IT Governance

DECEMBER 27, 2019

A royal baby, a fire at Notre-Dame, the highest grossing film of all time and more than 12 billion breached data records: 2019 has been quite a year. IT Governance is closing out the year by rounding up 2019’s biggest information security stories. McFarland was doing the same with her AOL account.

Data breaches 59

Data breaches GDPR Passwords Personal data 59

Data Matters

JUNE 24, 2021

In the Order, the SEC alleges that First American’s disclosures concerning the vulnerability were deficient because senior executives were not provided all available and relevant information, specifically that First American’s information security personnel had identified and failed to remediate the vulnerability months earlier in January 2019.

Cybersecurity 68

Cybersecurity Financial Services Risk Compliance 68

IT Governance

NOVEMBER 20, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Read more in our Catches of the Month blog. Read more in our Catches of the Month blog.

Data Privacy 52

Data Privacy Privacy Data breaches Security 52

Security Affairs

JUNE 16, 2019

MS Web Services Client Protocol 2.0.50727.5485) @JAMESWT_MHT pic.twitter.com/rV0wzpulgW — JTHL (@JayTHL) May 11, 2019. Recently security experts reported ongoing attacks targeting millions of mail servers running vulnerable Exim mail transfer agent (MTA) versions. reads a blog post published by Cybereason.

Phishing 105

Phishing Authentication Cloud Security 105

Security Affairs

MAY 30, 2022

CVE Number Affected devices CVE-2021-44228, CVE-2021-45046 Log4J RCE CVE-2022-1388 F5 BIG IP RCE No CVE (vulnerability published on 2022-02) Adobe ColdFusion 11 RCE CVE-2020-7961 Liferay Portal – Java Unmarshalling via JSONWS RCE No CVE (vulnerability published on 2022-04) PHP Scriptcase 9.7 LFI CVE-2018-16763 Fuel CMS 1.4.1

CMS 141

CMS IoT Passwords Security 141

Hunton Privacy

JULY 13, 2020

Following the complaint, the Irish DPA brought proceedings against Facebook in the Irish High Court, challenging the validity of the SCCs, and referring 11 questions to the CJEU for a preliminary ruling. View our previous blog posts on the progression of the case in May 2016 , October 2017 , August 2018 , July 2019 and May 2020.

Personal data 88

Personal data Privacy GDPR Risk 88

Security Affairs

MAY 12, 2020

Trojan Lampion is a malware observed at the end of the year 2019 impacting Portuguese users using template emails from the Portuguese Government Finance & Tax and EDP. According to the first appearance of this banking trojan in December 2019, the modus operandi remains as documented here. Trojan Lampion is back after 3 months.

Cloud 107

Cloud Government Access Phishing 107

Security Affairs

JANUARY 16, 2020

The vulnerabilities have been tracked as CVE-2019-15975, CVE-2019-15976 and CVE-2019-15977. ” wrote Seeley in a blog post. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.”. In the third chain, I (ab ) use the java.

Authentication 60

Authentication Security Access IT 60

IT Governance

JANUARY 31, 2019

Hello and welcome to the IT Governance podcast for Thursday, 31 st January 2019. Back in 2016 Microsoft shifted it’s focus to its Edge browser, in an effort to better meet the requirements of modern web browsing, but limited Edge to Windows 10, iOS and Android – after all, at the time not all operating systems could run IE 11.

Government 61

Government Information Security Access Compliance 61

Data Matters

FEBRUARY 26, 2019

Also, FERC announced on February 4, 2019 that it will be co-hosting the Security Investments for Energy Infrastructure Technical Conference with the U.S. The post NERC $10,000,000 Fine of Public Utility Highlights the Need for Cybersecurity Preparedness and CIP Compliance Programs appeared first on Data Matters Privacy Blog.

Energy and Utilities 68

Energy and Utilities Compliance Cybersecurity Risk 68

Security Affairs

MAY 13, 2019

I just published "How to brick all Samsung phones" on @Medium [link] — Elliot Alderson (@fs0c131y) May 12, 2019. French white hat hacker Robert Baptiste (aka @fs0c131y) discovered how to brick all Samsung mobile phones. Baptiste bought a Samsung mobile phone a few months ago and decided to analyze it.

Security 92

Security IT Information Security 92

Data Matters

JANUARY 14, 2019

(For more information on South Carolina’s adoption of the Model Law, see our prior coverage.) . 11 to the Ohio Revised Code. The Act is designed to “establish standards for data security and for the investigation and notification to the Superintendent of Insurance of a cybersecurity event.”. O.R.C. §§ 3965.02, 3965.08.

Insurance 68

Insurance Security Cybersecurity Data breaches 68

Security Affairs

SEPTEMBER 30, 2019

“This blog post will provide overviews and proof of concepts for both browser exploits. The first exploit that we reported on April 11, 2019 impacts Chrome versions prior to 75 on iOS. ” reads the analysis published by Confiant. The second, which we reported on Aug. 7 was fixed in iOS 13 / Safari 13.0.1

Security 77

Security IT Information Security 77

Privacy and Cybersecurity Law

JUNE 23, 2021

The newly adopted Regulation on notification of security incidents. On June 11, 2021, the Regulation on notifications of incidents affecting networks, information systems and IT services (“ Regulation ”) – adopted by means of the Decree of the President of the Council of Ministers (DPCM) of 14 April 2021, no.

Cybersecurity 52

Cybersecurity Communications Data breaches Security 52

Security Affairs

OCTOBER 14, 2019

First of all the attacker knew the target organization was protected by a SOC (Security Operation Center) so she sent a well crafted email claiming to deliver a Microsoft document wrapping out the weekly SOC report as a normal activity in order to induce the victim to open-it. SOC report 10 12 2019.doc Pierluigi Paganini.

Computer and Electronics 76

Computer and Electronics Security Encryption IT 76

Security Affairs

OCTOBER 20, 2019

The best news of the week with Security Affairs. Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. Talos experts found 11 flaws in Schneider Electric Modicon Controllers.

Security 43

Security Ransomware Data breaches Manufacturing 43

Data Matters

AUGUST 19, 2020

The NYDFS Cybersecurity Regulation became effective in March 2017 and, beginning on February 15, 2019, required all NYDFS-regulated entities (Covered Entities), including First American, to annually certify compliance with the Regulation. In May 2019, FAST contained over 850 million documents. The NYDFS Cybersecurity Regulation.

Financial Services 68

Financial Services Cybersecurity Insurance Risk 68

Security Affairs

APRIL 16, 2020

List of some baking campaigns this Brazilian threat group has performed in Portugal: 13/03 – Novo Banco Trojan-Banker 12/03 – Caixa Geral Depósitos 13/02 – Millennium BCP e Montepio 20/01 – Montepio e Millennium BCP 14/01 – Santander e Novo Banco 12-2019/01-2020: Lampion Trojan (…). Figure 11: Landing-page URL provided by the C2 server.

Authentication 123

Authentication Phishing Data structuring Access 123

Security Affairs

DECEMBER 29, 2019

New trojan called ‘Lampion’ has spread using template emails from the Portuguese Government Finance & Tax during the last days of 2019. Last days of 2019 were the perfect time to spread phishing campaigns using email templates based on the Portuguese Government Finance & Tax. zip) called: FacturaNovembro-4492154-2019-10_8.zip.

Passwords 96

Passwords e-Discovery IT Cleanup 96

Data Matters

APRIL 6, 2022

In FY 2021, the Division completed 3,040 examinations, which represent a 3% increase from the prior year, and is on par with prepandemic fiscal year 2019. See also Sidley Investment Funds Update, SEC’s Division of Examinations Publishes Risk Alert and Compliance Guidance for Digital Asset Securities Activities, available here.

Retail 88

Retail Compliance Sales Risk 88

Security Affairs

APRIL 10, 2019

SI-LAB detected hundreds of users that were impacted by this malware between March 18th and 26th of 2019. The last days of March 2019 are making headlines due to a targeted cyber attack involving a new variant of infamous EMOTET malware. EMOTET spread in Chile targeted financial and banking services. Technical Analysis.

Security 60

Security IT Access Cybersecurity 60

IT Governance

DECEMBER 13, 2018

This week, in our last podcast of the year, we revisit some of the biggest information security stories from the past 12 months. As is now traditional, I’ve installed myself in the porter’s chair next to the fire in the library, ready to recap some of the year’s more newsworthy information security events.

Data breaches 64

Data breaches Personal data Access GDPR 64

Security Affairs

MARCH 2, 2019

In February 2019, SI-LAB captured multiple samples of phishing campaigns using an Office Excel document carrying a malicious Excel 4.0 File name: patent-2019-02-20T093A283A05-1.xls SI-LAB captured a piece of the FlawedAmmyy malware that leverages undetected XLM macros as an Infection Vehicle to compromise user’s devices.

File names 85

File names Phishing Libraries IT 85

Data Matters

FEBRUARY 10, 2022

11 But the SEC declined to go that far when it adopted Reg SCI. 10 Reg SCI also applies to the securities information processors that produce consolidated market data for NMS securities, including competing consolidators under the SEC’s new market data infrastructure rules once implemented. 20, 2021), [link].

Cybersecurity 88

Cybersecurity Marketing Risk Compliance 88

CGI

AUGUST 7, 2018

Tue, 08/07/2018 - 11:16. While for some GDPR was BAU, others a huge effort, and a bit of a panic for a minority, one of the most significant outcomes is the perception that cyber security is no longer just ‘an IT thing’. Nearly 70 percent of these companies have either met or are on track to exceed GDPR requirements by May 2019.

Privacy 40

Privacy GDPR Unstructured data Marketing 40

Data Protection Report

JULY 9, 2018

See our previous blog posts on GDPR here and here. Virgin Islands, have enacted breach notification laws that require businesses to notify consumers if their personal information is compromised. On April 11, 2018, Arizona’s governor signed HB 2154 to amend the Arizona data breach notification law. Several U.S.

GDPR 40

GDPR Data breaches Personal data Insurance 40

CGI

SEPTEMBER 25, 2018

Nearly 70% of these companies have either met or are on track to exceed GDPR requirements by May 2019. Companywide information security policies. Third-party security policies. Blog moderation guidelines and term of use. An audit regime, to maintain its accuracy. Management awareness and interest. The opportunity.

Privacy 40

Privacy GDPR Cybersecurity Unstructured data 40

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. lazydocker : A simple terminal UI for both docker and docker-compose : [link] pic.twitter.com/HsK17rzg8m — Binni Shah (@binitamshah) July 1, 2019. Denial-of-Suez attack.

Cybersecurity 139

Cybersecurity e-Discovery Passwords Information Security 139

eDiscovery Daily

JANUARY 27, 2020

: o ) Next week during the show, I’ll cover the main conference sessions each day that relate to eDiscovery, Information Governance, Cybersecurity and Data Privacy to give you a complete sense of options. 11:00am – 12:00pm: Mobile Data: Issues in Data Privacy and Data Protection. It’s just a week away!

e-Discovery 50

e-Discovery Data Privacy Blockchain Education 50

Security Affairs

MARCH 13, 2022

Lampion trojan is one of the most active banking trojans impacting Portuguese Internet end users since 2019. The malware TTP and their capabilities remain the same observed in 2019 , but the trojan loader – the VBS files – propagated along with the new campaign has significant differences. MB of useless lines of code were removed.

Passwords 90

Passwords IT Information Security Government 90

eDiscovery Daily

JANUARY 24, 2019

Wednesday, January 30: 10:30am – 11:30am: The International Legal Cloud 2019: Discovery, Security, and Business Considerations. In 2019, the cloud is fait accompli, a ubiquitous part of life for just about everyone. The post Legaltech 2019 Preview Edition: eDiscovery Trends appeared first on CloudNine.

e-Discovery 41

e-Discovery GDPR Education Data breaches 41

Data Matters

JANUARY 2, 2018

These cases have been a central part of post-9/11 privacy law. and perhaps even on the model clauses, although ultimate decisions on the merits may easily reach into 2019 or beyond. The post Privacy and Cybersecurity Top 10 for 2018 appeared first on Data Matters Privacy Blog. Significantly, though, the U.S.

Cybersecurity 68

Cybersecurity Privacy Data breaches GDPR 68

Security Affairs

NOVEMBER 12, 2019

The domain validtree.com is registered through namecheap.com on 2017-12-07T15:55:27Z but recently renewed on 2019-10-16T05:35:18Z. That stage implements an obfuscated Javascript embedded code which decodes, by using a XOR with key=11, a third Javascript stage acting as drop and execute on 66.133.129.5

Computer and Electronics 42

Computer and Electronics Ransomware Security Retail 42

Security Affairs

MAY 27, 2020

According to ESET , “ Grandoreiro has been active at least since 2017 targeting Brazil and Peru, expanding to Mexico and Spain in 2019. “. Figure 11: List of the Portuguese banks included in the Grandoreiro version of May 2020. A complete list of the targeted banking organizations can be found below (Grandoreiro May 2020).00CF0808

Communications 67

Communications Archiving Access IT 67

Troy Hunt

JANUARY 3, 2019

I've also been travelling with family far more so whilst those 140 days equate to 38% of my year, there were 14 days in Hawaii, 10 days at the Aussie snow, 11 days in Texas and 17 days in Canada where I wasn't flying solo. Who knows, maybe this is something I'll even write more about in 2019 if there's an appetite.

Passwords 81

Passwords Security IT Government 81

Data Matters

JANUARY 24, 2020

Broker-dealers may be selected for examination based on their market making or other significant trading activity in unlisted securities, as well as employing registered personnel with disciplinary history. Information Security . OCIE completed 3,089 examinations in FY 2019. OCIE Examination Trends.

Cybersecurity 68

Cybersecurity Retail Compliance Marketing 68

Data Matters

FEBRUARY 20, 2020

Broker-dealers may be selected for examination based on their market making or other significant trading activity in unlisted securities, as well as employing registered personnel with disciplinary history. Information Security . OCIE completed 3,089 examinations in FY 2019. OCIE Examination Trends.

Retail 68

Retail Compliance Marketing Risk 68