the attack aims at installing a cryptocurrency miner on the infected systems. In May, Microsoft warned users to update their systems to address the remote code execution vulnerability dubbed BlueKeep , A few days later, the National Security Agency (

Honeypots 100
article thumbnail

Germany: Berlin data protection authority imposes EUR 14.5 million fine for “data cemetery”

DLA Piper Privacy Matters

On 30 October 2019, the Berlin Commissioner for Data Protection and Freedom of Information ( Berliner Beauftragte für Datenschutz und Informationsfreiheit – “ Berlin DPA ”) imposed an administrative fine of about EUR 14.5 million against Deutsche Wohnen SE for infringements of the General Data Protection Regulation (GDPR). Facts and legal evaluation by Berlin DPA.

GDPR 98
article thumbnail

[Podcast] Overcoming the Biggest Barriers to Going Paperless

AIIM

The dream of going paperless has been on the minds of businesses of all sizes and industries for years. The idea is simple - minimize the use of paper to reduce costs and carbon footprint while at the same time increasing operating efficiencies and profitability. But just because a concept is simple doesn’t mean it’s easy to implement. And so for many, the dream of a paperless office continues to be just that…a dream.

article thumbnail

Protecting Data in Sprawling Computing Environments

Data Breach Today

Sprawling computing environments - from cloud to containers to serverless - are posing challenges in maintaining visibility and determining if data is secure, says Mike Adler of RSA.

Cloud 162
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Hackers Can Use Lasers to ‘Speak’ to Your Amazon Echo or Google Home

WIRED Threat Level

By pointing lasers tuned to a precise frequency at a smart assistant, researchers could force it to unlock cars, open garage doors, and more.

IT 91
article thumbnail

Federal and State Authorities Increase Scrutiny and Enforcement of Children’s Privacy; Google, YouTube Agree to Pay a Record $170 Million Fine

Data Matters

This fall, scrutiny has increased on children’s privacy with the FTC and New York Attorney General’s announcement of the largest fine ever for violations of the Children’s Online Privacy Protection Act (“COPPA”), followed by FTC public workshops on updating the COPPA Rule. Combined with increased requirements for the sale of teen personal information under the California Consumer Privacy Act (“CCPA”), and calls for triple fines for children’s privacy violations under a potential CCPA 2.0 refere

Privacy 89
article thumbnail

HSTS From Top to Bottom or GTFO

Troy Hunt

We're pretty much at a "secure by default" internet these days, at least that's the assumption with most websites, particularly so in the financial sector. About 80% of all web pages are loaded over an HTTPS connection , browsers are increasingly naggy when anything isn't HTTPS and it's never been cheaper nor easier to HTTPS all your things. Which meant that this rather surprised me: Let me break down what's happening here: I'm in (yet another) hotel and on complete autopilot, I start typing "xe

article thumbnail

Chinese APT Group Targets Mobile Networks: FireEye Mandiant

Data Breach Today

New Malware 'Messagetap' Intercepts Communications for Espionage, Researchers Say The Chinese advanced threat group APT41 is using a new espionage tool to intercept SMS messages from specific phone numbers by infecting mobile telecommunication networks, according to the security firm FireEye Mandiant.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

What is multi-cloud anyway and why do we use it?

DXC Technology

Many companies are moving to multi-cloud deployments. For example, most EMEA and North American financial services businesses are moving to multi-clouds within the next two years. Gartner reports 81 percent of surveyed public cloud users are already working with multi-clouds. But, Gartner states that multi-cloud is a subset of hybrid clouds. I disagree.

Cloud 86
article thumbnail

Anonymous and LulzSecITA hacked professional orders and telephone operator Lyca Mobile

Security Affairs

The #FifthOfNovember has arrived, the Italian branch of Anonymous and LulzSecITA hacked websites of professional orders, prefecture of Naples, and also the telephone operator Lyca Mobile. The Million Mask March , also known as “Operation Vendetta” is a worldwide, annual protest associated with the hacktivist group Anonymous occurring annually on Guy Fawkes Day, the 5th of November.

Privacy 80
article thumbnail

The Story of Sandworm, the Kremlin's Most Dangerous Hackers

WIRED Threat Level

For three years, WIRED has tracked the elite and shadowy Russian vanguard of cyberwar.