Krebs on Security

DECEMBER 1, 2018

We don’t yet know the root cause(s) that forced Marriott this week to disclose a four-year-long breach involving the personal and financial information of 500 million guests of its Starwood hotel properties. But anytime we see such a colossal intrusion go undetected for so long, the ultimate cause is usually a failure to adopt the most important principle in cybersecurity defense that applies to both corporations and consumers: Assume you are compromised.

Security 277

Security Passwords Personal data Phishing 277

Schneier on Security

DECEMBER 4, 2018

There are lots of articles about there telling people how to better secure their computers and online accounts. While I agree with some of it, this article contains some particularly bad advice: 1. Never, ever, ever use public (unsecured) Wi-Fi such as the Wi-Fi in a café, hotel or airport. To remain anonymous and secure on the Internet, invest in a Virtual Private Network account, but remember, the bad guys are very smart, so by the time this column runs, they may have figured out a way to hack

Security 98

Security Passwords Authentication Risk 98

TAB OnRecord

DECEMBER 6, 2018

Although most organizations can agree that pilot projects in general have beneficial outcomes, your pilot project can run into numerous pitfalls if you do not get the basics quite right. Here are five tips to help you accurately execute the fundamentals so your project can start out on the right foot. Tip #1 – Choose [.] Read More. The post Five tips for getting the most out of your records digitization pilot appeared first on TAB Records Management Blog | TAB OnRecord.

Records Management 60

Records Management 60

Data Breach Today

DECEMBER 6, 2018

Material Gives Insight Into Company's Views on Data Security A batch of documents meant to be kept under court seal lay bare Facebook's strategic brokering of access to user data to reward partners and punish potential rivals. The material also demonstrates Facebook's views at the time on privacy and the risks of leaking data.

Privacy 249

Privacy Risk Access Security 249

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, CTO of Betterworks, will explore a practical framework to transform Generative AI prototypes into

Artificial Intelligence

Krebs on Security

DECEMBER 4, 2018

Software giant Citrix Systems recently forced a password reset for many users of its Sharefile content collaboration service, warning it would be doing this on a regular basis in response to password-guessing attacks that target people who re-use passwords across multiple Web sites. Many Sharefile users interpreted this as a breach at Citrix and/or Sharefile, but the company maintains that’s not the case.

Passwords 213

Passwords Authentication Risk Marketing 213

Schneier on Security

DECEMBER 6, 2018

In an excellent blog post , Brian Krebs makes clear something I have been saying for a while: Likewise for individuals, it pays to accept two unfortunate and harsh realities: Reality #1: Bad guys already have access to personal data points that you may believe should be secret but which nevertheless aren't, including your credit card information, Social Security number, mother's maiden name, date of birth, address, previous addresses, phone number, and yes ­ even your credit file.

Personal data 108

Personal data Access Security IT 108

Data Breach Today

DECEMBER 4, 2018

Patch Container-Orchestration System Now or Risk Serious Consequences A severe vulnerability in Kubernetes, the popular, open-source software for managing Linux applications deployed within containers, could allow an attacker to remotely steal data or crash production applications. Microsoft and Red Hat have issued guidance and patches, and recommend immediate updating.

Security 248

Security Risk 248

Krebs on Security

DECEMBER 3, 2018

The parent firm of bling retailers Jared and Kay Jewelers has fixed a bug in the Web sites of both companies that exposed the order information for all of their online customers. In mid-November 2018, KrebsOnSecurity heard from a Jared customer who found something curious after receiving a receipt via email for a pair of earrings he’d just purchased as a surprise gift for his girlfriend.

Retail 207

Retail Phishing Information Security IT 207

The Last Watchdog

DECEMBER 6, 2018

The United States Intelligence Community , or IC, is a federation of 16 separate U.S. intelligence agencies, plus a 17th administrative office. The IC gathers, stores and processes large amounts of data, from a variety of sources, in order to provide actionable information for key stakeholders. And, in doing so, the IC has developed an effective set of data handling and cybersecurity best practices.

Security 149

Security Financial Services Manufacturing Data collection 149

Advertisement

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

Analytics

IT Governance

DECEMBER 6, 2018

A recent survey by Ping Identity shows that customers move away from brands that have suffered data breaches. Data breaches are now a common occurrence – big-name brands affected in 2018 include FIFA , British Airways , Vision Direct , Eurostar and Marriott. These are just a few of the household names that have suffered at the hands of criminal hackers this year and under ongoing investigation; any penalties have yet to be confirmed.

Data breaches 104

Data breaches GDPR Risk Information Security 104

Data Breach Today

DECEMBER 3, 2018

Legal Experts Suspect So, But Investigation Could Take a Year or More Will Marriott be the first organization that lost control of Europeans' personal data to feel the full force of the EU's General Protection Regulation? With GDPR in full effect since May, organizations with data security practices face the potential of massive fines.

GDPR 246

GDPR Personal data Security 246

Krebs on Security

DECEMBER 7, 2018

The ringleader of a gang of cyber hooligans that made bomb threats against hundreds of schools and launched distributed denial-of-service (DDoS) attacks against Web sites — including KrebsOnSecurity on multiple occasions — has been sentenced to three years in a U.K. prison, and faces the possibility of additional charges from U.S.-based law enforcement officials.

Communications 185

Communications IT Security 185

Security Affairs

DECEMBER 5, 2018

Adobe released security updates for Flash Player that address two vulnerabilities, including a critical flaw, tracked as CVE-2018-15982, exploited in targeted attacks. Adobe fixed two flaws including a critical use-after-free bug, tracked as CVE-2018-15982, exploited by an advanced persistent threat actor aimed at a healthcare organization associated with the Russian presidential administration.

Archiving 103

Archiving Security Access IT 103

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

AIIM

DECEMBER 4, 2018

No, you read that title right – seventy THOUSAND boxes of paper in the highly restrictive environment of legal services. That’s what Susan Gleason , Manager of Records and Information Governance at Shipman & Goodwin and her team were up against. The Connecticut-based law firm was in the position that many firms face - they had been using paper-intensive records management for years and looking to build up their Information Governance , retention schedules, and ultimately move away from paper

Paper 83

Paper Digital transformation Information governance Records Management 83

Data Breach Today

DECEMBER 3, 2018

Massive Breach Prompts Calls for New Data Security and Minimization Laws Marriott's mega-breach underscores the challenges companies face in securing systems that come from acquisitions as well as simply storing too much consumer data for too long, computer security experts say. Meanwhile, the hotel giant has yet to answer many pressing data breach questions.

Data breaches 216

Data breaches Security 216

eSecurity Planet

DECEMBER 4, 2018

500 million people are at risk because of a data breach at Marriott's Starwood hotel chain. What steps can your organization take to limit the risk of suffering the same fate?

Data breaches 101

Data breaches IT Security Risk 101

Security Affairs

DECEMBER 6, 2018

Takuya Yoshida from Toyota’s InfoTechnology Center and his colleague Tsuyoshi Toyama are members of a Toyota team that developed the new tool, called PASTA (Portable Automotive Security Testbed). PASTA is an open-source testing platform specifically designed for car hacking, it was developed to help experts to test cyber security features of modern vehicles.

Security 102

Security Paper Communications Cybersecurity 102

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

AIIM

DECEMBER 7, 2018

A new year gives us the chance to reflect on all we've accomplished and set our sights on new challenges to conquer. If you haven't embarked on your Digital Transformation journey, this is the perfect time to begin. I invite you to join us for a free webinar: Your 2019 Information Management Resolution. We’re offering it on two days so everyone can join!

Digital transformation 80

Digital transformation Customer Experience Compliance IT 80

Data Breach Today

DECEMBER 7, 2018

Ransomware Attack Hits Cloud-Based EHR Firm, Affecting Data of Eye Clinic Yet another cyberattack against a cloud-based electronic health records vendor has been revealed. This one involved a ransomware attack that potentially exposed data on 16,000 patients of a California eye clinic. What can healthcare organizations do to minimize vendor risks?

Ransomware 212

Ransomware Cloud Risk 212

WIRED Threat Level

DECEMBER 4, 2018

Opinion: The VA needs to take preventative measures to protect vets—and more broadly, our democracy—from digital manipulation and fraud.

Security 111

Security 111

Security Affairs

DECEMBER 1, 2018

The MITRE Corporation’s ATT&CK framework has been used to evaluate the efficiency of several enterprise security products designed by several vendors. In April, MITRE announced a new service based on its ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework to evaluate products based on their ability in detecting advanced persistent threats.

Security 97

Security Cybersecurity Communications Marketing 97

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Schneier on Security

DECEMBER 3, 2018

Earlier this year, the US Department of Justice made a series of legal arguments as to why Facebook should be forced to help the government wiretap Facebook Messenger. Those arguments are still sealed. The ACLU is suing to make them public.

Government 89

Government 89

Data Breach Today

DECEMBER 3, 2018

Attorney Ronald Raether on Building a Cybersecurity Culture Tabletop exercises are a critical way to make sure an organization's incident response plan is effective and everyone knows their roles, says Ronald Raether of the law firm Troutman Sanders.

Cybersecurity 210

Cybersecurity 210

IT Governance

DECEMBER 6, 2018

Follow our advice to make sure your organisation is GDPR-compliant and avoids disciplinary action. After a relatively quiet few months, the EU GDPR (General Data Protection Regulation) is back in the news. Organisations have been waiting uneasily since the dramatics of the 25 May 2018 compliance deadline, wondering what the Regulation will look like in practice and whether its much-discussed fines will become a reality.

GDPR 87

GDPR Compliance Data breaches Privacy 87

Security Affairs

DECEMBER 3, 2018

Security experts at HackenProof are warning Open Elasticsearch instances expose over 82 million users in the United States. Experts from HackenProof discovered Open Elasticsearch instances that expose over 82 million users in the United States. Elasticsearch is a Java-based search engine based on the free and open-source information retrieval software library Lucene.

Data breaches 96

Data breaches Libraries Analytics Archiving 96

Advertisement

Start-ups & SMBs launching products quickly must bundle dashboards, reports, & self-service analytics into apps. Customers expect rapid value from your product (time-to-value), data security, and access to advanced capabilities. Traditional Business Intelligence (BI) tools can provide valuable data analysis capabilities, but they have a barrier to entry that can stop small and midsize businesses from capitalizing on them.

Analytics

Schneier on Security

DECEMBER 7, 2018

Kaspersky is reporting on a series of bank hacks -- called DarkVishnya -- perpetrated through malicious hardware being surreptitiously installed into the target network: In 2017-2018, Kaspersky Lab specialists were invited to research a series of cybertheft incidents. Each attack had a common springboard: an unknown device directly connected to the company's local network.

Access 88

Access IT 88

Data Breach Today

DECEMBER 7, 2018

Convincing Face-Swapping Clips Easy to Create With Gaming Laptops and Free Tools The easy availability of tools for designing face-swapping deep-fake videos drove Symantec security researchers Vijay Thaware and Niranjan Agnihotri to design a tool for spotting deep fakes, which they described in a briefing at the Black Hat Europe 2018 conference in London.

Security 194

Security 194

OpenText Information Management

DECEMBER 6, 2018

In my previous blog, I looked at operational excellence in oil and gas. In its Oil and Gas Trends 2018-19, PwC suggests that companies should ‘double down’ on digitization to drive operational excellence, citing the use of drones to inspect offshore platforms as a key example. So, how can you make the most of drones within … The post Why drones are revolutionizing asset inspection in oil and gas appeared first on OpenText Blogs.

IT 84

IT Analytics 84