2002 and Information Security - Information Management Today

MY TAKE: Is Satya Nadella’s ‘Secure Future Initiative’ a deja vu of ‘Trustworthy Computing?’

The Last Watchdog

MAY 3, 2024

Org overhaul As Todd reports, not only is Microsoft basing a portion of senior executive compensation on progress toward security goals, it also will install deputy chief information security officers (CISOs) in each product group,and bring together teams from its major platforms and product teams in “engineering waves” to overhaul security.

Security

Security Cloud Privacy Information Security

CISA adds 95 flaws to the Known Exploited Vulnerabilities Catalog

Security Affairs

MARCH 4, 2022

The flaws added to the catalog impact several products, including Windows, Office, Cisco, Oracle, Adobe, Mozilla, Siemens, Apache, Exim, Linux, and Treck TCP/IP stack.

Cybersecurity

Cybersecurity Authentication Risk Security

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Security Affairs

OCTOBER 9, 2023

CVE-2021-20016 , CVE-2021-20021 , CVE-2021-20022 , CVE-2021-2002 ) or using compromised credentials. The group’s operators use several techniques to breach the targets’ networks, such as exploiting SonicWall flaws (e.g.,

Ransomware

Ransomware Archiving Encryption Cybersecurity

International Criminal Court hit with a cyber attack

Security Affairs

SEPTEMBER 20, 2023

It was established by the Rome Statute, which entered into force on July 1, 2002. “At the end of last week, the International Criminal Court’s services detected anomalous activity affecting its information systems. The ICC is headquartered in The Hague, Netherlands.

Cybersecurity

Cybersecurity Cloud Security IT

New TunnelVision technique can bypass the VPN encapsulation

Security Affairs

MAY 8, 2024

The researchers speculate that the vulnerability existed in DHCP since 2002, when option 121 was implemented. The researchers explained that during the attack, the victim cannot notice any disconnection to the VPN, they also remarked that the flaw isn’t tied to a specific VPN provider or implementation.

Encryption

Encryption Authentication Marketing Security

Episode 229: BugCrowd’s Casey Ellis On What’s Hot In Bug Hunting

The Security Ledger

NOVEMBER 3, 2021

Programs like iDefense Labs Vulnerability Contributor Program (VCP) (launched in 2002) and TippingPoint’s Zero Day Initiative (2005) were accused -at the time- of incentivizing the work of criminals and bad actors. . For those firms, bug bounty platforms have been a critical bridge to the global community of “white hat” security pros.

IoT

IoT Manufacturing Ransomware Marketing

HelloKitty ransomware gang also targets victims with DDoS attacks

Security Affairs

NOVEMBER 1, 2021

CVE-2021-20016 , CVE-2021-20021 , CVE-2021-20022 , CVE-2021-2002 ) or using compromised credentials. The group’s operators use several techniques to breach the targets’ networks, such as exploiting SonicWall flaws (e.g., ” continues the alert.

Ransomware

Ransomware Encryption Security IT

President Biden Signs Two Bills Aimed at Enhancing Government Cybersecurity

Hunton Privacy

JULY 5, 2022

The Cybersecurity Act amends certain provisions of the Homeland Security Act of 2002. Department of Homeland Security (“DHS”) and state, local, tribal and territorial governments, as well as corporations, associations and the general public.

Cybersecurity

Cybersecurity Government Education Communications

The attack on the International Criminal Court was targeted and sophisticated

Security Affairs

OCTOBER 22, 2023

It was established by the Rome Statute, which entered into force on July 1, 2002. The ICC is headquartered in The Hague, Netherlands.

Cybersecurity

Cybersecurity Security IT Information Security

European Network and Information Security Agency Publishes Report on Cookies

Hunton Privacy

FEBRUARY 23, 2011

On February 18, 2011, the European Network and Information Security Agency (“ENISA”), an advisory body created to enhance information security in the EU, announced the issuance of its report on cookies, entitled “ Bittersweet cookies. Some security and privacy considerations.”.

Information Security

Information Security Security Privacy IT

European Network and Information Security Agency Publishes Report on Data Breach Notification in the EU

Hunton Privacy

JANUARY 17, 2011

On January 14, 2011, the European Network and Information Security Agency (“ENISA”), which was created to enhance information security within the European Union, published a report entitled “ Data breach notifications in the EU ” (the “Report”).

Data breaches

Data breaches Information Security Security Privacy

FBI’s investigation accidentally revealed the HelloKitty ransomware gang operates out of Ukraine

Security Affairs

DECEMBER 15, 2021

CVE-2021-20016 , CVE-2021-20021 , CVE-2021-20022 , CVE-2021-2002 ) or using compromised credentials. The group’s operators use several techniques to breach the targets’ networks, such as exploiting SonicWall flaws (e.g.,

Ransomware

Ransomware Data breaches Encryption IT

3.4 Million user records from LiveAuctioneers hack available for sale

Security Affairs

JULY 14, 2020

LiveAuctioneers is one of the world’s largest art, antiques & collectibles online marketplace that was founded in 2002. The company confirmed the security breach over the weekend, it revealed that unknown threat actors accessed a partner’s systems in June stealing user information. million users.

Sales

Sales Data breaches Passwords Encryption

Silent Night Zeus botnet available for sale in underground forums

Security Affairs

MAY 23, 2020

The name “Silent Night” Zbot is likely a reference to a weapon mentioned in the 2002 movie xXx, it was first spotted in November 2019 when a seller named “Axe” started offering it on the Russian underground forum forum.exploit[.]in.

Sales

Sales Data collection Passwords IT

Guest Post - How important is digital document consistency?

AIIM

OCTOBER 30, 2017

Prior to working with Y Soft, Mr. Koelewijn founded X-Solutions in late 2002 which was later acquired by Nuance in 2009. Prior to X-Solutions, Wouter was the CTO and co-founder of a Xerox concessionaire in the Netherlands from 1994-2002. Mr. Koelewijn is married and has two children. He enjoys skiing, swimming and sailing.

e-Delivery

e-Delivery File names Compliance ECM

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

Security Affairs

FEBRUARY 10, 2022

In 2018, the FBI Internet Crime Complaint Center (IC3) received complaints for 1,611 SIM swapping attacks, while the number of complaints in the period between 2018 e 2002 was 320 causing a total of losses of $12 million.

Passwords

Passwords Authentication Retail Access

Citrix Workspace flaw can allow remote hack of devices running vulnerable app

Security Affairs

JULY 22, 2020

This vulnerability affects the following supported versions of Citrix Workspace app for Windows: Citrix Workspace app for Windows 1912 LTSR Citrix Workspace app for Windows 2002. .” Pen Test Partners also shared video proof of concept for this vulnerability. Citric has released versions 1912 LTSR CU1 and 2006.1

Honeypots

Honeypots IT Access Security

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Security Affairs

FEBRUARY 10, 2022

In 2018, the FBI Internet Crime Complaint Center (IC3) received complaints for 1,611 SIM swapping attacks, while the number of complaints in the period between 2018 e 2002 was 320 causing a total of losses of $12 million. ” reads the Publish Service Announcement published by the IC3.

Passwords

Passwords Authentication Retail Education

Jeff Moss on the Evolution of Hacking at SecTor 2021

ForAllSecure

NOVEMBER 3, 2021

In the dot.com era, 1994-2002, this was the time of the commercial internet, the rise of search engines, and internet browsers. Moss noted that security people he'd known for years were started getting salaried jobs … and started using their legal names. Not really to steal, but to gain access to faster computers.

Risk

Risk Access Government Information Security

New EU Breach Regulation in Force

Hunton Privacy

AUGUST 23, 2013

The Regulation on the measures applicable to the notification of personal data breaches under Directive 2002/58/EC (the “Regulation”) specifies the technical measures of how Internet service providers, telecommunications providers and other public electronic communications service (“ECS”) providers must notify of data breaches.

Data breaches

Data breaches Personal data Communications Privacy

Croatia Joins the European Union and Its Data Protection Regime

Hunton Privacy

JULY 1, 2013

For example, the Electronic Communications Act implements the e-Privacy Directive 2002/58/EC , as amended by Directive 2009/136/EC, and the Regulation on the Procedure for Storage and Special Measures Relating to the Technical Protection of Special Categories of Personal Data sets forth detailed information security measures.

Personal data

Personal data IT Compliance Communications

Microsoft announces the launch of a bug bounty program for Xbox

Security Affairs

FEBRUARY 2, 2020

Since launching in 2002, the Xbox network has enabled millions of users to share their common love of gaming on a safe and secure service. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Security

Security Information Security

House Passes Two Cybersecurity Bills

Hunton Privacy

MAY 1, 2012

3523), which is aimed at facilitating the exchange of cyber threat intelligence information between the government and certain private entities. In addition, the House approved the Federal Information Security Amendments Act of 2012 (H.R. Federal Information Security Amendments Act.

Cybersecurity

Cybersecurity Information Security Libraries Sales

FTC Investigating Privacy Risks to Data Stored on Digital Copiers

Hunton Privacy

MAY 26, 2010

Congressman Markey had urged the FTC to investigate this issue after a CBS News exposé showed that almost every digital copier produced since 2002 stores on its hard drive images of documents that are “scanned, copied or emailed by the machine” – including documents with sensitive personal information.

Privacy

Privacy Risk Manufacturing Retail

California Bulks Up Security Breach Notification Requirements

Hunton Privacy

SEPTEMBER 2, 2011

Senate Bill 24 was the third effort by State Senator Joe Simitian to build on the landmark California breach notification law he authored in 2002. California agencies using substitute notice will be required to notify the Office of Information Security within the California Technology Agency.

Security

Security Consumer Services Compliance Privacy

EU Commissioner Reding Signals Intention to Introduce Mandatory Data Breach Notification

Hunton Privacy

JUNE 21, 2011

Under the revised EU Directive 2002/58/EC (the “e-Privacy Directive”), which came into force on May 25, 2011, telecommunications firms and internet service providers are already subject to mandatory data breach notification requirements.

Data breaches

Data breaches Privacy Personal data Risk

FTC Announces Significant Updates to GLB Safeguards Rule

Hunton Privacy

NOVEMBER 2, 2021

Promulgated in 2002 pursuant to the Gramm-Leach-Bliley Act, the Safeguards Rule obligates covered financial institutions to develop, implement and maintain a comprehensive information security program that complies with the Rule’s requirements.

Information Security

Information Security Risk Compliance Data breaches

German DPAs Publish Comprehensive FAQs on Statutory Data Breach Notification Requirement

Hunton Privacy

MAY 31, 2011

The German data breach notification requirements are similar to the security breach notification scheme introduced in the revised EU e-Privacy Directive 2002/58/EC, albeit with a much broader scope.

Data breaches

Data breaches Paper Personal data Privacy

Article 29 Working Party Opines on Mobile Apps

Hunton Privacy

MARCH 18, 2013

In addition, the specific consent requirement contained in Article 5(3) of e-Privacy Directive 2002/58/EC (the “e-Privacy Directive”) applies to the storing or accessing of any information (not only personal data) on mobile devices.

Manufacturing

Manufacturing Personal data Privacy Data breaches

States Attempt to Address Privacy Risks Associated with Digital Copiers and Electronic Waste

Hunton Privacy

APRIL 1, 2011

Last year, we reported that the Federal Trade Commission was investigating this issue after an exposé showed that almost every digital copier produced since 2002 stores on its hard drive images of documents that are “scanned, copied or emailed by the machine” – including documents with sensitive personal information.

Privacy

Privacy Risk Manufacturing Retail

Article 29 Working Party and EDPS Release Opinions on the ePrivacy Directive

Hunton Privacy

JULY 29, 2016

On July 25, 2016, the Article 29 Working Party (the “Working Party”) and the European Data Protection Supervisor (“EDPS”) released their respective Opinions regarding the review of Directive 2002/58/EC on privacy and electronic communications (the “ePrivacy Directive”).

Communications

Communications GDPR Marketing Metadata

EU Commission Issues Recommendation on RFID, Privacy and Data Protection

Hunton Privacy

MAY 13, 2009

The recommendation applies the principles of the General Data Protection Directive (Directive 95/46/EC) and of the e-Privacy Directive (Directive 2002/58/EC) to RFID technology.

Privacy

Privacy Data collection Sales Personal data

Identity-based Cryptography

Thales Cloud Protection & Licensing

SEPTEMBER 26, 2019

Findings are shared publicly, whenever possible, to further the advancement of the information security community. In Advances in Cryptology – ASIACRYPT 2002, pages 548–566. In Advances in Cryptology – ASIACRYPT 2002, pages 548–566. Springer Verlag, 2002. Cryptology ePrint Archive, Report 2002/098.

e-Delivery

e-Delivery Encryption Authentication Government

Best beginner cyber security certifications

IT Governance

SEPTEMBER 13, 2021

CompTIA Security+. The CompTIA Security+ qualification is widely considered to be one of the best introductions to the cyber security industry. This five-day session contains everything you need to know about the key CompTIA Security+ Knowledge Domains. What skills will you learn?

Security

Security Systems administration Honeypots Risk

FTC Announces Settlement with Medical Transcription Provider after Discovery of Patient Transcripts on the Internet

Hunton Privacy

FEBRUARY 3, 2014

In the FTC’s accompanying statement , the FTC said that “What started in 2002 with a single case applying established FTC Act precedent to the area of data security has grown into a vital enforcement program that has helped to increase protections for consumers and has encouraged companies to make safeguarding consumer data a priority.”.

Compliance

Compliance Information Security Security IT

European Data Protection Supervisor Publishes Priorities for 2017

Hunton Privacy

FEBRUARY 17, 2017

In the context of the European Commission’s ongoing review of the e-Privacy Directive 2002/58/EC, the EDPS will focus on the need to adequately translate the principle of confidentiality of electronic communications into secondary EU law. Contribute to a Security Union and Stronger Borders Based on Respect for Fundamental Rights.

Privacy

Privacy Communications Personal data Marketing

Guest Post -- New Global Data and Privacy Regulations in 2018 and the GDPR

AIIM

NOVEMBER 2, 2017

In 2002, EC Vice President, Commissioner Viviane Reding initially proposed reform to data privacy rules in the European Union. The deadline for compliance is right around the corner, and the penalties for non-compliance are potentially large enough to put companies out of business.

GDPR

GDPR Privacy Compliance Information architecture

European Data Privacy Day Expert Panel Provides 30-Year Retrospective on UK Data Protection

Hunton Privacy

FEBRUARY 1, 2013

A Period of Significant Legislative Change – 1994 to 2002. She served until December 2002. The Emergence of the “Surveillance Society” – 2002 to 2009. Richard Thomas CBE headed the office from November 2002 until 2009, during which time it was named the ICO. During her tenure, people began to speak of “privacy.”.

Data Privacy

Data Privacy Privacy Computer and Electronics Education

European Data Protection Supervisor Publishes Priorities for 2016

Hunton Privacy

JANUARY 12, 2016

In addition, the EDPS will participate in the review of Directive 2002/58/EC on the processing of personal data and the protection of privacy in the electronic communications sector, also known as the e-Privacy Directive. Ensure Adequate Protection of Personal Data in International Data Transfers.

Personal data

Personal data GDPR Privacy Communications

The Hacker Mind Podcast: What Star Wars Can Teach Us About Threat Modeling

ForAllSecure

JANUARY 22, 2023

Having a common framework around vulnerabilities, around threats , helps us understand the information security landscape better. Literally, how the rebellion fighting the Empire has echoes in how we approach and mitigate information security threats. But in information security, it's not always true.

Cloud

Cloud Security IT Authentication

The Hacker Mind Podcast: Hacking Real World Criminals Online

ForAllSecure

MAY 2, 2023

VAMOSI: Here’s former US Attorney General John Ashcroft in 2002. the whole system and some of the FBI in general, you know, like, I think that the way that they treat people just in the information security community is a little I don't know, it's entitled. And so that's kind of my angst against that.

IT

IT Sales Security Honeypots

MY TAKE: Is Satya Nadella’s ‘Secure Future Initiative’ a deja vu of ‘Trustworthy Computing?’

CISA adds 95 flaws to the Known Exploited Vulnerabilities Catalog

Trending Sources

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

International Criminal Court hit with a cyber attack

New TunnelVision technique can bypass the VPN encapsulation

Episode 229: BugCrowd’s Casey Ellis On What’s Hot In Bug Hunting

HelloKitty ransomware gang also targets victims with DDoS attacks

President Biden Signs Two Bills Aimed at Enhancing Government Cybersecurity

The attack on the International Criminal Court was targeted and sophisticated

European Network and Information Security Agency Publishes Report on Cookies

European Network and Information Security Agency Publishes Report on Data Breach Notification in the EU

FBI’s investigation accidentally revealed the HelloKitty ransomware gang operates out of Ukraine

3.4 Million user records from LiveAuctioneers hack available for sale

Silent Night Zeus botnet available for sale in underground forums

Guest Post - How important is digital document consistency?

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

Citrix Workspace flaw can allow remote hack of devices running vulnerable app

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Jeff Moss on the Evolution of Hacking at SecTor 2021

New EU Breach Regulation in Force

Croatia Joins the European Union and Its Data Protection Regime

Microsoft announces the launch of a bug bounty program for Xbox

House Passes Two Cybersecurity Bills

FTC Investigating Privacy Risks to Data Stored on Digital Copiers

California Bulks Up Security Breach Notification Requirements

EU Commissioner Reding Signals Intention to Introduce Mandatory Data Breach Notification

FTC Announces Significant Updates to GLB Safeguards Rule

German DPAs Publish Comprehensive FAQs on Statutory Data Breach Notification Requirement

Article 29 Working Party Opines on Mobile Apps

States Attempt to Address Privacy Risks Associated with Digital Copiers and Electronic Waste

Article 29 Working Party and EDPS Release Opinions on the ePrivacy Directive

EU Commission Issues Recommendation on RFID, Privacy and Data Protection

Identity-based Cryptography

Best beginner cyber security certifications

FTC Announces Settlement with Medical Transcription Provider after Discovery of Patient Transcripts on the Internet

European Data Protection Supervisor Publishes Priorities for 2017

Guest Post -- New Global Data and Privacy Regulations in 2018 and the GDPR

European Data Privacy Day Expert Panel Provides 30-Year Retrospective on UK Data Protection

European Data Protection Supervisor Publishes Priorities for 2016

The Hacker Mind Podcast: What Star Wars Can Teach Us About Threat Modeling

The Hacker Mind Podcast: Hacking Real World Criminals Online

Stay Connected