Trending Articles

Report: Facebook App Exposed 3 Million More Users' Data

Data Breach Today

Revenge of the Personality Test, Take Two Researchers at the University of Cambridge, via a myPersonality test on Facebook, reportedly used data from 3 million users to power a spin-off company that delivered targeted advertising services.

203

Equifax Hack went deeper

InfoGovNuggets

This is old news. This post never made it out of “Drafts.” ” But worthy of note. The hack at Equifax that may have affected 145.5 million people went deeper than Equifax originally reported. “Equifax:Hack Went Deeper,” The Wall Street Journal , February 10, 2018 B10.

100

The Untold Story of Robert Mueller's Time in the Vietnam War

WIRED Threat Level

Special Counsel Robert Mueller’s job is to make sense of how Russia hacked the 2016 election. But to make sense of Mueller, you have to revisit some of the bloodiest battles of Vietnam. Security Backchannel

87

White House Eliminates Cybersecurity Position

Schneier on Security

The White House has eliminated the cybersecurity coordinator position. This seems like a spectacularly bad idea. cybersecurity intelligence nationalsecuritypolicy

75

UK will spend £56 million implementing the NIS Regulations

IT Governance

The day has come: the Directive on network and information security systems (NIS Directive) has been transposed into UK law as the NIS Regulations 2018. But the transposition hasn’t only brought a name change.

69

More Trending

Critical PGP Vulnerability

Schneier on Security

EFF is reporting that a critical vulnerability has been discovered in PGP and S/MIME. No details have been published yet, but one of the researchers wrote : We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC.

77

NIS Regulations: Government publishes guidance for competent authorities

IT Governance

With the Directive on security of network and information systems (NIS Directive) to be transposed into national laws across the EU by 9 May 2018, the UK government has published guidance for those tasked with its enforcement.

73

Uninstall or Disable PGP Tools, Security Researchers Warn

Data Breach Today

Exploitable Vulnerabilities Could Reveal Plaintext of Encrypted Emails European computer security researchers say they have discovered vulnerabilities that relate to two techniques used to encrypt emails: PGP and S/MIME.

173

What is your brand?

InfoGovNuggets

“Hundreds of Cryptocurrencies Show Hallmarks of Fraud,” The Wall Street Journal , May 18, 2018 A1. Plagiarism, promises of future returns, and fake executives found in offering materials for cryptocurrency companies. What can investors expect if they invest in these companies? Accuracy Communicate Communications Controls Corporation Data quality Duty Governance Internal controls Management

100

4 Key Takeaways From Mueller’s First Year—and What’s Next

WIRED Threat Level

One year in, Robert Mueller’s investigation into Trump and Russia appears poised to connect all the pieces of the puzzle. Security

71

Details on a New PGP Vulnerability

Schneier on Security

A new PGP vulnerability was announced today. Basically, the vulnerability makes use of the fact that modern e-mail programs allow for embedded HTML objects.

76

Weekly podcast: myPersonality, train Wi-Fi and Kaspersky Lab

IT Governance

This week, we discuss the exposure of millions of Facebook users’ data, security failings in train passenger networks and Kaspersky Lab’s relocation to Switzerland. Hello and welcome to the IT Governance podcast for Friday, 18 May 2018. Here are this week’s stories.

67

Mexico Investigates Suspected Cyberattacks Against 5 Banks

Data Breach Today

$20 Million in Potential Losses After Real-Time Payment Connections Compromised Mexican officials are investigating a series of technical glitches that may have been a prelude to a large cyberattack affecting at least five banks, according to news reports.

164

Keeping conversations semi-private

InfoGovNuggets

“Police Move to Make Their Radio Traffic Private,” The Wall Street Journal , May 18, 2018 A3. Police encrypt or delay release of radio traffic, limiting but not preventing public access. Keeps the crowds down. So, they can’t limit your speech, but they can delay your access to theirs? Makes sense, if they’re planning a SWAT raid. How transparent do we want the police to be? How transparent should your company be?

100

White House Cuts Top Cybersecurity Role as Threats Loom

WIRED Threat Level

Former national security officials say the Trump administration's decision to eliminate top cybersecurity policy roles sends the wrong message. Security

74

Sending Inaudible Commands to Voice Assistants

Schneier on Security

Researchers have demonstrated the ability to send inaudible commands to voice assistants like Alexa, Siri, and Google Assistant.

72

Clearing the Complication - Making Machine Learning and Artificial Intelligence Accessible and Useful

AIIM

These days it feels almost impossible to have a conversation with anyone involved in the world of Information Management without bringing up machine learning and artificial intelligence.

67

Noose Tightens Around Dark Overlord Hacking Group

Data Breach Today

Serbia Makes Arrest; UK Close to Sentencing Another The noose appears to be tightening around the Dark Overlord, a group of international hackers who have stolen and held for ransom sensitive information from dozens of companies, healthcare organizations and U.S. public schools.

153

Which is the tail and which is the dog?

InfoGovNuggets

“CBS Board Defies Shari Redstone,” The Wall Street Journal , May 18, 2018 B1. Board tries to reduce the control exercised by an 80% shareholder. This is going to be fun to watch (if you’re not one of the other shareholders). Interesting question on what the controlling shareholder (and the Board) can and cannot do. Board Controls Corporation Directors Duty Governance Internal controls Investor relations Oversight Shareholders Who is in charge

100

Memphis Belle: The 75th Anniversary of the 25th Mission

Unwritten Record

This post was written by Criss Kovac. Criss is the supervisor of the Motion Picture Preservation Lab. The statistics were overwhelmingly against them. With a million German troops and 40,000 anti-aircraft guns waiting the odds were roughly 50-50 they’d make it home alive.

68

Maliciously Changing Someone's Address

Schneier on Security

Someone changed the address of UPS corporate headquarters to his own apartment in Chicago. The company discovered it three months later.

65

A Location-Sharing Disaster Shows How Exposed You Really Are

WIRED Threat Level

The failures of Securus and LocationSmart to secure location data are the failures of an entire industry. Security

60

Health Data Breach Tally: The Latest Additions

Data Breach Today

Largest Incident: Break-In at California State Agency That Affected 582,000 The number of health data breach victims added to the official federal tally so far in 2018 has doubled in recent weeks to more than 2 million.

151

Shoes of the centipede

InfoGovNuggets

“Wells Fargo Faces More Woe Over Client Data,” The Wall Street Journal , May 18, 2018 B1. Another shoe drops at Wells Fargo (when will it ever end?) after disclosure that employees in the wholesale business (non-consumer) banking side changed and added customer information without approval. Reason: to meet a compliance deadline. Is there another organization with so many compliance failures?

100

Three reasons to choose the right Machine Learning algorithm

OpenText Information Management

Here are three reasons why choosing the right algorithm is crucial for the success of any Machine Learning project.

70

Accessing Cell Phone Location Information

Schneier on Security

The New York Times is reporting about a company called Securus Technologies that gives police the ability to track cell phone locations without a warrant: The service can find the whereabouts of almost any cellphone in the country within seconds.

68

Why your organisation needs cyber incident response management

IT Governance

With cyber attacks one of the top threats to organisations , it’s crucial to have the right measures in place to protect yourself from an attack. However, cyber threats are also becoming more sophisticated and persistent, and protection isn’t always enough.

62

DHS Issues More Medical Device Cybersecurity Alerts

Data Breach Today

Why Are Such Warnings Becoming More Common? The Department of Homeland Security has yet again issued a warning about cybersecurity vulnerabilities in medical devices. These warnings have come after independent researchers, or the companies themselves, have reported the problems

151

Readability

InfoGovNuggets

“Tips for Decoding Privacy-Policy Gibberish,” The Wall Street Journal , May 18, 2018 B4. In the run-up to implementation of the GDPR in Europe next week, companies are updating their privacy policies. Does anyone read these, or understand them? Do your employees read and understand your policies? Who’s at risk if they don’t? Communications Compliance Compliance (General) Controls Corporation Directors Duty Employees Governance Internal controls Oversight Policy

100

Your enterprise information security budget is too small

OpenText Information Management

The largest information security and digital risk conference in the world, RSAC 2018, recently descended on the Moscone Center in San Francisco for a packed week on all things cyber security.

65

Dominic Cummings is the true cowardly face of the Brexiters | Nick Cohen

The Guardian Data Protection

Vote Leave’s director refuses to go before the Commons. He fears the truth will out Dominic Cummings is just a troll. He may have trolled the whole country and changed the course of British history, but he’s still the man with an egg for a face, who screams everyone must be accountable for their actions – everyone except him. MPs who want to question Cummings about the finances of his Vote Leave campaign are “grandstanding” fools spreading “fake news”. (A

82

Business Continuity Awareness Week (BCAW) – Free BCM resources

IT Governance

Business continuity management (BCM) involves managing risks to ensure that critical business functions continue in the event of a disruption. The best approach to BCM is by developing and implementing a business continuity management system (BCMS) aligned to its international standard ISO 22301.

65

Real-Time Mobile Phone Location Tracking: Questions Mount

Data Breach Today

After Securus Technologies Gets Hacked, LocationSmart Fixes Data-Exposing Flaw Following reports about U.S. companies that enable government and other users to access real-time tracking information for all major U.S.

130

Content control

InfoGovNuggets

Who’s responsible for content? The First Amendment limits what the government can control. But what are the limits on what speech a private party can control, and how they can control it? “Facebook Focuses on Policing Content,” The Wall Street Journal , May 16, 2018 B4. Facebook doubling the number of people reviewing and controlling content.

100