Sat.Aug 15, 2020 - Fri.Aug 21, 2020

article thumbnail

So You Want to Build a Vulnerability Disclosure Program?

Data Breach Today

Bug Bounty Pioneer Katie Moussouris on Challenges, Sustainability, Election Security To build a successful vulnerability disclosure program, avoid thinking of it as quick-fix "bug bounty Botox," and instead focus on building positive relationships with the security community, hiring top-notch talent and "building a sustainable ecosystem," says Luta Security's Katie Moussouris.

Security 364
article thumbnail

FBI, CISA Echo Warnings on ‘Vishing’ Threat

Krebs on Security

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued a joint alert to warn about the growing threat from voice phishing or “ vishing ” attacks targeting companies. The advisory came less than 24 hours after KrebsOnSecurity published an in-depth look at a crime group offering a service that people can hire to steal VPN credentials and other sensitive data from employees working remotely during the Coronavirus pand

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

NEW TECH: A better way to secure agile software — integrate app scanning, pen testing into WAF

The Last Watchdog

The amazing array of digital services we so blithely access on our smartphones wouldn’t exist without agile software development. Related: ‘Business logic’ hacks on the rise Consider that we began this century relying on the legacy “waterfall” software development process. This method required a linear plan, moving in one direction, that culminated in a beta deliverable by a hard and fast deadline.

Security 189
article thumbnail

The Schrems II decision – some EU data exporters will face a huge task to work out whether SCCs are sufficient

Data Protector

Many privacy professionals will be shocked to learn that, in terms of safeguarding personal data flows from an EU to a non-EU country, in the absence of an adequacy decision, more is required than simply slipping the right set of SCCs into a vendor contract. The CEJU has clarified that one of the key tasks facing data exporters, when considering whether SCCs are appropriate, is to consider whether there is a conflict between the protections afforded by the SCCs and other local laws, particularly

GDPR 156
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Medical Records Exposed via GitHub Leaks

Data Breach Today

Report: 9 Leaks Account for Exposure of PHI for at Least 150,000 Patients Never store hardcoded credentials in code uploaded to public-facing GitHub repositories, and make sure none of your business associates are doing that. Those are just two takeaways from a new report that describes how nine organizations were inadvertently exposing health records for at least 150,000 patients.

363
363

More Trending

article thumbnail

University of Utah pays a $457,000 ransom to ransomware gang

Security Affairs

The University of Utah admitted to have paid a $457,059 ransom in order to avoid having ransomware operators leak student information online. The University of Utah admitted having paid a $457,059 ransom after the ransomware attack that took place on July 19, 2020, that infected systems on the network of the university’s College of Social and Behavioral Science [CSBS]).

article thumbnail

In praise of. the Investigatory Powers Act 2016

Data Protector

A number of commentators will assume that, should the UK not receive an adequacy assessment by the European Commission with regard to its data protection standards, a key reason will be the impact of the UK’s Investigatory Powers Act (IPA) which prescribes how UK public authorities obtain personal data for national security and law enforcement purposes.

article thumbnail

Marriott Hit With Class-Action Data Breach Lawsuit

Data Breach Today

UK Claim Seeks Damages Under GDPR Over Long-Running Starwood Reservation System Hack Marriott faces a new class-action lawsuit, filed in Britain, over the breach of its Starwood guest reservation system. The breach ran from 2014 to 2018 - Marriott acquired Starwood in 2016 - and exposed personal information for an estimated 7 million customers in the U.K.

article thumbnail

Microsoft Put Off Fixing Zero Day for 2 Years

Krebs on Security

A security flaw in the way Microsoft Windows guards users against malicious files was actively exploited in malware attacks for two years before last week, when Microsoft finally issued a software update to correct the problem. One of the 120 security holes Microsoft fixed on Aug. 11’s Patch Tuesday was CVE-2020-1464 , a problem with the way every supported version of Windows validates digital signatures for computer programs.

Security 357
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Steel sheet giant Hoa Sen Group hacked by Maze ransomware operators

Security Affairs

Experts at threat intelligence firm Cyble came across a post published by Maze ransomware operators claiming to have breached the steel sheet giant Hoa Sen Group. During the ordinary monitoring of Deepweb and Darkweb , researchers at Cyble came across the leak disclosure post published by the Maze ransomware operators that claim the hack of the Hoa Sen Group.

article thumbnail

Data Protection: Where’s the Brexit Privacy Dividend?

Data Protector

One of the Government's core objectives throughout the Brexit negotiations has been to respect data protection rights, slash Brussels' red tape and allow the United Kingdom to be a competitive safe haven for businesses all over the world. With that in mind, how could the Government reduce its ties to the EU's 'data protection level playing field' while continuing to maintain a robust and effective data protection regime?

Privacy 156
article thumbnail

Carnival Cruise Ship Firm Investigating Ransomware Attack

Data Breach Today

SEC Filing Warns That Guest and Employee Data Likely Compromised Carnival Corp., the world's largest cruise ship company, is investigating a ransomware attack that likely compromised guest and employee data, according its filing with the SEC. It's the company's second security incident this year.

article thumbnail

Let’s Social Distance Together, Register Now for erwin Insights 2020

erwin

I’m thrilled to officially announce that registration is open for our first global conference as erwin, Inc. erwin Insights 2020 is a free, virtual, two-day event being held October 13-14. Social distancing doesn’t mean we should stop connecting. In fact, opportunities for personal and professional growth are more important than ever. That’s why we look forward to bringing together erwin’s global community of users, partners, prospects and friends to engage and explore ideas, experiences, trends

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

FritzFrog cryptocurrency P2P botnet targets Linux servers over SSH

Security Affairs

Researchers spotted a new sophisticated peer-to-peer (P2P) botnet, dubbed FritzFrog, that has been actively targeting SSH servers since January 2020. FritzFrog is a new sophisticated botnet that has been actively targeting SSH servers worldwide since January 2020. The bot is written in Golang and implements wormable capabilities, experts reported attacks against entities in government, education, and finance sectors.

article thumbnail

Privacy Shield shafted – but do SCCs really deliver better privacy protections?

Data Protector

Here we go again. The compulsory Sunday morning church services for all Anglicans at my boarding school served as an opportunity for The Reverend James Culross, (or Druid, as we boys affectionately called him), to churn out stuff from the Book of Common Prayer. It was stuff designed to cleanse our souls and provide us with helpful words of comfort, to prepare us for the horrors that would be inflicted upon each and every one of us during the school week ahead.

Privacy 156
article thumbnail

Ransomware Payday: Average Payments Jump to $178,000

Data Breach Today

Coveware: Average Ransom Paid Jumps 60%; Sodinokibi, Maze, Phobos Dominate Ransomware gangs continue to see bigger payoffs from their ransom-paying victims, driven by "big-game hunting," data exfiltration and smaller players seeking larger returns, according to ransomware incident response firm Coveware.

article thumbnail

Cruise ship operator Carnival crippled by ransomware

IT Governance

Carnival has suffered a ransomware attack, putting the personal data of both customers and staff at risk. The Florida-based cruise operator says that the incident, which was discovered on 15 August, affected the IT systems of one of its brands – which include Cunard, P&O, AIDA and Princess – although it hasn’t specified which one. In a statement , the organisation says that it “does not believe the incident will have a material impact on its business, operations or financial results”.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Thousands of Canadian government accounts hacked, Treasury Board of Canada Secretariat say

Security Affairs

The Treasury Board of Canada Secretariat confirmed that thousands of user accounts for online Canadian government services were recently hacked. According to a press release issued by the Treasury Board of Canada Secretariat, thousands of user accounts for online government services were recently hacked. The hackers targeted the GCKey service with credential stuffing attacks, the service is used by some 30 federal departments and Canada Revenue Agency accounts.

article thumbnail

Data Protection: Whither the EU’s SCCs …

Data Protector

It is possible that the European Commission will fail to provide the UK with a data protection adequacy assessment by the end of the year. It is also possible that, in the near future, the EU will publish revised sets of Standard Contractual Clauses to replace the existing SCCs in a bold effort to ensure that flows of personal data outside the European Union remain suitably protected.

GDPR 120
article thumbnail

Fraudsters Putting on the Ritz

Data Breach Today

Luxury London Hotel Investigates 'Food and Beverage Reservation System' Data Breach Scammers have reportedly been putting one over on customers of the famous Ritz London, which says it is "aware of a potential data breach within our food and beverage reservation system, which may have compromised some of our clients' personal data." No payment card data was exposed, it says.

article thumbnail

What Is Enterprise Architecture (EA)? – Definition, Methodology & Best Practices

erwin

Enterprise architecture (EA) is a strategic planning initiative that helps align business and IT. It provides a visual blueprint, demonstrating the connection between applications, technologies and data to the business functions they support. In this post: What Is Enterprise Architecture? Think City Planning. Why Is Enterprise Architecture Important?

Big data 140
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Sodinokibi ransomware gang stole 1TB of data from Brown-Forman

Security Affairs

Sodinokibi (REvil) ransomware operators announced on Friday to have hacked Brown-Forman, one of the largest U.S. firm in the spirits and wine business. Sodinokibi (REvil) ransomware operators announced last week to have breached the network of the Brown-Forman, one of the largest U.S. firm in the spirits and wine business. Threat actors claim to have exfiltrated 1TB of confidential data and plan to put it up for auction the most sensitive info and leak the rest.

article thumbnail

Keeping up the fight on cancer during pandemic

OpenText Information Management

In just a few months, COVID-19 changed the world. Millions have been infected and hundreds of thousands have died at the time of writing. This health emergency has strained healthcare systems around the world. Amidst this disruption, COVID-19 has put innumerable other lives at risk. Other diseases and conditions haven’t gone away during the pandemic. … The post Keeping up the fight on cancer during pandemic appeared first on OpenText Blogs.

Risk 140
article thumbnail

Dozens Arrested in ATM Cash-Out Scheme

Data Breach Today

Suspected Fraudsters Targeted Santander Bank Branches in 3 States Dozens of suspects have reportedly been arrested in connection with an ATM cash-out scheme that targeted Santander Bank branches in New Jersey, New York and Connecticut.

322
322
article thumbnail

GDPR supervisory authorities issued £2.6 million in fines in Q2 2020

IT Governance

In the second quarter of 2020, data protection bodies across Europe issued at least 46 administrative fines under the GDPR (General Data Protection Regulation) , with the penalties totalling nearly €2.9 million (£2.6 million). This is a sharp decrease on Q1, which saw more than £45 million in fines – something that is to be expected given the disruption caused by COVID-19.

GDPR 128
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

XCSSET Mac spyware spreads via Xcode Projects

Security Affairs

A new Mac malware, tracked as XCSSET, spreads through Xcode projects and exploits two zero-day vulnerabilities, experts warn. XCSSET is a new Mac malware that spreads through Xcode projects and exploits two zero-day vulnerabilities to steal sensitive information from target systems and launch ransomware attacks. The first zero-day issue is used to steal cookies via a flaw in the behavior of Data Vaults , while the second one is used to abuse the development version of Safari.

article thumbnail

Ransomware Attack on Carnival May Have Been Its Second Compromise This Year

Dark Reading

Security vendor Prevailion says it observed signs of malicious activity on the cruise operator's network between at least February and June.

IT 143
article thumbnail

Former Uber CSO Charged With Covering Up 2016 Data Breach

Data Breach Today

Joe Sullivan Accused of Making 'Hush Money' Bitcoin Payoff to Hackers The U.S. Department of Justice has charged former Uber CSO Joseph Sullivan with obstruction of justice for allegedly covering up the 2016 hack of the ride-sharing service, which compromised sensitive data for 57 million Uber passengers and drivers.