Sat.Dec 28, 2019 - Fri.Jan 03, 2020

article thumbnail

How Cybersecurity's Metrics of Misery Fail to Describe Cybercrime Pain

Dark Reading

Dollars lost and data records exposed are valuable measurements, but the true pain of a cybersecurity incident goes far beyond that. We asked infosec pros how they put words to the pain they feel when their defenses fall apart.

article thumbnail

Mean Time to Hardening: The Next-Gen Security Metric

Threatpost

Given that the average time to weaponizing a new bug is seven days, you effectively have 72 hours to harden your systems before you will see new exploits.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Promiscuous Cookies and Their Impending Death via the SameSite Policy

Troy Hunt

Cookies like to get around. They have no scruples about where they go save for some basic constraints relating to the origin from which they were set. I mean have a think about it: If a website sets a cookie then you click a link to another page on that same site, will the cookie be automatically sent with the request? Yes. What if an attacker sends you a link to that same website in a malicious email and you click that link, will the cookie be sent?

Passwords 122
article thumbnail

GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don’t overlook physical security

The Last Watchdog

Physical security is the protection of personnel and IT infrastructure (such as hardware, software, and data) from physical actions and events that could cause severe damage to an organization. This includes protection from natural disasters, theft, vandalism, and terrorism. Related: Good to know about IoT Physical security is often a second thought when it comes to information security.

Risk 173
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Understanding the data downtime gap — and how to fix it

Information Management Resources

The growing dependence on information, plus the sheer amount of it, has led to something called the data downtime gap. Here's a look at what that is and how companies can address it.

IT 51

More Trending

article thumbnail

7 Tips for Maximizing Your SOC

Threatpost

Use the seven points listed above to create an effective and efficient operational workflow and, importantly, happier analysts who aren't buried at the bottom of a pile of mostly irrelevant data.

article thumbnail

Happy 10th Birthday, KrebsOnSecurity.com

Krebs on Security

Today marks the 10th anniversary of KrebsOnSecurity.com! Over the past decade, the site has featured more than 1,800 stories focusing mainly on cybercrime, computer security and user privacy concerns. And what a decade it has been. Stories here have exposed countless scams, data breaches, cybercrooks and corporate stumbles. In the ten years since its inception, the site has attracted more than 37,000 newsletter subscribers, and nearly 100 million pageviews generated by roughly 40 million unique

article thumbnail

Predicting the top 7 trends in manufacturing for 2020

OpenText Information Management

After starting the year strongly, manufacturing left 2019 faced with shrinking production and global uncertainty. Deloitte suggests manufacturers should increase the resilience in their operations while building and improving their ‘digital muscle’. So how will this translate into the major technology trends in manufacturing for 2020? Manufacturers will have to navigate the data tsunami From … The post Predicting the top 7 trends in manufacturing for 2020 appeared first on OpenText Blogs.

article thumbnail

Restaurant Chain Landry's Investigates Malware Incident

Data Breach Today

Houston-Based Firm Describes How Card Data May Have Been Breached Landry's Inc., a Houston-based company that owns and operates over 600 restaurants, hotels, casinos and other entertainment establishments in the U.S. and around the world, is investigating an apparent data breach after its security team found malware within a system.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Introducing the Information Governance Maturity Model (IGIM)

ARMA International

This year, ARMA International released the Informational Governance Implementation Model (IGIM), beta version. There are, of course, other information governance (IG) models available to the community, each looking at IG through a different lens. Why should you take the time to look at yet another model? At the highest level: 1) because the IGIM offers an implementation-focused approach that we think many practitioners will find especially useful, and 2) because it will enable you to better use

article thumbnail

Crooks use Star Wars saga as bait in Phishing and malware attacks

Security Affairs

Crooks are exploiting the popularity of the Star Wars saga to monetize their efforts, experts warn of online streaming sites delivering malware. Cybercriminals leverage popular movies like Star Wars to lure users into downloading malware to watch exclusive scenes or the full movie. Experts at Kaspersky have analyzed some threats that exploit the new Star Wars movie The Rise of Skywalker as bait for unaware users. .

Phishing 113
article thumbnail

2020 Cybersecurity Trends to Watch

Threatpost

Mobile becomes a prime phishing attack vector, hackers will increasingly employ machine learning in attacks and cloud will increasingly be seen as fertile ground for compromise.

article thumbnail

Smart Home Device Maker Wyze Exposed Camera Database

Data Breach Today

Technical Data Plus Emails Made It Possible to Link Cameras to People Seattle-based smart home device maker Wyze says an error by a developer exposed a database to the internet over a three-week period earlier this month. The data included customer emails, nicknames of online cameras, WiFi SSIDs, device information and Alexa tokens.

IT 204
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

How AI and Cybersecurity Will Intersect in 2020

Dark Reading

Understanding the new risks and threats posed by increased use of artificial intelligence.

article thumbnail

Cisco addresses several flaws in its DCNM product

Security Affairs

Cisco has released software updates for its Data Center Network Manager (DCNM) product to address several critical and high-severity issues. Cisco has released software updates that address several critical and high-severity vulnerabilities in it s Data Center Network Manager (DCNM) product. All the vulnerabilities were reported to Cisco through Trend Micro’s Zero Day Initiative (ZDI) and Accenture’s iDefense service by the security researcher Steven Seeley of Source Incite and Harrison Neal fro

IT 107
article thumbnail

TikTok Banned By U.S. Army Over China Security Concerns

Threatpost

The U.S. Army this week has banned TikTok from government-owned devices as scrutiny over the platform's relationship with China grows.

Security 107
article thumbnail

Microsoft Removes 50 Domains Tied to North Korean Hackers

Data Breach Today

Company Says Malicious Sites Used For Spear-Phishing and Malware Attacks Microsoft has taken control of 50 domains that the company says were used by a hacking group with ties to North Korea. The attackers used these sites to launch spear-phishing attacks against specific victims and spread malware.

Phishing 200
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

How the US Prepares Its Embassies for Potential Attacks

WIRED Threat Level

In addition to securing physical structures, the Diplomatic Security Service runs simulations of protests in a model city in Virginia.

IT 98
article thumbnail

Travelex currency exchange suspends services after malware attack

Security Affairs

The Travelex currency exchange has been forced offline following a malware attack launched on New Year’s Eve. . This week, the UK-based currency exchange Travelex announced that it has shut down its services as a “precautionary measure” following a malware attack. Statement on IT issues affecting Travelex Services pic.twitter.com/rpKagJLykn — Travelex UK (@TravelexUK) January 2, 2020.

article thumbnail

Government exposes addresses of new year honours recipients

The Guardian Data Protection

Cabinet Office apologises after details of more than 1,000 people posted online in error Elton John wins highest accolade in new year honours list More than 1,000 celebrities, government employees and politicians who received honours in the new year list have had their home and work addresses posted on a government website, the Guardian can reveal. The accidental disclosure of a tranche of personal details of those being celebrated for their service to British society is likely to be considered

article thumbnail

Ambulance Company Slapped With HIPAA Fine

Data Breach Today

Regulator Says Case Involved 'Longstanding Compliance Issues' Federal regulators have smacked a Georgia-based ambulance company with a financial settlement and corrective action plan in a case involving "longstanding" HIPAA compliance issues. How big was the fine, and what factors precipitated it?

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

The Most Dangerous People on the Internet This Decade

WIRED Threat Level

In the early aughts the internet was less dangerous than it was disruptive. That's changed. .

IT 98
article thumbnail

Expert finds Starbucks API Key exposed online

Security Affairs

Developers at Starbucks left exposed an API key that could be used by an attacker to access internal systems and manipulate the list of authorized users. The development team at Starbucks left exposed an API key that could be used by an attacker to access company internal systems and manipulate the list of authorized users. The issue was discovered by the security expert Vinoth Kumar, he found the key in a public GitHub repository.

Access 98
article thumbnail

[Podcast] Intelligent Information Management - The Coming of Age

AIIM

2019 was a great year. We said goodbye to some of our favorite tv shows like Game of Thrones and The Big Bang Theory, cheered as the US Women’s Soccer team won the world cup, and who could forget (insert YOUR favorite 2019 memory here). But, here at AIIM, 2019 was more than just great memories, it’s been especially crucial for the practice of Intelligent Information Management.

article thumbnail

US Coast Guard Warns Over Ryuk Ransomware Attacks

Data Breach Today

Incident That Targeted Maritime Facility Traced to Phishing Email The U.S. Coast Guard issued a security alert this month after a ransomware attack took down the IT network of an unnamed maritime facility. Investigators believe that the incident involved the Ryuk ransomware strain and started with a phishing email.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

The United Kingdom Leaks Home Addresses of Prominent Brits

Adam Levin

2020 seems to be getting off to an inauspicious start with the compromise of the home addresses of prominent UK citizens–many of them in lines of work that could make them targets for crime. The UK Cabinet Office issued an apology after a data leak that involved the exact addresses (including house and apartment numbers) of more than 1,000 New Year Honours recipients.

article thumbnail

A new trojan Lampion targets Portugal

Security Affairs

New trojan called ‘Lampion’ has spread using template emails from the Portuguese Government Finance & Tax during the last days of 2019. Last days of 2019 were the perfect time to spread phishing campaigns using email templates based on the Portuguese Government Finance & Tax. SI-LAB noted that Portuguese users were targeted with malscam messages that reported issues related to a debt of the year 2018.

article thumbnail

6 CISO New Year's Resolutions for 2020

Dark Reading

We asked chief information security officers how they plan to get their infosec departments in shape next year.