Krebs on Security

DECEMBER 1, 2018

We don’t yet know the root cause(s) that forced Marriott this week to disclose a four-year-long breach involving the personal and financial information of 500 million guests of its Starwood hotel properties. But anytime we see such a colossal intrusion go undetected for so long, the ultimate cause is usually a failure to adopt the most important principle in cybersecurity defense that applies to both corporations and consumers: Assume you are compromised.

Security 278

Security Passwords Personal data Privacy 278

Schneier on Security

DECEMBER 4, 2018

There are lots of articles about there telling people how to better secure their computers and online accounts. While I agree with some of it, this article contains some particularly bad advice: 1. Never, ever, ever use public (unsecured) Wi-Fi such as the Wi-Fi in a café, hotel or airport. To remain anonymous and secure on the Internet, invest in a Virtual Private Network account, but remember, the bad guys are very smart, so by the time this column runs, they may have figured out a way to hack

Security 100

Security Passwords Authentication Risk 100

TAB OnRecord

DECEMBER 6, 2018

Although most organizations can agree that pilot projects in general have beneficial outcomes, your pilot project can run into numerous pitfalls if you do not get the basics quite right. Here are five tips to help you accurately execute the fundamentals so your project can start out on the right foot. Tip #1 – Choose [.] Read More. The post Five tips for getting the most out of your records digitization pilot appeared first on TAB Records Management Blog | TAB OnRecord.

Records Management 60

Records Management 60

Data Breach Today

DECEMBER 6, 2018

Material Gives Insight Into Company's Views on Data Security A batch of documents meant to be kept under court seal lay bare Facebook's strategic brokering of access to user data to reward partners and punish potential rivals. The material also demonstrates Facebook's views at the time on privacy and the risks of leaking data.

Privacy 222

Privacy Risk Access Security 222

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Krebs on Security

DECEMBER 3, 2018

The parent firm of bling retailers Jared and Kay Jewelers has fixed a bug in the Web sites of both companies that exposed the order information for all of their online customers. In mid-November 2018, KrebsOnSecurity heard from a Jared customer who found something curious after receiving a receipt via email for a pair of earrings he’d just purchased as a surprise gift for his girlfriend.

Retail 226

Retail Phishing Information Security IT 226

eSecurity Planet

DECEMBER 4, 2018

500 million people are at risk because of a data breach at Marriott's Starwood hotel chain. What steps can your organization take to limit the risk of suffering the same fate?

Data breaches 111

Data breaches IT Security Risk 111

Data Breach Today

DECEMBER 4, 2018

Patch Container-Orchestration System Now or Risk Serious Consequences A severe vulnerability in Kubernetes, the popular, open-source software for managing Linux applications deployed within containers, could allow an attacker to remotely steal data or crash production applications. Microsoft and Red Hat have issued guidance and patches, and recommend immediate updating.

Security 225

Security Risk 225

Krebs on Security

DECEMBER 4, 2018

Software giant Citrix Systems recently forced a password reset for many users of its Sharefile content collaboration service, warning it would be doing this on a regular basis in response to password-guessing attacks that target people who re-use passwords across multiple Web sites. Many Sharefile users interpreted this as a breach at Citrix and/or Sharefile, but the company maintains that’s not the case.

Passwords 224

Passwords Authentication Risk Marketing 224

The Last Watchdog

DECEMBER 5, 2018

The healthcare industry has poured vast resources into cybersecurity since 2015, when a surge of major breaches began. While the nature of these breaches has evolved over the last four years, the growth in total healthcare incidents has unfortunately continued unabated. Related: How to get of HIPAA hit list. The recent disclosure from Atrium Health that more than 2.65 million patients had significant amounts of PII exposed by the healthcare provider’s third-party billing vendor, AccuDoc Solutio

Data breaches 153

Data breaches Insurance Risk Ransomware 153

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Schneier on Security

DECEMBER 6, 2018

In an excellent blog post , Brian Krebs makes clear something I have been saying for a while: Likewise for individuals, it pays to accept two unfortunate and harsh realities: Reality #1: Bad guys already have access to personal data points that you may believe should be secret but which nevertheless aren't, including your credit card information, Social Security number, mother's maiden name, date of birth, address, previous addresses, phone number, and yes ­ even your credit file.

Personal data 109

Personal data Access Security IT 109

Data Breach Today

DECEMBER 3, 2018

Legal Experts Suspect So, But Investigation Could Take a Year or More Will Marriott be the first organization that lost control of Europeans' personal data to feel the full force of the EU's General Protection Regulation? With GDPR in full effect since May, organizations with data security practices face the potential of massive fines.

GDPR 222

GDPR Personal data Security 222

Krebs on Security

DECEMBER 7, 2018

The ringleader of a gang of cyber hooligans that made bomb threats against hundreds of schools and launched distributed denial-of-service (DDoS) attacks against Web sites — including KrebsOnSecurity on multiple occasions — has been sentenced to three years in a U.K. prison, and faces the possibility of additional charges from U.S.-based law enforcement officials.

Communications 197

Communications IT Security 197

The Last Watchdog

DECEMBER 6, 2018

The United States Intelligence Community , or IC, is a federation of 16 separate U.S. intelligence agencies, plus a 17th administrative office. The IC gathers, stores and processes large amounts of data, from a variety of sources, in order to provide actionable information for key stakeholders. And, in doing so, the IC has developed an effective set of data handling and cybersecurity best practices.

Security 149

Security Financial Services Manufacturing Data collection 149

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Security Affairs

DECEMBER 1, 2018

Over 270,000 connected devices run vulnerable implementations of UPnP, threat actors are attempting to recruit them in a multi-purpose botnet. In April, Akamai reported that threat actors compromised 65,000 home routers by exploiting vulnerabilities in Universal Plug’N’Play (UPnP) , experts tracked the botnet as UPnProxy. Now the company provided an update to its initial analysis revealing a disconcerting scenario, UPnProxy is still up and running.

Ransomware 111

Ransomware Communications IT Security 111

Data Breach Today

DECEMBER 7, 2018

Ransomware Attack Hits Cloud-Based EHR Firm, Affecting Data of Eye Clinic Yet another cyberattack against a cloud-based electronic health records vendor has been revealed. This one involved a ransomware attack that potentially exposed data on 16,000 patients of a California eye clinic. What can healthcare organizations do to minimize vendor risks?

Ransomware 191

Ransomware Cloud Risk 191

AIIM

DECEMBER 4, 2018

No, you read that title right – seventy THOUSAND boxes of paper in the highly restrictive environment of legal services. That’s what Susan Gleason , Manager of Records and Information Governance at Shipman & Goodwin and her team were up against. The Connecticut-based law firm was in the position that many firms face - they had been using paper-intensive records management for years and looking to build up their Information Governance , retention schedules, and ultimately move away from paper

Paper 84

Paper Digital transformation Information governance Records Management 84

WIRED Threat Level

DECEMBER 4, 2018

Opinion: The VA needs to take preventative measures to protect vets—and more broadly, our democracy—from digital manipulation and fraud.

Security 111

Security 111

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Security Affairs

DECEMBER 5, 2018

Adobe released security updates for Flash Player that address two vulnerabilities, including a critical flaw, tracked as CVE-2018-15982, exploited in targeted attacks. Adobe fixed two flaws including a critical use-after-free bug, tracked as CVE-2018-15982, exploited by an advanced persistent threat actor aimed at a healthcare organization associated with the Russian presidential administration.

Archiving 111

Archiving Security Access IT 111

Data Breach Today

DECEMBER 3, 2018

Massive Breach Prompts Calls for New Data Security and Minimization Laws Marriott's mega-breach underscores the challenges companies face in securing systems that come from acquisitions as well as simply storing too much consumer data for too long, computer security experts say. Meanwhile, the hotel giant has yet to answer many pressing data breach questions.

Data breaches 192

Data breaches Security 192

AIIM

DECEMBER 7, 2018

A new year gives us the chance to reflect on all we've accomplished and set our sights on new challenges to conquer. If you haven't embarked on your Digital Transformation journey, this is the perfect time to begin. I invite you to join us for a free webinar: Your 2019 Information Management Resolution. We’re offering it on two days so everyone can join!

Digital transformation 80

Digital transformation Customer Experience Compliance IT 80

IT Governance

DECEMBER 6, 2018

A recent survey by Ping Identity shows that customers move away from brands that have suffered data breaches. Data breaches are now a common occurrence – big-name brands affected in 2018 include FIFA , British Airways , Vision Direct , Eurostar and Marriott. These are just a few of the household names that have suffered at the hands of criminal hackers this year and under ongoing investigation; any penalties have yet to be confirmed.

Data breaches 89

Data breaches GDPR Risk Security 89

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Security Affairs

DECEMBER 6, 2018

Takuya Yoshida from Toyota’s InfoTechnology Center and his colleague Tsuyoshi Toyama are members of a Toyota team that developed the new tool, called PASTA (Portable Automotive Security Testbed). PASTA is an open-source testing platform specifically designed for car hacking, it was developed to help experts to test cyber security features of modern vehicles.

Security 111

Security Paper Communications Cybersecurity 111

Data Breach Today

DECEMBER 3, 2018

Attorney Ronald Raether on Building a Cybersecurity Culture Tabletop exercises are a critical way to make sure an organization's incident response plan is effective and everyone knows their roles, says Ronald Raether of the law firm Troutman Sanders.

Cybersecurity 189

Cybersecurity 189

AIIM

DECEMBER 4, 2018

No, you read that title right – seventy THOUSAND boxes of paper in the highly restrictive environment of legal services. That’s what Susan Gleason , Manager of Records and Information Governance at Shipman & Goodwin and her team were up against. The Connecticut-based law firm was in the position that many firms face - they had been using paper-intensive records management for years and looking to build up their Information Governance , retention schedules, and ultimately move away from paper

Paper 80

Paper Digital transformation Information governance Records Management 80

Schneier on Security

DECEMBER 3, 2018

Earlier this year, the US Department of Justice made a series of legal arguments as to why Facebook should be forced to help the government wiretap Facebook Messenger. Those arguments are still sealed. The ACLU is suing to make them public.

Government 90

Government 90

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

Security Affairs

DECEMBER 1, 2018

The MITRE Corporation’s ATT&CK framework has been used to evaluate the efficiency of several enterprise security products designed by several vendors. In April, MITRE announced a new service based on its ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework to evaluate products based on their ability in detecting advanced persistent threats.

Security 111

Security Cybersecurity Communications Marketing 111

Data Breach Today

DECEMBER 7, 2018

Chris Bowen of ClearDATA on Improving 'Change Management' Understanding where data is stored so it can be protected, overcoming security misconfiguration and improving vendor management diligence are three top challenges for healthcare organizations, says Chris Bowen of ClearDATA.

Security 174

Security IT 174

OpenText Information Management

DECEMBER 6, 2018

In my previous blog, I looked at operational excellence in oil and gas. In its Oil and Gas Trends 2018-19, PwC suggests that companies should ‘double down’ on digitization to drive operational excellence, citing the use of drones to inspect offshore platforms as a key example. So, how can you make the most of drones within … The post Why drones are revolutionizing asset inspection in oil and gas appeared first on OpenText Blogs.

IT 86

IT Analytics 86