Sat.Oct 19, 2019 - Fri.Oct 25, 2019

article thumbnail

Protect IT—A Combination of Security Culture and Cyber Hygiene Good Practices

Thales Cloud Protection & Licensing

In the spirit of National Cyber Security Awareness Month (NCSAM), my colleague Ashvin Kamaraju wrote about how organizations can use fundamental controls to secure their information technology. Effective digital security doesn’t end at “Secure IT,” however. It’s equally important that organizations protect their IT assets against things like software vulnerabilities, unsecured Wi-Fi connections and unauthorized data exfiltration.

article thumbnail

61% of organisations reported a data breach in 2019

IT Governance

If your organisation didn’t suffer a data breach last year, consider yourself one of the lucky few. The insurance firm Hiscox found that 61% of organisations were compromised in the past 12 months. This represents a 16-percentage-point increase over the past year, demonstrating how quickly the threat of data breaches is escalating. And it’s not because organisations are getting worse at protecting their information; it’s because cyber criminals are becoming more proficient.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Software Is Infrastructure

ForAllSecure

The realization that software is becoming an essential component of our everyday lives was reflected yet again in this year’s. Black Hat. Even more solutions are being touted to deal with the ever-growing exposure of software to malicious threats. Unfortunately, a lot of the solutions focus on dealing with the symptoms of our current predicament without addressing the fundamental truth - software is built insecurely despite our best efforts.

40
article thumbnail

Phishing Schemes Continue to Plague the Healthcare Sector

Data Breach Today

Experts Offer Insights on Mitigating the Threat Recent health data breaches involving phishing schemes are reminders of the persistent threat email-related scams pose to healthcare organizations - and the urgent need to mitigate that threat.

Phishing 190
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Cachet Financial Reeling from MyPayrollHR Fraud

Krebs on Security

When New York-based cloud payroll provider MyPayrollHR unexpectedly shuttered its doors last month and disappeared with $26 million worth of customer payroll deposits , its payment processor Cachet Financial Services ended up funding the bank accounts of MyPayrollHR client company employees anyway, graciously eating a $26 million loss which it is now suing to recover.

More Trending

article thumbnail

Very Meta … Unlocking Data’s Potential with Metadata Management Solutions

erwin

Untapped data, if mined, represents tremendous potential for your organization. While there has been a lot of talk about big data over the years, the real hero in unlocking the value of enterprise data is metadata , or the data about the data. However, most organizations don’t use all the data they’re flooded with to reach deeper conclusions about how to drive revenue, achieve regulatory compliance or make other strategic decisions.

Metadata 104
article thumbnail

Johannesburg Struggles to Recover From Ransomware Attack

Data Breach Today

It's the Second Attack to Target South African City This Year Johannesburg has been hit with a ransomware attack that is crippling municipal services. City Power, an electric utility owned by the city that was hit by a similar attack in July - also was affected by the latest attack.

article thumbnail

Avast, NordVPN Breaches Tied to Phantom User Accounts

Krebs on Security

Antivirus and security giant Avast and virtual private networking (VPN) software provider NordVPN each today disclosed months-long network intrusions that — while otherwise unrelated — shared a common cause: Forgotten or unknown user accounts that granted remote access to internal systems with little more than a password. Based in the Czech Republic, Avast bills itself as the most popular antivirus vendor on the market, with over 435 million users.

Cleanup 135
article thumbnail

UK/US investigation revealed that Russian Turla APT masqueraded as Iranian hackers

Security Affairs

A joint UK and US investigation has revealed that the Russian cyber espionage group Turla carried out cyber attacks masqueraded as Iranian hackers. According to the Financial Times, a joint UK and US investigation revealed that Russia-linked cyberespionage group Turla conducted several cyber attacks in more than 35 countries masqueraded as Iranian hackers.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

A Brief History of Russian Hackers' Evolving False Flags

WIRED Threat Level

Most hackers know how to cover their tracks. But Russia’s elite groups are working at a whole other level.

Security 101
article thumbnail

Russian Hackers Coopted Iranian APT Group's Infrastructure

Data Breach Today

UK and US Intelligence Agencies Report That Turla Group Seized OilRig APT Assets Turla, an advanced persistent threat group with apparent ties to Russia, seized attack infrastructure and tools used by OilRig, an Iranian APT group, U.K. and U.S. intelligence agencies have jointly reported. They say Turla used the coopted infrastructure to conduct its own reconnaissance and attacks.

IT 160
article thumbnail

Ransomware Hits B2B Payments Firm Billtrust

Krebs on Security

Business-to-business payments provider Billtrust is still recovering from a ransomware attack that began last week. The company said it is in the final stages of bringing all of its systems back online from backups. With more than 550 employees, Lawrence Township, N.J.-based Billtrust is a cloud-based service that lets customers view invoices, pay, or request bills via email or fax.

B2B 120
article thumbnail

Ransomware attacks show no signs of slowing

DXC Technology

Ransomware attacks are showing no signs of letting up. In fact, recent research shows how these attacks are flourishing. The findings are based on more than 230,000 ransomware attack submissions, between April 1 and September 30, 2019, to antivirus firm Emsisoft and ransomware information site ID Ransomware. ID Ransomware is a site that enables anyone […].

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Women in Privacy

Data Matters

Women in Privacy or WIP invites you to join our networking event featuring a roundtable discussion of the latest data protection and privacy hot topics followed by a drinks reception. The Women in Privacy networking group is for data protection and privacy professionals and aims to provide a platform for high-level discussion of data protection and privacy law developments, to facilitate and strengthen networking among women privacy professionals, and to mentor and promote the advancement of wom

Privacy 60
article thumbnail

Clinton Email Probe Cites 38 for Violations

Data Breach Today

State Dept. Report: No 'Persuasive Evidence' of Deliberate Mishandling of Classified Info The State Department's years-long review of former Secretary Hillary Clinton's use of a private email server found that although 38 current or former department officials violated government security policies, there was no "persuasive evidence of systemic, deliberate mishandling of classified information.

article thumbnail

A critical Linux Wi-Fi bug could be exploited to fully compromise systems

Security Affairs

A researcher discovered a critical Linux vulnerability, tracked as CVE-2019-17666 , that could be exploited to fully compromise vulnerable machines. Nico Waisman, principal security engineer at Github, discovered a critical Linux flaw, tracked as CVE-2019-17666 , that could be exploited by attackers to fully compromise vulnerable machines. Found this bug on Monday.

article thumbnail

Jamf Nation is an Apple community, not just a Jamf community

Jamf

From an email list to nearly 100,000 members, see why Jamf Nation has become a one-stop-shop for those charged with managing Apple devices.

72
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

CCPA In-Depth Series: Draft Attorney General Regulations on Verification, Children’s Privacy and Non-Discrimination

Data Matters

This post is the third in a three part series taking a deep dive into the five key articles of the Attorney General’s CCPA draft regulations: Article 2 on Notice to Consumers; Article 3 on Business Practices for Handling Consumer Requests; Article 4 on Verification of Requests; Article 5 on Special Rules Regarding Minors; and Article 6 on Non-Discrimination.

Privacy 60
article thumbnail

Here's Why 'Raccoon' Infostealer Is Popular With Criminals

Data Breach Today

Cheap and Simple 'Malware as a Service' Sold in Cybercriminal Underground The "Raccoon" infostealer, first spotted in the wild earlier this year, is rapidly gaining in popularity on underground forums due to its low cost and ability to steal a wide range of data, including credit card numbers and cryptocurrency wallets, according to a new analysis from Cybereason.

IT 141
article thumbnail

US Army stopped using floppy disks as storage for SACCS system that manages nuclear weapons arsenal

Security Affairs

The news is quite curious, the US military will no longer use 8-inch floppy disks in an antiquated computer (SACCS) to manage nuclear weapons arsenal. It’s official, the US strategic command has announced that it has replaced the 8-inch floppy disks in an ancient computer to receive nuclear launch orders from the President with a “highly-secure solid state digital storage solution.” The use of the 8-inch floppy disks was revealed back in 2014 by the CBS “60 Minutes” TV show. &#

article thumbnail

Jamf Nation is an Apple community, not just a Jamf community

Jamf

From an email list to nearly 100,000 members, see why Jamf Nation has become a one-stop-shop for those charged with managing Apple devices.

72
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

CCPA In-Depth Series: Draft Attorney General Regulations on Consumer Requests

Data Matters

This post is the second in a three part series taking a deep dive into the five key articles of the Attorney General’s CCPA draft regulations: Article 2 on Notice to Consumers; Article 3 on Business Practices for Handling Consumer Requests; Article 4 on Verification of Requests; Article 5 on Special Rules Regarding Minors; and Article 6 on Non-Discrimination.

Sales 60
article thumbnail

Three Charged in $11 Million BEC Scam

Data Breach Today

Police Say Cybercriminal Gang Targeted 12 Companies Spanish authorities say they've arrested three individuals on charges of running a large-scale business email compromise scheme that targeted a dozen companies around the world to steal about $11 million.

135
135
article thumbnail

Exploring the CPDoS attack on CDNs: Cache Poisoned Denial of Service

Security Affairs

Boffins disclosed a web attack technique (CPDoS attack) that can poison content delivery networks (CDNs) into caching and then serving error pages. Two researchers from the Technical University of Cologne (TH Koln) have devised a new web attack that can be used by threat actors to poison content delivery networks (CDNs) into caching and then serving error pages instead of the legitimate content.

Paper 75
article thumbnail

Former Virginia Gov. Terry McAuliffe Joins Hunton as Global Strategy Advisor for Cybersecurity at the Centre for Information Policy Leadership

Hunton Privacy

Hunton Andrews Kurth LLP announced today that former Virginia Gov. Terry McAuliffe has joined the firm as global strategy advisor at the Centre for Information Policy Leadership (“CIPL”), the firm’s global privacy and cybersecurity think tank. McAuliffe will provide strategic counsel to CIPL, the firm, and clients with a particular focus on cybersecurity and privacy issues given his work and recognition in those fields during his governorship.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

CCPA In-Depth Series: Draft Attorney General Regulations on Consumer Notice

Data Matters

This post is the first in a three part series taking a deep dive into the five key articles of the Attorney General’s CCPA draft regulations: Article 2 on Notice to Consumers; Article 3 on Business Practices for Handling Consumer Requests; Article 4 on Verification of Requests; Article 5 on Special Rules Regarding Minors; and Article 6 on Non-Discrimination.

Privacy 60
article thumbnail

Florida Health System Slapped With $2.1 Million HIPAA Penalty

Data Breach Today

Regulators Say Case Involved Series of Violations Federal regulators have smacked Jackson Health System with a $2.1 million civil monetary penalty for a series of HIPAA violations. The case is one of only a handful in which the nation's HIPAA enforcement agency imposed such a penalty, rather than reach a settlement. What can others learn from this case?

135
135
article thumbnail

Retail has a multi-cloud problem…with sensitive data

Thales Cloud Protection & Licensing

Digital transformation (DX) is fundamentally impacting all aspects of the economy across every industry, and nowhere is this truer than in retail. DX technologies such as cloud, mobile payments, IoT, Big Data and others have fundamentally changed retailers’ business models, not only by opening new channels to reach customers, but also in how they communicate with, serve, and support them.

Retail 54