2002 and Security - Information Management Today

Congressional Movement on Cybersecurity in a Bill to Reauthorize the Homeland Security Act of 2002

Data Matters

MARCH 7, 2018

Senate’s Homeland Security and Governmental Affairs Committee approved a bill ( SB 2825 ) reauthorizing the Homeland Security Act of 2002 and including key cybersecurity provisions affecting the Department of Homeland Security (DHS). On March 7, 2018, the U.S. to incentivize more cybersecurity training activities.

Cybersecurity

Cybersecurity Security Risk Privacy

Women in Security: Assessing the Progress

Data Breach Today

MAY 30, 2018

Cybersecurity challenges and solutions have evolved greatly since 2002. And so has the Executive Women's Forum, which was founded that year to advance female leaders in the profession. Founder Joyce Brocaglia reflects on the forum's accomplishments and challenges.

Security

Security Cybersecurity

RSAC insights: Security Compass leverages automation to weave security deeper into SecOps

The Last Watchdog

MAY 13, 2021

In this heady environment, the idea of attempting to infuse a dollop of security into new software products — from inception — seems almost quaint. History of product security. As a nod to security, nominal static analysis and maybe a bit of penetration testing gets done just prior to meeting a tight deployment deadline.

Security

Security Digital transformation Cybersecurity Compliance

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

NIST proposes Secure Software Development Framework

DXC Technology

JULY 16, 2019

Ever since Bill Gates fired off his famous Trustworthy Computing memo in January 2002, developing secure software has been a hot topic of discussion. It was important before then, for sure, but it was often overlooked. It took a series of high-profile worms such as Code Red and Nimda and a series of breaches to […].

Security

Security IT

CISA adds 95 flaws to the Known Exploited Vulnerabilities Catalog

Security Affairs

MARCH 4, 2022

Cybersecurity and Infrastructure Security Agency (CISA) added 95 vulnerabilities to its Known Exploited Vulnerabilities Catalog. Cybersecurity and Infrastructure Security Agency (CISA) has added 95 vulnerabilities to its Known Exploited Vulnerabilities Catalog. Pierluigi Paganini.

Cybersecurity

Cybersecurity Authentication Risk Security

International Criminal Court hit with a cyber attack

Security Affairs

SEPTEMBER 20, 2023

It was established by the Rome Statute, which entered into force on July 1, 2002. Immediate measures were adopted to respond to this cyber security incident and to mitigate its impact. Additional response and security measures are now ongoing, with the assistance of the Host Country authorities.

Cybersecurity

Cybersecurity Cloud Security IT

BOOK REVIEW: ‘Security Yearbook’ preserves cybersecurity history — highlights tectonic shift

The Last Watchdog

FEBRUARY 24, 2020

Related: The role of PKI is securing digital transformation That was in 2002. I recently had a chance to have a rich discussion about the state of cybersecurity with Stiennon, the occasion being him sending me a copy of his new book: Security Yearbook 2020: A History and Directory of the IT Security Industry.

Cybersecurity

Cybersecurity Artificial Intelligence Security Digital transformation

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Security Affairs

OCTOBER 9, 2023

CVE-2021-20016 , CVE-2021-20021 , CVE-2021-20022 , CVE-2021-2002 ) or using compromised credentials. The group’s operators use several techniques to breach the targets’ networks, such as exploiting SonicWall flaws (e.g.,

Ransomware

Ransomware Archiving Encryption Cybersecurity

The attack on the International Criminal Court was targeted and sophisticated

Security Affairs

OCTOBER 22, 2023

It was established by the Rome Statute, which entered into force on July 1, 2002. The Dutch law enforcement authorities are still investigating the security breach. “The Court is also accelerating a number of existing initiatives aimed at enhancing digital security.” ” concludes the press release.

Cybersecurity

Cybersecurity Security IT Information Security

VMware Flaw a Vector in SolarWinds Breach?

Krebs on Security

DECEMBER 18, 2020

National Security Agency (NSA) warned on Dec. ” VMware released a software update to plug the security hole ( CVE-2020-4006 ) on Dec. ” VMware released a software update to plug the security hole ( CVE-2020-4006 ) on Dec. 7 was being used by Russian hackers to impersonate authorized users on victim networks.

Authentication

Authentication Access Security Government

SEC Fines Alternative Data Provider for Securities Fraud

Data Matters

SEPTEMBER 30, 2021

Securities and Exchange Commission (SEC) settled an enforcement action against App Annie Inc., This type of nonfinancial data, when used in connection with securities trades, is often referred to as “alternative data.”. 6 There, a broker stole proceeds of sales of securities in his client’s account. Similarly, in SEC v.

Security

Security Sales Compliance Analytics

Patch Tuesday Fixes Actively Exploited MOTW Vulnerability

eSecurity Planet

DECEMBER 14, 2022

Microsoft’s December 2022 Patch Tuesday includes fixes for over four dozen vulnerabilities, six of them critical – including a zero-day flaw in the SmartScreen security tool, CVE-2022-44698 , that’s being actively exploited. Also read: Cybersecurity Agencies Release Guidance for PowerShell Security. Prioritizing Fixes.

Risk

Risk Authentication Ransomware Cybersecurity

President Biden Signs Two Bills Aimed at Enhancing Government Cybersecurity

Hunton Privacy

JULY 5, 2022

The Cybersecurity Act amends certain provisions of the Homeland Security Act of 2002. Department of Homeland Security (“DHS”) and state, local, tribal and territorial governments, as well as corporations, associations and the general public.

Cybersecurity

Cybersecurity Government Education Communications

HelloKitty ransomware gang also targets victims with DDoS attacks

Security Affairs

NOVEMBER 1, 2021

CVE-2021-20016 , CVE-2021-20021 , CVE-2021-20022 , CVE-2021-2002 ) or using compromised credentials. The post HelloKitty ransomware gang also targets victims with DDoS attacks appeared first on Security Affairs. ” continues the alert. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Ransomware

Ransomware Encryption Security IT

Estonia sues Gemalto for 152M euros over flaws in citizen ID cards issued by the company

Security Affairs

SEPTEMBER 30, 2018

Estonian sues Gemalto for 152 million euros following the security flaws in the citizen ID cards issued by the company that caused their recall in 2017. Estonian authorities sue the security firm Gemalto for 152 million euros following the security flaws in the citizen ID cards issued by the company that caused their recall in 2017.

Manufacturing

Manufacturing Government Security Risk

SOX 404 Compliance: A Guide and Business Checklist

Docuware

NOVEMBER 9, 2023

Resources The Sarbanes-Oxley Act (SOX) of 2002 was passed to prevent accounting fraud and help shore up investor confidence in securities markets. Why document management provides a foundation for meeting SOX 404 requirements 4. Compliance checklist for SOX 404 5.

Compliance

Compliance Marketing Risk Security

Episode 229: BugCrowd’s Casey Ellis On What’s Hot In Bug Hunting

The Security Ledger

NOVEMBER 3, 2021

The post Episode 229: BugCrowd’s Casey Ellis On What’s Hot In Bug Hunting appeared first on The Security Ledger with Paul F. Programs like iDefense Labs Vulnerability Contributor Program (VCP) (launched in 2002) and TippingPoint’s Zero Day Initiative (2005) were accused -at the time- of incentivizing the work of criminals and bad actors. .

IoT

IoT Manufacturing Ransomware Marketing

FBI’s investigation accidentally revealed the HelloKitty ransomware gang operates out of Ukraine

Security Affairs

DECEMBER 15, 2021

CVE-2021-20016 , CVE-2021-20021 , CVE-2021-20022 , CVE-2021-2002 ) or using compromised credentials. The post FBI’s investigation accidentally revealed the HelloKitty ransomware gang operates out of Ukraine appeared first on Security Affairs. Pierluigi Paganini. SecurityAffairs – hacking, HelloKitty ransomware).

Ransomware

Ransomware Data breaches Encryption IT

3.4 Million user records from LiveAuctioneers hack available for sale

Security Affairs

JULY 14, 2020

LiveAuctioneers is one of the world’s largest art, antiques & collectibles online marketplace that was founded in 2002. The company confirmed the security breach over the weekend, it revealed that unknown threat actors accessed a partner’s systems in June stealing user information. million LiveAuctioneers users. The post 3.4

Sales

Sales Data breaches Passwords Encryption

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

Security Affairs

FEBRUARY 10, 2022

With this, they deceived the employees of phone stores to obtain duplicate SIM cards and, in this way, have access to the bank’s security confirmation messages. In this way they could operate in online banking and access bank accounts to empty them after receiving security confirmation messages from the banks.”

Authentication

Authentication Passwords Retail Access

Organizational Accountability in U.S. Law and Its Relevance to a Federal Data Privacy Law: A CIPL Study

Hunton Privacy

JULY 16, 2019

Department of Justice and the Securities and Exchange Commission; The Sarbanes-Oxley Act of 2002 and Chapter Eight of the U.S. Specifically, the White Paper examines the elements of accountability as they relate to: The Foreign Corrupt Practices Act and the accompanying 2012 resource guide produced by the U.S.

Data Privacy

Data Privacy Privacy Paper Compliance

Biden administration issues Executive Order and takes action to enhance maritime cybersecurity

Data Protection Report

FEBRUARY 23, 2024

They include (i) an Executive Order, (ii) a Notice of Proposed Rulemaking on Cybersecurity in the MTS issued by the Coast Guard, and (iii) a Maritime Security Directive on cyber risk management. facilities subject to the Maritime Transportation Security Act of 2002 regulations. Coast Guard. Coast Guard.

Cybersecurity

Cybersecurity Risk Manufacturing Security

Webinar on the SAFETY Act and Cybersecurity: Protecting Your Reputation and Reducing Liability Risk

Hunton Privacy

NOVEMBER 1, 2018

In 2002, Congress enacted the Supporting Anti-Terrorism by Fostering Effective Technologies Act (“the SAFETY Act”) to limit the liabilities that energy, financial, manufacturing and other critical infrastructure companies face in the event of a serious cyber or physical security attack.

Energy and Utilities

Energy and Utilities Cybersecurity Risk Manufacturing

EU Council Presidency Releases Proposed Amendments to Draft ePrivacy Regulation

Hunton Privacy

FEBRUARY 27, 2020

These revisions follow from meeting discussions of the Working Party on Telecommunications and Information Society (the “WP Tele”), the Permanent Representatives Committee, and the Transport, Telecommunications and Energy Council.

Metadata

Metadata Personal data Communications GDPR

Silent Night Zeus botnet available for sale in underground forums

Security Affairs

MAY 23, 2020

The name “Silent Night” Zbot is likely a reference to a weapon mentioned in the 2002 movie xXx, it was first spotted in November 2019 when a seller named “Axe” started offering it on the Russian underground forum forum.exploit[.]in. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Sales

Sales Data collection Passwords IT

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Security Affairs

FEBRUARY 10, 2022

In 2018, the FBI Internet Crime Complaint Center (IC3) received complaints for 1,611 SIM swapping attacks, while the number of complaints in the period between 2018 e 2002 was 320 causing a total of losses of $12 million. The post US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns appeared first on Security Affairs.

Authentication

Authentication Passwords Retail Education

Microsoft announces the launch of a bug bounty program for Xbox

Security Affairs

FEBRUARY 2, 2020

“The Xbox Bounty Program invites gamers, security researchers, and others around the world to help identify security vulnerabilities in the Xbox Live network and services and share them with the Xbox team. The post Microsoft announces the launch of a bug bounty program for Xbox appeared first on Security Affairs.

Security

Security Information Security

Citrix Workspace flaw can allow remote hack of devices running vulnerable app

Security Affairs

JULY 22, 2020

This vulnerability affects the following supported versions of Citrix Workspace app for Windows: Citrix Workspace app for Windows 1912 LTSR Citrix Workspace app for Windows 2002. The post Citrix Workspace flaw can allow remote hack of devices running vulnerable app appeared first on Security Affairs. to address the vulnerability.

Honeypots

Honeypots IT Access Security

EU Council Agrees on Proposed ePrivacy Regulation

Data Matters

MARCH 10, 2021

The ePrivacy Regulation is meant to replace the existing ePrivacy Directive 2002/58 (ePrivacy Directive), which dates to 2002 and was meant to address the requirements of new digital technologies and facilitate the advance of electronic communication services.

GDPR

GDPR Metadata Communications Privacy

Guest Post - How important is digital document consistency?

AIIM

OCTOBER 30, 2017

Prior to working with Y Soft, Mr. Koelewijn founded X-Solutions in late 2002 which was later acquired by Nuance in 2009. Prior to X-Solutions, Wouter was the CTO and co-founder of a Xerox concessionaire in the Netherlands from 1994-2002. Mr. Koelewijn is married and has two children. He enjoys skiing, swimming and sailing.

e-Delivery

e-Delivery File names Compliance ECM

The history of ESG: A journey towards sustainable investing

IBM Big Data Hub

FEBRUARY 8, 2024

This helped normalize the practice of ESG reporting and by 2002, 245 companies had responded to the 35 investors who asked for climate disclosures. In North America, the Securities and Exchange Commission (SEC) is considering mandatory ESG reporting for public companies, as is the case in Canada, Brazil, India , Australia and Japan.

Government

Government IT Risk Security

HHS updates online tracker guidance

Data Protection Report

MARCH 21, 2024

Our readers may recall that HHS had originally issued the Bulletin in December of 2002, which we summarized here. HHS also added a paragraph on its enforcement priorities, including the following: OCR is prioritizing compliance with the HIPAA Security Rule in investigations into the use of online tracking technologies.

Analytics

Analytics Privacy Compliance Marketing

The Updates Must Go Through

Adam Shostack

APRIL 14, 2021

Microsoft has been trying to get folks to apply critical security patches to address a problem that’s being actively exploited. For example, see our Timing the Application of Security Patches for Optimal Uptime , Usenix Lisa 2002). The two stories are intimately related to people not wanting to roll patches.

Government

Government Security IT

New EU Breach Regulation in Force

Hunton Privacy

AUGUST 23, 2013

The Regulation on the measures applicable to the notification of personal data breaches under Directive 2002/58/EC (the “Regulation”) specifies the technical measures of how Internet service providers, telecommunications providers and other public electronic communications service (“ECS”) providers must notify of data breaches.

Data breaches

Data breaches Personal data Communications Privacy

MY TAKE: New ‘cyberthreat index’ shows SMBs cognizant of big risks, ill-prepared to deal with them

The Last Watchdog

MAY 2, 2019

I often see a sizable gap between perceptions and reality among many SMB leaders,” Troy Gill a senior security analyst at AppRiver told me. I had the chance at RSA 2019 to discuss the SMB security landscape at length with Gill. They don’t know what they don’t know, and this lack of preparedness often aids and abets cybercriminals.”

Risk

Risk Cybersecurity Passwords Ransomware

Sarbanes-Oxley Act and Record Retention Best Practices

Armstrong Archives

JULY 20, 2020

The Sarbanes-Oxley Act (SOX) is a law passed in 2002 that sets forth standards for the recording and reporting of financial activities. This massively reduces the physical space needed to store them, and it also facilitates security and retrieval. A key part of that law involves record retention. Digitizing Documents.

Archiving

Archiving Compliance Records Management Sales

California Bulks Up Security Breach Notification Requirements

Hunton Privacy

SEPTEMBER 2, 2011

On August 31, 2011, California Governor Jerry Brown signed into law amendments to that state’s security breach notification statute. Senate Bill 24 was the third effort by State Senator Joe Simitian to build on the landmark California breach notification law he authored in 2002.

Security

Security Consumer Services Compliance Privacy

Jeff Moss on the Evolution of Hacking at SecTor 2021

ForAllSecure

NOVEMBER 3, 2021

In the dot.com era, 1994-2002, this was the time of the commercial internet, the rise of search engines, and internet browsers. Moss noted that security people he'd known for years were started getting salaried jobs … and started using their legal names. He said security work is that like that. It will have social impact.

Risk

Risk Access Government Information Security

France Introduces Data Security Breach Notification Requirement for Electronic Communication Service Providers

Hunton Privacy

AUGUST 26, 2011

The Ordinance implements the provisions of the revised EU Directive 2002/58/EC (the “e-Privacy Directive”) with respect to the French Data Protection Act of 1978, the French Postal and Electronic Communications Code and the French Consumer Protection Code.

Communications

Communications Security Personal data Privacy

2020 Predictions: New Challenges for Data Privacy and the 5G Hackathon

Thales Cloud Protection & Licensing

JANUARY 14, 2020

The adoption of emerging technologies like 5G will fuel the proliferation of Internet of Things (IoT) that’s often built with only a few security controls and therefore creating a larger attack surface that enterprises have to deal with., In the rush to beat the competition, security will be an afterthought as opposed to a forethought.

Data Privacy

Data Privacy Privacy IoT GDPR

European Network and Information Security Agency Publishes Report on Cookies

Hunton Privacy

FEBRUARY 23, 2011

On February 18, 2011, the European Network and Information Security Agency (“ENISA”), an advisory body created to enhance information security in the EU, announced the issuance of its report on cookies, entitled “ Bittersweet cookies. Some security and privacy considerations.”.

Information Security

Information Security Security Privacy IT

Not Proof, but Another Lead: WikiLeaks' Latest Includes Google/China Tip

John Battelle's Searchblog

NOVEMBER 28, 2010

The Google hacking was part of a coordinated campaign of computer sabotage carried out by government operatives, private security experts and Internet outlaws recruited by the Chinese government. They have broken into American government computers and those of Western allies, the Dalai Lama and American businesses since 2002, cables said.

Government

Government IT Security

RSAC Fireside Chat: A breakthrough in securing cloud collaboration — decentralized key storage

The Last Watchdog

JUNE 7, 2023

Back in 2002, when I was a reporter at USA Today , I had to reach for a keychain fob to retrieve a single-use passcode to connect remotely to the paper’s publishing system. Fast forward to today; much of the MFA concept is being reimagined by startup Circle Security to protect data circulating in cloud collaboration scenarios.

Cloud

Cloud Security Authentication Encryption

European Commission Launches Public Consultation on e-Privacy Directive

Hunton Privacy

APRIL 13, 2016

On April 11, 2016, the European Commission launched a public consultation to evaluate and review Directive 2002/58/EC on the processing of personal data and the protection of privacy in the electronic communications sector, also known as the e-Privacy Directive.

Privacy

Privacy GDPR Communications Personal data

Congressional Movement on Cybersecurity in a Bill to Reauthorize the Homeland Security Act of 2002

Women in Security: Assessing the Progress

Webinars

Trending Sources

RSAC insights: Security Compass leverages automation to weave security deeper into SecOps

Webinars

NIST proposes Secure Software Development Framework

CISA adds 95 flaws to the Known Exploited Vulnerabilities Catalog

International Criminal Court hit with a cyber attack

BOOK REVIEW: ‘Security Yearbook’ preserves cybersecurity history — highlights tectonic shift

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

The attack on the International Criminal Court was targeted and sophisticated

VMware Flaw a Vector in SolarWinds Breach?

SEC Fines Alternative Data Provider for Securities Fraud

Patch Tuesday Fixes Actively Exploited MOTW Vulnerability

President Biden Signs Two Bills Aimed at Enhancing Government Cybersecurity

HelloKitty ransomware gang also targets victims with DDoS attacks

Estonia sues Gemalto for 152M euros over flaws in citizen ID cards issued by the company

SOX 404 Compliance: A Guide and Business Checklist

Episode 229: BugCrowd’s Casey Ellis On What’s Hot In Bug Hunting

FBI’s investigation accidentally revealed the HelloKitty ransomware gang operates out of Ukraine

3.4 Million user records from LiveAuctioneers hack available for sale

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

Organizational Accountability in U.S. Law and Its Relevance to a Federal Data Privacy Law: A CIPL Study

Biden administration issues Executive Order and takes action to enhance maritime cybersecurity

Webinar on the SAFETY Act and Cybersecurity: Protecting Your Reputation and Reducing Liability Risk

EU Council Presidency Releases Proposed Amendments to Draft ePrivacy Regulation

Silent Night Zeus botnet available for sale in underground forums

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Microsoft announces the launch of a bug bounty program for Xbox

Citrix Workspace flaw can allow remote hack of devices running vulnerable app

EU Council Agrees on Proposed ePrivacy Regulation

Guest Post - How important is digital document consistency?

The history of ESG: A journey towards sustainable investing

HHS updates online tracker guidance

The Updates Must Go Through

New EU Breach Regulation in Force

MY TAKE: New ‘cyberthreat index’ shows SMBs cognizant of big risks, ill-prepared to deal with them

Sarbanes-Oxley Act and Record Retention Best Practices

California Bulks Up Security Breach Notification Requirements

Jeff Moss on the Evolution of Hacking at SecTor 2021

France Introduces Data Security Breach Notification Requirement for Electronic Communication Service Providers

2020 Predictions: New Challenges for Data Privacy and the 5G Hackathon

European Network and Information Security Agency Publishes Report on Cookies

Not Proof, but Another Lead: WikiLeaks' Latest Includes Google/China Tip

RSAC Fireside Chat: A breakthrough in securing cloud collaboration — decentralized key storage

European Commission Launches Public Consultation on e-Privacy Directive

Stay Connected