Sat.Aug 18, 2018 - Fri.Aug 24, 2018

article thumbnail

What companies need to know about ‘SecOps’ — the path to making ‘digital transformation’ secure

The Last Watchdog

DevOps has been around for a while now, accelerating the creation of leading edge business applications by blending the development side with the operations side. It should come as no surprise that security is being formally added to DevOps, resulting in an emphasis on a process being referred to as SecOps or DevSecOps. Related: How DevOps played into the Uber hack.

article thumbnail

Google Hit With Lawsuit Over Location Tracking

Data Breach Today

Tech Giant Clarifies: Pausing 'Location History' Alone Won't Stop All Tracking A lawsuit accuses Google of "the surreptitious location tracking of millions of mobile phone users." The legal action was sparked by a report demonstrating that some Google apps tracked and time-stamped users' locations even if a user deactivated the "location history" setting.

119
119
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Experts Urge Rapid Patching of ‘Struts’ Bug

Krebs on Security

In September 2017, Equifax disclosed that a failure to patch one of its Internet servers against a pervasive software flaw — in a Web component known as Apache Struts — led to a breach that exposed personal data on 147 million Americans. Now security experts are warning that blueprints showing malicious hackers how to exploit a newly-discovered Apache Struts bug are available online, leaving countless organizations in a rush to apply new updates and plug the security hole before att

article thumbnail

Seven Data Security Challenges You Must Meet to Comply with GDPR

Thales Cloud Protection & Licensing

The enactment of the European Union’s General Data Protection Regulation (GDPR) is a significant milestone for virtually every international business. Under the standard, organizations need to comply withan extensive set of requirements—or potentially face significant fines for failing to do so. Thales eSecurity and DataStax have come together to draft “Aligning GDPR Requirements with Today’s Hybrid-Cloud Realities,” which outlines a number of the issues organizations need to address to be GDPR

GDPR 119
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Trend Micro takes multi-pronged approach to narrowing the gaping cybersecurity skills gap

The Last Watchdog

Remember the old adage, you can never be too thin or too rich? The software development world has its own take on that dictum—you can never be too fast. Related: Gamification training targets iGens. Business demand dictates a frenetic pace for delivering new and better technology. To perfect the process, more organizations are taking a DevOps approach—melding software development and software operations simultaneously.

More Trending

article thumbnail

Alleged SIM Swapper Arrested in California

Krebs on Security

Authorities in Santa Clara, Calif. have arrested and charged a 19-year-old area man on suspicion hijacking mobile phone numbers as part of a scheme to steal large sums of bitcoin and other cryptocurrencies. The arrest is the third known law enforcement action this month targeting “SIM swappers,” individuals who specialize in stealing wireless phone numbers and hijacking online financial and social media accounts tied to those numbers.

article thumbnail

Top Cybersecurity Companies of 2018

eSecurity Planet

These IT security vendors lead the market through their innovative offerings, range of products and services, customer satisfaction and annual revenue

article thumbnail

GUEST ESSAY: 6 best practices that will help protect you company’s digital assets in the cloud

The Last Watchdog

More businesses than ever before are choosing to move their IT infrastructure and systems to cloud solutions such as Amazon Web Services and Microsoft Azure. There are many reasons to choose a cloud solution including increased flexibility and scalability, as well as reduced cost. In fact, a recent study of nearly 200 businesses and entrepreneurs found that 76% are looking to cloud solutions in order to increase the efficiency of their business.

Cloud 159
article thumbnail

Apache Issues Emergency Struts Patch to Fix Critical Flaw

Data Breach Today

Some Security Experts Recommend Replacing Struts Altogether Due to Breach Risk Apache has released an emergency fix for its Struts web application framework to patch a flaw that attackers can exploit to take full control of the application. Some incident response experts, based on the severity of breaches they've investigated, recommend dropping Struts altogether.

Risk 141
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Six steps to improve your file classification- Part 1

TAB OnRecord

When it comes to effectively managing files, a functional classification system is the most efficient way to go. Whether you need to build a functional classification system from scratch or overhaul an existing system, this resource shows you how. It presents some basic principles of file classification along with practical strategies in developing and implementing the right system.

article thumbnail

Expert discovered a Critical Remote Code Execution flaw in Apache Struts (CVE-2018-11776)

Security Affairs

Maintainers of the Apache Struts 2 open source development framework has released security updates to address a critical remote code execution vulnerability. Security updates released this week for the Apache Struts 2 open source development framework addressed a critical RCE tracked as CVE-2018-11776. The vulnerability affects Struts versions from 2.3 through 2.3.34, Struts 2.5 through 2.5.16, and possibly unsupported versions of the framework.

article thumbnail

The Untold Story of NotPetya, the Most Devastating Cyberattack in History

WIRED Threat Level

Crippled ports. Paralyzed corporations. Frozen government agencies. How a single piece of code crashed the world.

article thumbnail

Secure 2018 US Elections: It's Too Late

Data Breach Today

Facebook's Ex-CSO Says That Ship Has Sailed; Look to 2020 With less than three months to go until the U.S. midterm elections, Alex Stamos, until recently Facebooks's CSO, says there isn't time to properly safeguard this year's elections. But here's how the company can get its act together in time for 2020.

IT 135
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

7 Serious IoT Vulnerabilities

Dark Reading

A growing number of employees have various IoT devices in their homes - where they're also connecting to an enterprise network to do their work. And that means significant threats loom.

IoT 87
article thumbnail

T-Mobile data breach exposed personal information of up to 2 million customers

Security Affairs

T-Mobile today announced It has suffered a security breach that May have exposed personal information of up to 2 million T-mobile customers. According to the telco giant, the incident affected its US servers on August 20, leaked information includes customers’ name, billing zip code, phone number, email address, account number, and account type (prepaid or postpaid).

article thumbnail

Physical Security Product Review – Portable Door Locks (PDLs) – Rishon Addalock VS. MasterBolt Travel Door Lock Security, Compared

Architect Security

Introduction I travel a lot, sometimes alone. I have left hotels almost immediately after checking in because I felt unsafe with the accommodations. Sometimes a hotel will assign a room to two people by mistake, and one person walks in on the other using a valid key (I’ve seen this happen). RFID “hotel master keys” exist. […].

article thumbnail

Judge Approves Final $115 Million Anthem Settlement

Data Breach Today

But Most Victims of the Health Insurer's Data Breach Will See No Cash A federal judge in California has given final approval to a $115 million settlement involving health insurer Anthem over its 2015 data breach. The settlement is the largest ever reached in a data-breach related class action suit, but most victims will see no money.

Insurance 126
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

How to Protect Your Phone Against a SIM Swap Attack

WIRED Threat Level

Your phone number is increasingly tied to your online identity. You need to do everything possible to protect it.

IT 108
article thumbnail

China’s Belt and Road project (BRI) is a driver of regional cyber threat activity

Security Affairs

Security experts have observed increasing cyber espionage activity related to China’s Belt and Road Initiative ( BRI ). The alarm was launched by the experts from cybersecurity firms FireEye and Recorded Future. China’s Belt and Road Initiative (BRI) is a development project for the building of an infrastructure connecting countries in Southeast Asia, Central Asia, the Middle East, Europe, and Africa.

article thumbnail

A worrying trend: Attacks on Asian healthcare organizations

Thales Cloud Protection & Licensing

While it’s no surprise to anybody reading this that data breaches are on the rise, the attacks facing healthcare organizations, most recently in Asia, are particularly worrisome. One need not look very far to find examples of the threats facing these entities: In Singapore, 1.5 million SingHealth patient records – including those of Prime Minister Lee Hsien Loong, were compromised in what is being called the Republic’s worst cyber attack.

article thumbnail

Health Data Breach Victim Tally for 2018 Soars

Data Breach Today

Analyzing the Latest 'Wall of Shame' Trends About 30 new health data breaches - including a phishing attack impacting 1.4 million individuals - have been added in recent weeks to the official federal tally, pushing the total victim count for 2018 so far to 4.3 million.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

It Takes an Average 38 Days to Patch a Vulnerability

Dark Reading

Analysis of 316 million-plus security incidents uncovers most common types of real-world attacks taking place within in-production Web apps in the AWS and Azure cloud ecosystems.

IT 72
article thumbnail

Unusual Malspam campaign targets banks with Microsoft Publisher files

Security Affairs

Researchers from Trustwave have uncovered a malspam campaign targeting banks with the FlawedAmmyy RAT. The peculiarity of this malspam campaign i s the unusual use of a Microsoft Office Publisher file to infect victims’ systems. Experts noticed an anomalous spike in the number of emails with a Microsoft Office Publisher file (a.pub attachment) and the subject line, “Payment Advice,” that was sent to domains belonging to banks.

article thumbnail

What’s your game plan for AI? 

IBM Big Data Hub

On September 13, Rob Thomas together with ESPN anchor Hannah Storm, will lead a discussion around the transformative potential of AI, the importance of a multi-cloud architecture — and how companies representing a range of industries – from manufacturing to health care — are winning with AI. Attend in person in NYC and enjoy intimate networking and learning sessions – or alternatively catch the Livestream from your home or office.

article thumbnail

Analysis: Anthem Data Breach Settlement

Data Breach Today

Some terms of the recent $115 million settlement in the class action lawsuit against health insurer Anthem tied to a 2015 cyberattack appear underwhelming for the victims, says attorney James DeGraw, who explains why.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

ISO 27001 checklist – a step-by-step guide to implementation

IT Governance

If you’re considering implementing an ISMS (information security management system) that conforms to ISO 27001 – the international standard for information security management – you may be daunted by the scale of the task. Don’t give up, though. Complying with ISO 27001 needn’t be a burden. Most organisations already have some information security measures – albeit ones developed ad hoc – so you could well find that you have many of ISO 27001’s controls in place.

article thumbnail

Malware researcher reverse engineered a threat that went undetected for at least 2 years

Security Affairs

The popular malware researchers Marco Ramilli has analyzed a malware that remained under the radar for more than two years. Today I’d like to share the following reverse engineering path since it ended up to be more complex respect what I thought. The full path took me about hours work and the sample covers many obfuscation steps and implementation languages.

article thumbnail

Regulatory Update: NAIC Summer 2018 National Meeting

Data Matters

The National Association of Insurance Commissioners (NAIC) held its Summer 2018 National Meeting in Boston, Massachusetts, from August 4 to 7, 2018. This post summarizes the highlights from this meeting. 1. NAIC Continues its Evaluation of Insurers’ Use of Big Data . The NAIC is continuing its review of property and casualty insurers’ use of predictive modeling in rate filings and is developing related guidance materials for states to use in reviewing predictive models.