Sat.Nov 09, 2019 - Fri.Nov 15, 2019

article thumbnail

Post-GDPR Developments on Data Protection and Privacy Regulations Around the World

Thales Cloud Protection & Licensing

In the modern era of a global information economy, every single day, enormous amounts of information are transmitted, stored and collected worldwide. All these transactions are made possible by the massive technological advancements in our computing and networking capabilities that have materialized in recent years. These technological advancements not only changed the landscape of our global online, social, economic and financial endeavors but also brought numerous changes in privacy and data p

GDPR 110
article thumbnail

7 Takeaways: Insider Breach at Twitter

Data Breach Today

Bribing Employees Easier Than Hacking Silicon Valley, Security Experts Say Why try to hack Silicon Valley firms if you can buy off their employees instead? Such allegations are at the heart of a criminal complaint unsealed last week by the Justice Department, charging former Twitter employees with being Saudi agents. Experts say tech firms must hunt for employees gone rogue.

Security 174
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

More than half of IT staff think employees need cyber security training

IT Governance

Cyber security awareness training is one of the most important steps an organisation can take to protect its systems. Sure, you need anti-malware tech and firewalls to prevent cyber attacks, and you definitely need to back up sensitive files in case they’re lost or stolen, but who handles all that information? Your staff. And if they don’t know what they should be doing, all your other defences will be for nothing.

IT 54
article thumbnail

Orcus RAT Author Charged in Malware Scheme

Krebs on Security

In July 2016, KrebsOnSecurity published a story identifying a Toronto man as the author of the Orcus RAT , a software product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. This week, Canadian authorities criminally charged him with orchestrating an international malware scheme. An advertisement for Orcus RAT.

Marketing 208
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

SHARED INTEL: What can be done — today — to keep quantum computing from killing encryption

The Last Watchdog

There’s little doubt that the shift to quantum computing will open new horizons of digital commerce. But it’s also plain as day that the mainstreaming of quantum processing power will profoundly exacerbate cybersecurity exposures. Related: The ‘post quantum crytpo’ race is on This isn’t coming as any surprise to IT department heads. In fact, there’s widespread recognition in corporate circles that the planning to address fresh cyber risks associated with quantum computing should hav

More Trending

article thumbnail

Regulation of AI-Based Applications: The Inevitable New Frontier

AIIM

According to the 2019 IDC study of spending on Artificial Intelligence (AI), it's estimated to reach $35.8 billion in 2019 and is expected to double by 2022 to $ 79.2 billion representing an annual growth rate of 38% for the period 2018-2022. The economic benefits and utility of AI technologies are clear and compelling. No doubt, applications of AI may address some of the most vexing social challenges such as health, the environment, economic empowerment, education, and infrastructure.

article thumbnail

Retailer Orvis.com Leaked Hundreds of Internal Passwords on Pastebin

Krebs on Security

Orvis , a Vermont-based retailer that specializes in high-end fly fishing equipment and other sporting goods, leaked hundreds of internal passwords on Pastebin.com for several weeks last month, exposing credentials the company used to manage everything from firewalls and routers to administrator accounts and database servers, KrebsOnSecurity has learned.

Retail 203
article thumbnail

Facebook is secretly using iPhone’s camera as users scroll their feed

Security Affairs

New problems for Facebook, it seems that the social networking giant is secretly using the camera while iPhone users are scrolling their feed. Is this another privacy issue for Facebook? The iPhone users Joshua Maddux speculates that Facebook might be actively using your camera without your knowledge while you’re scrolling your feed. Maddux published footage on Twitter that shows the camera o n his iPhone that is active while he scrolls through his feed.

Privacy 112
article thumbnail

Microsoft Will Apply California's Privacy Law Nationwide

Data Breach Today

Company's Move Could Influence Other Technology Companies Microsoft will apply the core rights of the California Consumer Privacy Act across all its customers in the U.S., which could nudge other technology companies in the same direction as online privacy becomes an increasing concern. The move is significant in that the technology industry has lobbied against parts of the law.

Privacy 202
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

First multi-million GDPR fine in Germany: €14.5 million for not having a proper data retention schedule in place

Data Protection Report

On October 30, 2019 the Berlin Commissioner for Data Protection and Freedom of Information ( Berliner Beauftragte für Datenschutz und Informationsfreiheit – Berlin DPA ) issued a €14.5 million fine on a German real estate company, die Deutsche Wohnen SE ( Deutsche Wohnen ), the highest German GDPR fine to date. The infraction related to the over retention of personal data.

GDPR 106
article thumbnail

Documentation Theory for Information Governance

ARMA International

This article is part of a collaboration between ARMA and AIEF and is included in Information Management Magazine, ARMA-AIEF Special Edition , which will be available for download in November. A printed version of the special issue will be available as well, for a nominal fee. Documentation the Emblem of Modern Society? Documentation is a central feature of the contemporary world.

article thumbnail

Mexican state-owned oil company Pemex hit by ransomware

Security Affairs

On S unday , the Mexican state-owned oil company Petróleos Mexicanos (Pemex) was infected with the DoppelPaymer ransomware. On Sunday, a piece of the DoppelPaymer ransomware infected systems of the Mexican state-owned oil company Petróleos Mexicanos (Pemex) taking down part of its network. The ransom amount for Pemex is 565 BTC currently… Also, DoppelPaymer's TOR site's text was updated sometimes & now have this: "Also, we have gathered all your private sensitive data.

article thumbnail

Ransomware: Mexican Oil Firm Reportedly Refuses to Pay Up

Data Breach Today

State-Owned Pemex Still Recovering From Attack Pemex, Mexico's state-run oil company, is refusing to pay attackers a $5 million ransom after a ransomware attack against the firm's administrative offices, according to news reports. The company is still attempting to recover.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Identifying and Arresting Ransomware Criminals

Schneier on Security

The Wall Street Journal has a story about how two people were identified as the perpetrators of a ransomware scheme. They were found because -- as generally happens -- they made mistakes covering their tracks. They were investigated because they had the bad luck of locking up Washington, DC's video surveillance cameras a week before the 2017 inauguration.

article thumbnail

Cybersecurity: An Organizationwide Responsibility

Dark Reading

C-suite execs must set an example of good practices while also supporting the IT department with enough budget to protect the organization from next-generation cyberattacks.

article thumbnail

DDoS-for-Hire Services operator sentenced to 13 months in prison

Security Affairs

Sergiy P. , the administrator of DDoS-for-hire services was sentenced to 13 months in prison, and additional three years of supervised release. Sergiy P. Usatyuk , a man that was operating several DDoS-for-hire services was sentenced to 13 months in prison, and additional three years of supervised release. DDoS-for-hire services , aka stressers or booters , allows crooks to launch large scale DDoS attacks by paying a subscription fee. “An Orland Park, Illinois, resident was sentenced yeste

article thumbnail

Report Calls for Enforcing Voting Machine Standards

Data Breach Today

Study Recommends Federal Certification Program for Vendors Providing Election Infrastructure A new report calls for the creation of a federal certification program that makes sure vendors that build election infrastructure - including voting machines - meet cybersecurity standards.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

TPM-Fail Attacks Against Cryptographic Coprocessors

Schneier on Security

Really interesting research: TPM-FAIL: TPM meets Timing and Lattice Attacks , by Daniel Moghimi, Berk Sunar, Thomas Eisenbarth, and Nadia Heninger. Abstract: Trusted Platform Module (TPM) serves as a hardware-based root of trust that protects cryptographic keys from privileged system and physical adversaries. In this work, we per-form a black-box timing analysis of TPM 2.0 devices deployed on commodity computers.

article thumbnail

Soft Skills: 6 Nontechnical Traits CISOs Need to Succeed

Dark Reading

Degrees, certifications, and experience are all important to career development, but mastering the people side of the equation may matter a whole lot more, CISOs say.

85
article thumbnail

Bad News: AI and 5G Are Expected to Worsen Cybersecurity Risks

Security Affairs

Experts believe Artificial intelligence (AI) could introduce new cybersecurity concerns, and that the upcoming 5G network could pose new risks as well. Information Risk Management (IRM) recently published its 2019 Risky Business Report. The document shows the results of polling decision-makers in the cybersecurity and risk management sectors to get their expert opinions on things like the changing threat landscape, corporate decision-making about cybersecurity and other pertinent topics.

article thumbnail

The Dark Web's Automobile Hacking Forums

Data Breach Today

There are robust and detailed discussions in cybercriminal forums on how to attack modern vehicles, seeking clandestine methods to steal cars, says Etan Maor of IntSights. Luckily, hackers aren't aiming to remotely trigger an accident, but there are broader concerns as vehicles become increasingly computerized.

173
173
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Technology and Policymakers

Schneier on Security

Technologists and policymakers largely inhabit two separate worlds. It's an old problem, one that the British scientist CP Snow identified in a 1959 essay entitled The Two Cultures. He called them sciences and humanities, and pointed to the split as a major hindrance to solving the world's problems. The essay was influential -- but 60 years later, nothing has changed.

article thumbnail

EU: New Guidelines on the concepts of controller, processor and joint controllership

DLA Piper Privacy Matters

On 7 November, the European Data Protection Supervisor issued a set of guidelines that could be used by organisations to determine whether they act as controller, processor or joint controller. The Guidelines also contain easy-to-use checklists as well as a flowchart. On 7 November, the European Data Protection Supervisor (“ the EDPS ”) issued a set of guidelines (“ the Guidelines ”) to assist EU institutions and bodies (“ the EUIs ”) in complying with the provisions of the Regulation (EU) 2018/

article thumbnail

Experts warn of spike in TCP DDoS reflection attacks targeting Amazon, SoftLayer and telco infrastructure

Security Affairs

Researchers from Radware reported that massive TCP SYN-ACK DDoS reflection attacks hit Amazon, SoftLayer and telecom infrastructure in the last month. Researchers from Radware are warning of a wave of TCP SYN-ACK DDoS reflection attacks that in the last 30 days hit Amazon, SoftLayer and telecom infrastructure. “Over the last 30 days, Radware has observed a number of criminal campaigns that have been abusing the TCP implementation by performing TCP reflection attacks against large corporati

Security 105
article thumbnail

Election Interference Notification Protocols Unveiled

Data Breach Today

White House Describes Framework for Notifying Public of 2020 Election Interference The White House has developed protocols for notifying the public of nation-state hacking or other interference during the 2020 presidential election cycle. But the full framework has not yet been released.

176
176
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

NTSB Investigation of Fatal Driverless Car Accident

Schneier on Security

Autonomous systems are going to have to do much better than this. The Uber car that hit and killed Elaine Herzberg in Tempe, Ariz., in March 2018 could not recognize all pedestrians, and was being driven by an operator likely distracted by streaming video, according to documents released by the U.S. National Transportation Safety Board (NTSB) this week.

article thumbnail

Siemens and IBM showcase an AI-based, CO2 friendly advisor

IBM Big Data Hub

Making the case for AI, or any nascent technology for that matter, can be a struggle for companies today. While large enterprises know they need to be fast, agile and innovation-obsessed to survive disruption, their age-old policies, antiquated systems, disconnected data and entrenched corporate habits can be serious blockers to adoption.

78
article thumbnail

Bugcrowd paid over $500,000 in bug bounty rewards in one week

Security Affairs

Crowdsourced security platform Bugcrowd announced it paid over $500,000 in bug bounty rewards during the last week of October. Bug bounty program could represent an excellent opportunity to monetize your passion, in just one week crowdsourced security platform Bugcrowd announced it paid over $500,000 in bug bounty rewards at the end of October. Bugcrowd is used by many enterprises, it allows them to manage bug bounty programs, penetration testing, and vulnerability disclosure.

Security 106