Trending Articles

Super Micro: Audit Didn't Find Chinese Spying Chip

Data Breach Today

Firm Says Audit 'Lays to Rest the Unwarranted Accusations' Super Micro says a third-party audit of recent and older motherboards has not turned up evidence of a spying chip as alleged in an explosive report two months ago by Bloomberg BusinessWeek.

Scanning for Flaws, Scoring for Security

Krebs on Security

Is it fair to judge an organization’s information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices?

Equifax Breach 'Entirely Preventable,' House Report Finds

Data Breach Today

Democrats Slam Republican Report for Not Advancing New Breach-Prevention Laws The massive data breach suffered by Equifax in 2017 "was entirely preventable," according to a report released by the House Oversight Committee's Republican majority.

Hackers defaced Linux.org with DNS hijack

Security Affairs

The Linux.org website was defaced last week via DNS hijack, attackers breached into associated registrar account and changed the DNS settings.

Real-Time Attacks Against Two-Factor Authentication

Schneier on Security

Google finds bug in Google+ – 52.5 million users affected

IT Governance

Google has announced yet another data breach affecting its Google+ social network.

GDPR: 8,000 Data Breach Reports Filed So Far in UK

Data Breach Today

Privacy Watchdog Counts 41 Daily Breach Reports Since GDPR Enforcement Began The U.K.'s s privacy watchdog says that six months after enforcement of the EU's General Data Protection Regulation began, it's seen a dramatic increase in data breach reports - as well as privacy complaints from the publi

More Trending

Expert devised a new WiFi hack that works on WPA/WPA2

Security Affairs

The popular expert Jens ‘Atom’ Steube devised a new WiFi hack that allows cracking WiFi passwords of most modern routers.

New Australian Backdoor Law

Schneier on Security

Last week, Australia passed a law [link] the government the ability to demand backdoors in computers and communications systems. Details are still to be defined , but it's really bad. Note: Many people e-mailed me to ask why I haven't blogged this yet. One, I was busy with other things.

How long do you have to report a data breach?

IT Governance

This blog has been updated to reflect industry updates. Originally published 24 October 2018. The first 72 hours after you become aware of a data breach are critical.

Fresh Google+ Bug Exposed 52.2 Million Users' Data

Data Breach Today

Google Advances Date for Mothballing Google+ Social Network for Consumers Google says a buggy API update it pushed last month for its soon-to-be-mothballed Google+ social network exposed personal information for 52.2 million users.

Data 215

Spammed Bomb Threat Hoax Demands Bitcoin

Krebs on Security

A new email extortion scam is making the rounds, threatening that someone has planted bombs within the recipient’s building that will be detonated unless a hefty bitcoin ransom is paid by the end of the business day. Sources at multiple U.S. based financial institutions reported receiving the threats, which included the subject line, “I advise you not to call the police.” ” The email reads: My man carried a bomb (Hexogen) into the building where your company is located.

Operation Sharpshooter targets critical infrastructure and global defense

Security Affairs

McAfee uncovered a campaign tracked as Operation Sharpshooter that hit at least 87 organizations in global defense and critical infrastructure. Security experts at McAfee uncovered a hacking campaign, tracked as Operation Sharpshooter, aimed at infrastructure companies worldwide.

GUEST ESSAY: ‘Tis the season — to take proactive measures to improve data governance

The Last Watchdog

The holiday season is upon us and the bright lights and greenery aren’t the only indicators that we’ve reached December. Sadly, data breaches often occur at this time of year. Recently we’ve seen major news stories about breaches at Starwood Hotels and Quora. Related podcast: The need to lock down unstructured data. Last year, at this time, it was announced that there was a significant privacy leak at eBay affecting many customers.

Your DPO questions answered

IT Governance

Organisations have had to get a lot more serious about data processing and information security since the EU GDPR (General Data Protection Regulation) came into effect earlier this year.

Patch Tuesday, December 2018 Edition

Krebs on Security

Adobe and Microsoft each released updates today to tackle critical security weaknesses in their software. Microsoft’s December patch batch is relatively light, addressing more than three dozen vulnerabilities in Windows and related applications.

New threat actor SandCat exploited recently patched CVE-2018-8611 0day

Security Affairs

Experts from Kaspersky Lab reported that that the recently patched Windows kernel zero-day vulnerability ( CVE-2018-8611 ) has been exploited by several threat actors.

Facebook Exposed 6.8 Million Users' Photos to Cap Off a Terrible 2018

WIRED Threat Level

In the latest in its long string of 2018 incidents, Facebook let developers access the private photos of millions of users. Security

GUEST ESSAY: Why corporate culture plays such a pivotal role in deterring data breaches

The Last Watchdog

Picture two castles. The first is impeccably built – state of the art, with impenetrable walls, a deep moat, and so many defenses that attacking it is akin to suicide. The second one isn’t quite as well-made. The walls are reasonably strong, but there are clear structural weaknesses. And while it does have a moat, that moat is easily forded. Related podcast: The case for ‘zero-trust’ security. Obviously, on paper the castle with better defenses is the one that survives a siege.

Weak Encryption Leaves Mobile Health App at Risk for Hacking

Data Breach Today

Weekly Update 117

Troy Hunt

I'm in Whistler! And as I say at the start of this video, I did seriously consider having a week off these videos, but I found a comfy spot by the fire and a cold beer and all was good in the world again.

ID Numbers for 120 Million Brazilians taxpayers exposed online

Security Affairs

InfoArmor discovered a misconfigured server online that contained taxpayer identification numbers for 120 million Brazilian taxpayers.

Building a foundation of trust for the Internet of Things

Thales Data Security

In the digital transformation era, companies across all sectors are using next-generation technologies to streamline their operations, deliver value to customers, and gain a competitive edge. Invariably, Internet of Things (IoT) strategies form the backbone of those efforts.

IoT 76

NetSecOPEN names founding members, appoints inaugural board of directors

The Last Watchdog

SAN JOSE, Calif. – 11, 2018 – NetSecOPEN , the first industry organization focused on the creation of open, transparent network security performance testing standards, today announced that 11 prominent security vendors, test solutions and services vendors, and testing laboratories have joined the organization as founding members. Related podcast: The importance of sharing alliances.

Credit Card System Hack Led to HIPAA Breach Report

Data Breach Today

Baylor Scott & White Medical Center - Frisco Notifying Those Affected The hacking of a credit card processing system has prompted a Texas hospital to notify federal regulators and affected individuals of a breach as required by the HIPAA Breach Notification Rule

208

Do schools need to appoint a data protection officer?

IT Governance

Finding a qualified DPO is arguably one of the GDPR’s hardest requirements, but is it something that schools need to be concerned about? The EU GDPR (General Data Protection Regulation) contains particularly strong requirements for protecting children’s data.

Novidade, a new Exploit Kit is targeting SOHO Routers

Security Affairs

Security experts at Trend Micro have discovered a new exploit kit, dubbed Novidade (“novelty” in Portuguese), that is targeting SOHO routers to compromise the devices connected to the network equipment.

Marriott Hack Reported as Chinese State-Sponsored

Schneier on Security

The New York Times and Reuters are reporting that China was behind the recent hack of Mariott Hotels. Note that this is still uncomfirmed, but interesting if it is true.

Tools 74

Five reasons to choose OpenText Exstream for Salesforce

OpenText Information Management

OpenText Exstream™ has consistently been recognized by analysts as a leader in the Customer Communications Management (CCM) space for over 10 years.

Tools 72

Breach Response: When to Involve the Board and PR

Data Breach Today

Attorney Mark Rasch on How to Prepare and Practice Your Response In the wake of the recent Marriott and National Republican Congressional Committee data breaches, now is the time to get your board's attention regarding breach response and public disclosures.

9 Trumpworld Figures Who Should Fear Mueller the Most

WIRED Threat Level

After Michael Cohen's sentencing, plenty more people and entities in Trump's orbit potentially sit in the special counsel's crosshairs. Security

Cyber attack hit the Italian oil and gas services company Saipem

Security Affairs

Some of the servers of the Italian oil and gas services company Saipem were hit by a cyber attack early this week. Saipem has customers in more than 60 countries, including Saudi Arabian oil and gas giant Saudi Aramco. It could be considered a strategic target for a broad range of threat actors.

UK: GDPR Brexit flowchart

DLA Piper Privacy Matters

This week has brought further uncertainty on the route to Brexit.

GDPR 67

Driving Documentum forward with Release 16 EP5

OpenText Information Management

OpenText™ Documentum™ excels at enabling companies to maintain control over their critical content, and leverage this content to enhance their business processes In the past month, we’ve announced the availability of OpenText Release 16 Enhancement Pack 5 (EP5) and OpenText Documentum 16.5.

Blog 70

Identity and the Need to Break Down Silos

Data Breach Today

Nexus Group CEO Magnus Malmström on Integrating Identity Across the Enterprise Breaking down departmental silos and building one common, umbrella identity is critical for closing the security gaps in rapidly digitizing environments, says Nexus Group CEO Magnus Malmström

Groups 175

It’s time to think twice about retail loyalty programs

Thales Data Security

As I was starting to write this blog, yet another retail program data breach occurred, for Marriott’s Starwood loyalty program.

WordPress botnet composed of +20k installs targets other sites

Security Affairs

Experts from security firm Wordfence discovered a Botnet of 20,000 WordPress Sites Infecting other WordPress installs.

CMS 92