Sat.Dec 01, 2018 - Fri.Dec 07, 2018

article thumbnail

What the Marriott Breach Says About Security

Krebs on Security

We don’t yet know the root cause(s) that forced Marriott this week to disclose a four-year-long breach involving the personal and financial information of 500 million guests of its Starwood hotel properties. But anytime we see such a colossal intrusion go undetected for so long, the ultimate cause is usually a failure to adopt the most important principle in cybersecurity defense that applies to both corporations and consumers: Assume you are compromised.

Security 278
article thumbnail

Bad Consumer Security Advice

Schneier on Security

There are lots of articles about there telling people how to better secure their computers and online accounts. While I agree with some of it, this article contains some particularly bad advice: 1. Never, ever, ever use public (unsecured) Wi-Fi such as the Wi-Fi in a café, hotel or airport. To remain anonymous and secure on the Internet, invest in a Virtual Private Network account, but remember, the bad guys are very smart, so by the time this column runs, they may have figured out a way to hack

Security 103
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Five tips for getting the most out of your records digitization pilot

TAB OnRecord

Although most organizations can agree that pilot projects in general have beneficial outcomes, your pilot project can run into numerous pitfalls if you do not get the basics quite right. Here are five tips to help you accurately execute the fundamentals so your project can start out on the right foot. Tip #1 – Choose [.] Read More. The post Five tips for getting the most out of your records digitization pilot appeared first on TAB Records Management Blog | TAB OnRecord.

article thumbnail

Emails Expose Sensitive Internal Facebook Discussions

Data Breach Today

Material Gives Insight Into Company's Views on Data Security A batch of documents meant to be kept under court seal lay bare Facebook's strategic brokering of access to user data to reward partners and punish potential rivals. The material also demonstrates Facebook's views at the time on privacy and the risks of leaking data.

Privacy 249
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Jared, Kay Jewelers Parent Fixes Data Leak

Krebs on Security

The parent firm of bling retailers Jared and Kay Jewelers has fixed a bug in the Web sites of both companies that exposed the order information for all of their online customers. In mid-November 2018, KrebsOnSecurity heard from a Jared customer who found something curious after receiving a receipt via email for a pair of earrings he’d just purchased as a surprise gift for his girlfriend.

Retail 238

More Trending

article thumbnail

Toyota presented PASTA (Portable Automotive Security Testbed) Car-Hacking Tool

Security Affairs

Takuya Yoshida from Toyota’s InfoTechnology Center and his colleague Tsuyoshi Toyama are members of a Toyota team that developed the new tool, called PASTA (Portable Automotive Security Testbed). PASTA is an open-source testing platform specifically designed for car hacking, it was developed to help experts to test cyber security features of modern vehicles.

Security 111
article thumbnail

Kubernetes Alert: Security Flaw Could Enable Remote Hacking

Data Breach Today

Patch Container-Orchestration System Now or Risk Serious Consequences A severe vulnerability in Kubernetes, the popular, open-source software for managing Linux applications deployed within containers, could allow an attacker to remotely steal data or crash production applications. Microsoft and Red Hat have issued guidance and patches, and recommend immediate updating.

Security 249
article thumbnail

A Breach, or Just a Forced Password Reset?

Krebs on Security

Software giant Citrix Systems recently forced a password reset for many users of its Sharefile content collaboration service, warning it would be doing this on a regular basis in response to password-guessing attacks that target people who re-use passwords across multiple Web sites. Many Sharefile users interpreted this as a breach at Citrix and/or Sharefile, but the company maintains that’s not the case.

Passwords 228
article thumbnail

GUEST ESSAY: Atrium Health data breach highlights lingering third-party exposures

The Last Watchdog

The healthcare industry has poured vast resources into cybersecurity since 2015, when a surge of major breaches began. While the nature of these breaches has evolved over the last four years, the growth in total healthcare incidents has unfortunately continued unabated. Related: How to get of HIPAA hit list. The recent disclosure from Atrium Health that more than 2.65 million patients had significant amounts of PII exposed by the healthcare provider’s third-party billing vendor, AccuDoc Solutio

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

CVE-2018-15982 Adobe zero-day exploited in targeted attacks

Security Affairs

Adobe released security updates for Flash Player that address two vulnerabilities, including a critical flaw, tracked as CVE-2018-15982, exploited in targeted attacks. Adobe fixed two flaws including a critical use-after-free bug, tracked as CVE-2018-15982, exploited by an advanced persistent threat actor aimed at a healthcare organization associated with the Russian presidential administration.

Archiving 111
article thumbnail

Marriott Mega-Breach: Will GDPR Apply?

Data Breach Today

Legal Experts Suspect So, But Investigation Could Take a Year or More Will Marriott be the first organization that lost control of Europeans' personal data to feel the full force of the EU's General Protection Regulation? With GDPR in full effect since May, organizations with data security practices face the potential of massive fines.

GDPR 247
article thumbnail

Bomb Threat Hoaxer, DDos Boss Gets 3 Years

Krebs on Security

The ringleader of a gang of cyber hooligans that made bomb threats against hundreds of schools and launched distributed denial-of-service (DDoS) attacks against Web sites — including KrebsOnSecurity on multiple occasions — has been sentenced to three years in a U.K. prison, and faces the possibility of additional charges from U.S.-based law enforcement officials.

article thumbnail

GUEST ESSAY: 5 security steps all companies should adopt from the Intelligence Community

The Last Watchdog

The United States Intelligence Community , or IC, is a federation of 16 separate U.S. intelligence agencies, plus a 17th administrative office. The IC gathers, stores and processes large amounts of data, from a variety of sources, in order to provide actionable information for key stakeholders. And, in doing so, the IC has developed an effective set of data handling and cybersecurity best practices.

Security 149
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Foreign Trolls Are Targeting Veterans on Facebook

WIRED Threat Level

Opinion: The VA needs to take preventative measures to protect vets—and more broadly, our democracy—from digital manipulation and fraud.

Security 112
article thumbnail

Marriott's Mega-Breach: Many Concerns, But Few Answers

Data Breach Today

Massive Breach Prompts Calls for New Data Security and Minimization Laws Marriott's mega-breach underscores the challenges companies face in securing systems that come from acquisitions as well as simply storing too much consumer data for too long, computer security experts say. Meanwhile, the hotel giant has yet to answer many pressing data breach questions.

article thumbnail

Experts found data belonging to 82 Million US Users exposed on unprotected Elasticsearch Instances

Security Affairs

Security experts at HackenProof are warning Open Elasticsearch instances expose over 82 million users in the United States. Experts from HackenProof discovered Open Elasticsearch instances that expose over 82 million users in the United States. Elasticsearch is a Java-based search engine based on the free and open-source information retrieval software library Lucene.

article thumbnail

Toyota Builds Open-Source Car-Hacking Tool

Dark Reading

'PASTA' testing platform specs will be shared via open-source.

111
111
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

14 Questions Robert Mueller Knows the Answer To

WIRED Threat Level

The Russia investigation's known unknowns give valuable hints about the special counsel's next moves.

Security 111
article thumbnail

Another Electronic Health Records Vendor Hacked

Data Breach Today

Ransomware Attack Hits Cloud-Based EHR Firm, Affecting Data of Eye Clinic Yet another cyberattack against a cloud-based electronic health records vendor has been revealed. This one involved a ransomware attack that potentially exposed data on 16,000 patients of a California eye clinic. What can healthcare organizations do to minimize vendor risks?

article thumbnail

Hacker hijacks printers worldwide to promote popular YouTube channel

Security Affairs

The TheHackerGiraffe used the Printer Exploitation Toolkit (PRET) to hijack +50k vulnerable printers to Promote PewDiePie YouTube Channel. An anonymous hacker hijacked over 50,000 internet-connected printers worldwide to print out messages promoting the subscription to the PewDiePie YouTube channel. Felix Arvid Ulf Kjellberg, aka PewDiePie , is a popular Swedish Youtuber, comedian, and video game commentator, formerly best known for his Let’s Play commentaries and now mostly known for h

Access 111
article thumbnail

Your Personal Data is Already Stolen

Schneier on Security

In an excellent blog post , Brian Krebs makes clear something I have been saying for a while: Likewise for individuals, it pays to accept two unfortunate and harsh realities: Reality #1: Bad guys already have access to personal data points that you may believe should be secret but which nevertheless aren't, including your credit card information, Social Security number, mother's maiden name, date of birth, address, previous addresses, phone number, and yes ­ even your credit file.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Data Breaches: The Complete WIRED Guide

WIRED Threat Level

Everything you ever wanted to know about Equifax, Mariott, and the problem with social security numbers.

article thumbnail

Applying Secure Multiparty Computation Technology

Data Breach Today

Israel-based Yehuda Lindell, a cryptography professor, describes how to use secure multiparty computation technology to protect cryptographic keys and describes other potential security applications.

Security 211
article thumbnail

ETERNALSILENCE – 270K+ devices vulnerable to UPnProxy Botnet build using NSA hacking tools

Security Affairs

Over 270,000 connected devices run vulnerable implementations of UPnP, threat actors are attempting to recruit them in a multi-purpose botnet. In April, Akamai reported that threat actors compromised 65,000 home routers by exploiting vulnerabilities in Universal Plug’N’Play (UPnP) , experts tracked the botnet as UPnProxy. Now the company provided an update to its initial analysis revealing a disconcerting scenario, UPnProxy is still up and running.

article thumbnail

IT Security Lessons from the Marriott Data Breach

eSecurity Planet

500 million people are at risk because of a data breach at Marriott's Starwood hotel chain. What steps can your organization take to limit the risk of suffering the same fate?

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Australia's Encryption-Busting Law Could Impact the World

WIRED Threat Level

Australia has passed a law that would require companies to weaken their encryption, a move that could reverberate globally.

article thumbnail

Incident Response: Why a Tabletop Exercise Is Essential

Data Breach Today

Attorney Ronald Raether on Building a Cybersecurity Culture Tabletop exercises are a critical way to make sure an organization's incident response plan is effective and everyone knows their roles, says Ronald Raether of the law firm Troutman Sanders.

article thumbnail

MITRE evaluates Enterprise security products using the ATT&CK Framework

Security Affairs

The MITRE Corporation’s ATT&CK framework has been used to evaluate the efficiency of several enterprise security products designed by several vendors. In April, MITRE announced a new service based on its ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework to evaluate products based on their ability in detecting advanced persistent threats.

Security 111