IT Governance

SEPTEMBER 26, 2018

Two thirds of UK organisations are uninsured against the financial impact of a data breach, a survey has revealed. The Risk:Value 2018 Report by NTT Security discovered that only 29% of organisations have dedicated cyber insurance in place, despite 81% of senior executives touting insurance against data breaches as “vital”. According to the report, which examines business attitudes to risk and the value of information security, UK businesses would have to spend £1 million, on average, to rec

Data breaches 85

Data breaches Insurance Information Security Compliance 85

Data Breach Today

SEPTEMBER 25, 2018

Fraudsters Hijack Mobile Numbers to Crack Open Bank Accounts In Australia, it can take as few as 15 minutes to steal someone's phone number, a type of attack known as SIM hijacking. Such attacks are rising, but mobile operators have no plans to change the authentication required around number porting, which can be set in motion online with minimal personal information.

Authentication 241

Authentication IT 241

Thales Cloud Protection & Licensing

SEPTEMBER 25, 2018

My last blog about Vormetric Application Encryption covered new RESTful APIs and it revealed that those APIs provide quite a bit of granular control in the use of encryption keys. This enhances security by reducing the “attack surface” in an IT environment while maintaining IT efficiency with centralized access control policies. Combining RESTful flexibility with granular controls gives you the best of both worlds.

Encryption 73

Encryption Security Paper Access 73

Krebs on Security

SEPTEMBER 28, 2018

Facebook said today some 90 million of its users may get forcibly logged out of their accounts after the company fixed a rather glaring security vulnerability in its Web site that may have let attackers hijack user profiles. In a short blog post published this afternoon, Facebook said hackers have been exploiting a vulnerability in Facebook’s site code that impacted a feature called “View As,” which lets users see how their profile appears to other people. “This allowed t

Security 259

Security Passwords Access IT 259

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

The Last Watchdog

SEPTEMBER 24, 2018

The recent hack of social media giant Reddit underscores the reality that all too many organizations — even high-visibility ones that ought to know better — are failing to adequately lock down their privileged accounts. Related: 6 best practices for cloud computing. An excerpt from Reddit’s mea culpa says it all: “On June 19, we learned that between June 14 and June 18, an attacker compromised a few of our employees’ accounts with our cloud and source code hosting providers.

Access 159

Access Authentication Retail Cloud 159

AIIM

SEPTEMBER 27, 2018

With a little more than 3 months left of 2018, many businesses are focusing on what goals they want to achieve in the New Year. While some have talked of digital transformation, there are still an alarming number of workplaces that have yet to fully embrace digitizing paper documents and processing digital documents. Make no mistake- if you want to achieve digital transformation and you've yet to take the leap into capturing documents, the time is now and we're here to help.

Digital transformation 111

Digital transformation Paper IT Information capture 111

Krebs on Security

SEPTEMBER 27, 2018

The U.S. Secret Service is warning financial institutions about a recent uptick in a form of ATM skimming that involves cutting cupcake-sized holes in a cash machine and then using a combination of magnets and medical devices to siphon customer account data directly from the card reader inside the ATM. According to a non-public alert distributed to banks this week and shared with KrebsOnSecurity by a financial industry source, the Secret Service has received multiple reports about a complex form

Communications 252

Communications Security IT 252

IT Governance

SEPTEMBER 27, 2018

It’s time for the month’s list of breaches and cyber attacks, and it’s a big one. Almost 1 billion records were leaked this month – 925,633,824 to be exact. There were also a few more reported ransomware incidents than normal, some of which saw the victims paying the fine – something most security professionals advise against. The list tells me one thing: organisations need to get themselves ready for a data breach.

Data breaches 110

Data breaches Passwords Ransomware Phishing 110

Data Breach Today

SEPTEMBER 25, 2018

Organizations Need to Avoid Mishaps That Can Make Matters Worse Recent additions to the federal health data breach tally shine a light on the mistakes that contribute to breaches - and in some cases, make situations far worse.

Data breaches 219

Data breaches 219

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

AIIM

SEPTEMBER 28, 2018

While “technical debt” is a term that’s frequently used by technologists, the implication and understanding of it tends to be opaque to the business until it’s too late - just look at how Nokia lost the mobile market that it helped create. The business and finance side of Nokia had the usual tools for assessing financial risks - but why do we not have an equivalent tool for the operational or existential risks when the debts come from the more intangible investment in technology?

Marketing 94

Marketing Risk IT Digital transformation 94

Krebs on Security

SEPTEMBER 24, 2018

If you’re thinking of donating money to help victims of Hurricane Florence , please do your research on the charitable entity before giving: A slew of new domains apparently related to Hurricane Florence relief efforts are now accepting donations on behalf of victims without much accountability for how the money will be spent. For the past two weeks, KrebsOnSecurity has been monitoring dozens of new domain name registrations that include the terms “hurricane” and/or “flor

IT 230

IT 230

Troy Hunt

SEPTEMBER 26, 2018

I have a love-hate relationship with ad blockers. On the one hand, I despise the obnoxious ads that are forced down our throats at what seems like every turn. On the other hand, I appreciate the need for publishers to earn a living so that I can consume their hard-earned work for free. Somewhere in the middle is a responsible approach, for example the sponsorship banner you see at the top of this blog.

Analytics 108

Analytics Risk IT Security 108

Data Breach Today

SEPTEMBER 24, 2018

Massive Credit Bureau Stored Users' Plaintext Passwords in Testing Environment Massive, well-resourced companies are still using live customer data - including their plaintext passwords - in testing environments, violating not just good development practices but also privacy laws. That's yet another security failure takeaway from last year's massive Equifax breach.

Passwords 187

Passwords Privacy Security 187

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Security Affairs

SEPTEMBER 28, 2018

Facebook hacked – Attackers exploited a vulnerability in the “View As” feature that allowed them to steal Facebook access tokens of 50 Million Users. Facebook hacked, this is news that is rapidly spreading across the Internet. A few hours ago, Facebook announced that an attack on its computer network exposed the personal information of roughly 50 million users.

Security 111

Security Access Data breaches IT 111

AIIM

SEPTEMBER 25, 2018

We are barreling toward a future of automation. A great proportion of the six million US manufacturing jobs that have disappeared over the last few decades were lost as a direct result of automation’s slow absorption of physical labor and factory work. Now the pace is quickening. Because of the rapid development of artificial intelligence, the reach of automation is expanding, too.

Artificial Intelligence 83

Artificial Intelligence Paper Manufacturing Marketing 83

WIRED Threat Level

SEPTEMBER 28, 2018

The social networking giant confirmed Friday that sites you use Facebook to login to could have been accessed as a result of its massive breach.

Security 111

Security Access IT 111

Data Breach Today

SEPTEMBER 28, 2018

Vulnerability in 'View As' Feature Exploited Facebook revealed Friday that it had discovered a breach that affected almost 50 million user accounts. Attackers exploited a vulnerability that enabled them to steal "access tokens," digital keys that keep users logged in so they don't need to re-enter their password.

Passwords 185

Passwords Access IT 185

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Security Affairs

SEPTEMBER 26, 2018

The latest samples of the HNS bot were designed to target Android devices having the wireless debugging feature ADB enabled. The Hide and Seek (HNS) IoT botnet was first spotted early this year, since its discovery the authors continuously evolved its code. The IoT botnet appeared in the threat landscape in January, when it was first discovered on January 10th by malware researchers from Bitdefender, then it disappeared for a few days, and appeared again a few weeks later infecting in a few

IoT 111

IoT Mining Access Security 111

AIIM

SEPTEMBER 26, 2018

Remote work is exploding in popularity. Over a few short years, the percentage of remote workers has skyrocketed. Experienced professionals have flocked to remote work because of its promise of flexibility, freedom, and fulfillment. Employers are seeing the benefit of telecommuting as well. Increased productivity and reduced costs being compelling reasons to consider the new-fangled mode of work.

Risk 82

Risk Communications IT 82

Hunton Privacy

SEPTEMBER 25, 2018

The Information Commissioner’s Office (“ICO”) in the UK has issued the first formal enforcement action under the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 (the “DPA”) on Canadian data analytics firm AggregateIQ Data Services Ltd. (“AIQ”). The enforcement action, in the form of an Enforcement Notice served under section 149 of the DPA, requires AIQ to “cease processing any personal data of UK or EU citizens obtained from UK political organizations or otherwi

GDPR 99

GDPR Personal data Analytics IT 99

Data Breach Today

SEPTEMBER 28, 2018

Hacker Who Kept 'Hacky Hack Hack Methods' Folder on His Computer Gets Probation An Australian man who as a teenager managed to infiltrate Apple's networks and do it again after the company expelled him - aided by a folder on his laptop storing his "Hacky Hack Hack Methods" - has been sentenced to serve eight months of probation, according to news reports.

IT 172

IT 172

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Security Affairs

SEPTEMBER 28, 2018

Google Project Zero disclosed details for a high severity Linux kernel a use-after-free vulnerability tracked as CVE-2018-1718. The vulnerability is a use-after-free tracked as CVE-2018-17182, it was discovered by Google Project Zero’s Jann Horn. The vulnerability was introduced in August 2014 with the release of version 3.16 of the Linux kernel. The issue could be exploited by an attacker trigger a DoS condition or to execute arbitrary code with root privileges on the vulnerable system.

Security 111

Security IT 111

WIRED Threat Level

SEPTEMBER 28, 2018

Up to 50 million Facebook users were affected—and possibly 40 million more—when hackers compromised the social network's systems.

Security 110

Security 110

Hunton Privacy

SEPTEMBER 25, 2018

On September 25, 2018, the French Data Protection Authority (the “CNIL”) published the first results of its factual assessment of the implementation of the EU General Data Protection Regulation (GDPR) in France and in Europe. When making this assessment, the CNIL first recalled the current status of the French legal framework, and provided key figures on the implementation of the GDPR from the perspective of privacy experts, private individuals and EU supervisory authorities.

GDPR 97

GDPR Compliance Data breaches Privacy 97

Data Breach Today

SEPTEMBER 27, 2018

Cybersecurity Unit Would Be Part of a Center of Excellence for Digital Health The Food and Drug Administration plans to launch a new digital health "center of excellence" that includes a cybersecurity unit. The new unit would not only deal with cyber issues pertaining to new health technologies, but also challenges facing older medical devices.

IT 172

IT Cybersecurity 172

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

Security Affairs

SEPTEMBER 27, 2018

Security experts from ESET have spotted the first UEFI rootkit of ever, the code tracked as LoJax was used in attacks in the wild. Security researchers from ESET have discovered a new piece of a sophisticated malware used by the Russia-linked Sednit group (aka Fancy Bear , APT28 , Pawn Storm , Sofacy Group , and STRONTIUM ) in targeted attacks aimed at government entities in the Balkans as well as in Central and Eastern Europe.

Military 111

Military Manufacturing Government Security 111

Dark Reading

SEPTEMBER 28, 2018

A vulnerability in Facebook's "View As" feature let attackers steal security tokens linked to 50 million accounts, the company confirms.

Security 107

Security 107

Schneier on Security

SEPTEMBER 27, 2018

Interesting research : In the team's experiments, one WiFi transmitter and one WiFi receiver are behind walls, outside a room in which a number of people are present. The room can get very crowded with as many as 20 people zigzagging each other. The transmitter sends a wireless signal whose received signal strength (RSSI) is measured by the receiver.

Paper 92

Paper IT 92