Information Security - Information Management Today

Information Security vs Cyber Security: The Difference

IT Governance

SEPTEMBER 15, 2022

You’ll often see the terms cyber security and information security used interchangeably. That’s because, in their most basic forms, they refer to the same thing: the confidentiality, integrity and availability of information. What is information security? There are two sub-categories of information security.

Information Security

Information Security Security Computer and Electronics Encryption

Do you know the difference between cyber security and information security?

IT Governance

AUGUST 9, 2018

You often see people use the terms ‘ cyber security ’ and ‘ information security ’ interchangeably. That’s because, in their most basic forms, they refer to the same thing: the integrity and confidentiality of information. Information security. There are two sub-categories of information security.

Information Security

Information Security Security Computer and Electronics Paper

Best IT Certifications (by category) in 2019 via Business News Daily

IG Guru

JULY 1, 2019

The post Best IT Certifications (by category) in 2019 via Business News Daily appeared first on IG GURU. Whether you work for an enterprise, a small business, the government, a healthcare organization or any other place that employs IT professionals, your best bet for career advancement is to validate […].

IT

IT Government Education Information governance

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

China Releases National Standard on Personal Information Security

Hunton Privacy

JANUARY 26, 2018

On January 25, 2018, the Standardization Administration of China published the full text of the Information Security Technology – Personal Information Security Specification (the “Specification”). The Specification divides personal information into two categories: personal information and sensitive personal information.

Information Security

Information Security Security Privacy Personal data

Counting Down to the EU NIS2 Directive

Thales Cloud Protection & Licensing

MAY 22, 2024

On 17 October 2024, European Union Member States must adopt and publish the measures necessary to comply with the Network and Information Security Directive (NIS2). NIS2 adds digital service providers, waste management, pharmaceutical and labs, space, and public administration to the ‘Essential’ sectors category.

Compliance

Compliance Authentication Healthcare Cybersecurity

Pwn2Own Toronto 2022 Day 3: Participants earned nearly $1 million

Security Affairs

DECEMBER 9, 2022

The NCC Group EDG received the biggest award of the day for successfully executing a 2 exploit (command injection, type confusion) attack against the Ubiquiti and the Lexmark printer in the SOHO SMASHUP category. Pentest Limited executed an Improper Input Validation attack against the Samsung Galaxy S22 in the Mobile Phone category.

Cloud

Cloud Security Information Security IT

China issues Personal Information Security Specification

Data Protection Report

FEBRUARY 5, 2018

On 29 December 2017 the Standardization Administration of China issued an Information Security Technology – Personal Information Security Specification ?GB/T These are set out as follows: Directly collect personal information. GB/T 35273-2017?(the the “Specification”), which will come into effect on 1 May 2018.

Information Security

Information Security Security Compliance Personal data

What Is a Pentest Framework? Top 7 Frameworks Explained

eSecurity Planet

JULY 5, 2023

Jump ahead to: How Pentest Frameworks Work 10 Categories in a Pentest Framework How Penetration Test Frameworks Are Used 7 Top Pentest Frameworks Bottom Line: Pentest Frameworks Also read: What Is Penetration Testing? Reporting results: The pentest framework is used to frame results based on tools used, tactic category performance, and more.

Cybersecurity

Cybersecurity Compliance Security Communications

Pwn2Own 2021, more than $1,500,000 in cash and prizes for contestants

Security Affairs

JANUARY 27, 2021

That’s one reason we added this new category and teamed up with Zoom to have them in the contest. A successful demonstration of an exploit in either of these products will earn the contestant $200,000 – quite the payout for a new category.” Microsoft Teams will also be a target. ” reads the announcement published by ZDI.

Communications

Communications Security IT Information Security

Pwn2Own Toronto 2022 hacking competition. Samsung S22 hacked

Security Affairs

DECEMBER 7, 2022

This year’s event has seven different categories for contestants and more than $1,000,000 in prizes available: – Mobile Phones – Wireless Routers – Home Automation Hubs – Printers – Smart Speakers – NAS Devices – The SOHO Smashup. The team earned $100K cash and 10 Master of Pwn points.

Security

Security Data breaches Information Security IT

Pwn2Own Toronto 2022 Day 2: Participants earned $281K

Security Affairs

DECEMBER 8, 2022

Researchers from Qrious Secure team used two flaws to execute an attack against the Sonos One Speaker, they earned $60K and 6 Master of Pwn points. STAR Labs team also hacked the Sonos One Speaker in the Smart Speaker category using one unique bug and another previously known bug. The team earned $22,500 and 4.5 Master of Pwn points.

Cloud

Cloud Security Information Security IT

UK ICO Issues Updated Guidance on AI and Data Protection

Hunton Privacy

MARCH 16, 2023

The new content in this chapter relates to AI and inferences, affinity groups and special category data. For example, the updated guidance notes that it may be possible, using AI, to infer or guess details about a person, which may constitute special category data.

Personal data

Personal data Paper IT Artificial Intelligence

GUEST ESSAY: ‘CyberXchange’ presents a much-needed platform for cybersecurity purchases

The Last Watchdog

OCTOBER 19, 2020

For organizations looking to improve their security posture, this is causing confusion and vendor fatigue, especially for companies that don’t have a full time Chief Information Security Officer. The vendors are well-intentioned. This delivers the power of speed, choice and relevancy, while delivering ROI on time and investment.

Cybersecurity

Cybersecurity B2B Sales Compliance

FCC Issues Declaratory Ruling that TCPA Applies to AI-Generated Voice Calls

Hunton Privacy

FEBRUARY 12, 2024

On February 8, 2024, the Federal Communications Commission declared that calls using AI- generated, cloned voices fall under the category of “artificial or prerecorded voice” within the Telephone Consumer Protection Act (“TCPA”) and therefore are generally prohibited without prior express consent, effective immediately.

Communications

Communications IT Artificial Intelligence Information Security

T-Mobile suffered a new data breach

Security Affairs

DECEMBER 29, 2021

The attackers viewed customer proprietary network information (CPNI) and carried out SIM swapping attacks on a small number of customers. “Affected customers fall into one of three categories. “The second category an affected customer might fall into is having their SIM swapped.”

Data breaches

Data breaches Access Security Information Security

CISA guidelines to protect critical infrastructure against AI-based threats

Security Affairs

APRIL 30, 2024

The analysis categorized AI risks into three categories: Attacks Using AI; Attacks Targeting AI Systems; Failures in AI Design and Implementation. CISA collaborated with Sector Risk Management Agencies (SRMAs) and regulatory agencies to conduct sector-specific assessments of AI risks to U.S.

Risk

Risk Government Cybersecurity Security

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Relatedly, PIPL outlines some categories of sensitive information that do not receive additional protection under GDPR. Also, health and financial data, among other categories of more sensitive data, is often treated as a more protected category of data under general data-privacy laws – subject to stricter protection requirements.

Data Privacy

Data Privacy Compliance Privacy Security

ISO 27001 and Physical Security

IT Governance

MAY 15, 2024

Physical access control, physical security monitoring, CCTV, and more When we hear the term ‘information security’ – or, for that matter, ‘ISO 27001’ – our thoughts usually turn straight to cyber security. However, physical security is also an important aspect of information and data security.

Security

Security Information Security Access Cloud

Building cyber security careers

IT Governance

OCTOBER 21, 2021

Cyber security roles are often technical and require knowledge of the threat landscape, detection/monitoring, technical protection, risk management and cyber incident response. Information security is a broader category that protects all information assets, whether in hard copy or digital form.

Security

Security Information Security GDPR Data Privacy

Pwn2Own Vancouver 2023 Day 1: Windows 11 and Tesla hacked

Security Affairs

MARCH 23, 2023

#Pwn2Own pic.twitter.com/UTvzqxmi8E — Zero Day Initiative (@thezdi) March 22, 2023 The first hack of the day was performed by the AbdulAziz Hariri ( @abdhariri ) of Haboob SA ( @HaboobSa ), who demonstrated a zero-day attack against Adobe Reader in the Enterprise Applications category. Hariri earned $50,000 and 5 Master of Pwn points.

Security

Security Information Security IT

CIPL Submits Response to China’s Personal Information Protection Law

Hunton Privacy

NOVEMBER 19, 2020

CIPL’s key recommendations include: Legitimate Interest : Adding a legitimate interest processing ground within the PIPL; Compatible Processing : Clarifying that organizations can process personal information for compatible purposes in reliance on the original ground for processing; Children’s Data : Enabling a risk-based approach for organizations (..)

GDPR

GDPR Privacy Risk Government

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

Noticeably, covered entities are now subject to new requirements imposing heightened responsibilities on Chief Information Security Officers (“CISOs”) and more specific and prescriptive requirements in relation to governance, risk assessments, and notifications to the NYDFS. f), is sufficient to trigger this new notice requirement.

Financial Services

Financial Services Cybersecurity Compliance Government

New Woody RAT used in attacks aimed at Russian entities

Security Affairs

AUGUST 4, 2022

The lure document, called “ Information security memo ,” provides security practices for passwords, confidential information, etc. “This very capable Rat falls into the category of unknown threat actors we track. ” concludes the report. “ Follow me on Twitter: @securityaffairs and Facebook.

Archiving

Archiving Phishing Encryption Passwords

US CISA releases a Ransomware Readiness Assessment (RRA) tool

Security Affairs

JULY 1, 2021

. “The RRA also provides a clear path for improvement and contains an evolving progression of questions tiered by the categories of basic, intermediate, and advanced. ” The tool would help organizations in improving their resilience to ransomware attacks by implementing best practices.

Ransomware

Ransomware Cybersecurity Security IT

CHINA: Clarifications of data classification and grading requirements

DLA Piper Privacy Matters

OCTOBER 3, 2022

Under the Data Security Law, organisations are required to classify the data they process according to their level of significance. Where some types of data have multiple categories (e.g. Data grading.

Data collection

Data collection Personal data Access Compliance

Adobe fixed multiple critical flaws in Acrobat and Reader

Security Affairs

MAY 15, 2024

Adobe addressed multiple code execution vulnerabilities in its products, including Adobe Acrobat and Reader software The software giant released its Patch Tuesday updates to fix 35 security vulnerabilities 12 of these issues impact Adobe Acrobat and Reader software.

Access

Access IT Security Information Security

Police seized Crimemarket, the largest German-speaking cybercrime marketplace

Security Affairs

MARCH 1, 2024

“Based on the usual structure of legal digital marketplaces, narcotics, criminal services, but also detailed instructions on serious crimes were sold in various categories. .” reads the press release published by the German police.

Access

Access IT Information Security Security

Hurricane Hilary Heading Toward Southern California

National Archives Records Express

AUGUST 18, 2023

Hurricane Hilary has rapidly intensified into a Category 4 storm and is headed toward Southern California and the Southwestern United States. For more details about this process, see NARA’s information about unauthorized disposition. Flash flooding, locally significant, will be possible.

Records Management

Records Management Information Security Government Security

Google announced its Mobile VRP (vulnerability rewards program)

Security Affairs

MAY 23, 2023

The company is also looking for: Path traversal / zip path traversal vulnerabilities leading to arbitrary file write Intent redirections leading to launching non-exported application components Vulnerabilities caused by unsafe usage of pending intents Orphaned permissions Below is the table reporting the rewards offered by the company for the different (..)

IT

IT Cloud Cybersecurity Security

Disaster Preparedness during the 2023 Atlantic Hurricane Season

National Archives Records Express

AUGUST 28, 2023

Of those, 5 to 9 could become hurricanes (winds of 74 mph or higher), including 1 to 4 major hurricanes (category 3, 4 or 5; with winds of 111 mph or higher). NOAA has forecast a range of 12 to 17 total named storms (winds of 39 mph or higher). NOAA has a 70% confidence in these ranges.

Records Management

Records Management Information Security Security IT

Record Retention Policy for Businesses: A Strategic Guide to Compliance and Efficiency

Armstrong Archives

DECEMBER 19, 2023

No matter the size of a business, a well-defined record retention policy serves multiple purposes: ensuring compliance with legal and regulatory requirements, aiding in efficient document management, and securing sensitive information. Each category will have different legal and operational retention requirements.

Compliance

Compliance Archiving Digital transformation Sales

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

Identify and protect special category data When inventorying data, organizations should make a note of any especially sensitive data that requires extra protection. The GDPR mandates added precautions for three kinds of data in particular: special category data, criminal conviction data, and children’s data.

GDPR

GDPR Compliance Personal data Privacy

SOC 2 Audits are a Crucial Weapon in Your Organisation’s Arsenal

IT Governance

SEPTEMBER 22, 2022

But what does the uptick in SOC 2 attestation mean for your organisation, and how will it affect the way we view information security – particularly in relation to ISO 27001 , which is the most widely used framework in the UK and Europe? Auditing SOC 2. How we have helped.

Compliance

Compliance Information Security Government Data Privacy

California Assembly Proposes Data Privacy Law for Workers

Hunton Privacy

MAY 26, 2022

Specifically, employers that control the collection of employee data would be required to inform employees of how the employer plans to collect and use employee data at or before the point of collection.

Privacy

Privacy Data Privacy Access IT

Pwn2Own 2021 Day 1 – participants earned more than $500k

Security Affairs

APRIL 7, 2021

There were also two failed attempts, the STAR Labs team of Billy, Calvin and Ramdhan targeting Parallels Desktop in the Virtualization category were not able to get their exploit to work within the time allotted. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. million in cash and other prizes.

Authentication

Authentication Communications Security IT

Several apps on the Play Store used to spread Joker, Facestealer and Coper malware

Security Affairs

JULY 19, 2022

These apps were downloaded a total of over 300k times belonging to the following common categories: Communication (47.1%) Health Personalization (5.9%) Photography Tools (39.2%). “The tools and communication were among the most targeted categories covering the majority of the Joker-infected apps.

Communications

Communications Authentication Passwords Access

IRELAND: First GDPR fine issued in Ireland

DLA Piper Privacy Matters

MAY 19, 2020

Tusla collects and processes highly sensitive, often special category data concerning children, vulnerable women and families across Ireland. It will act as a reminder to organisations of the powers of the regulator when considering their obligations in relation to privacy, data protection and information security governance.

GDPR

GDPR Personal data Government Paper

The UK Data Protection Regulator Fines TikTok £12.7 Million

Hunton Privacy

APRIL 4, 2023

The fine was reduced following representations from TikTok to the ICO which resulted in the ICO not pursuing the earlier finding related to unlawful use of special category data. This fine follows the initial notice of intent which was issued to TikTok in September 2022 for a fine of £27 million.

Personal data

Personal data GDPR IT Information Security

Black Basta ransomware now supports encrypting VMware ESXi servers

Security Affairs

JUNE 8, 2022

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. I ask you to vote for me again (even if you have already done it), because this vote is for the final.

Encryption

Encryption Ransomware Cybersecurity Security

Anatsa Android banking Trojan expands to Slovakia, Slovenia, and Czechia

Security Affairs

FEBRUARY 19, 2024

The attackers noticed that the applications often reached the Top-3 in the “Top New Free” category, in an attempt to trick users into believing that the application was legitimate and downloaded by a large number of users. According to ThreatFabric, the dropper applications were uploaded on Google Play in the targeted regions.

Access

Access Authentication Cybersecurity IT

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

Under First American’s documented vulnerability remediation policies, the data leak was classified as a security weakness with a “level 3” severity, which placed it in the “medium risk” category and required remediation within 45 days.

Insurance

Insurance Risk Financial Services Mining

Cyber Defense Magazine – August 2021 has arrived. Enjoy it!

Security Affairs

AUGUST 3, 2021

Our award winners for 7 categories in the Black Unicorn Award are here. The Black Unicorn Report for 2021 Grab this PDF version and help fund our operations: [link] Yumpu Magazine Version [link] Free PDF Version hosted on our site [link] Mobile Version [link]. Thank you so much for your continued support as we are now at Black Hat 2021.

IT

IT Security Information Security

A new WhatsApp OTP scam could allow the hijacking of users’ accounts

Security Affairs

MAY 30, 2022

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. I ask you to vote for me again (even if you have already done it), because this vote is for the final.

Cybersecurity

Cybersecurity Security IT Information Security

Experts believe that Russian Gamaredon APT could fuel a new round of DDoS attacks

Security Affairs

MAY 28, 2022

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. I ask you to vote for me again (even if you have already done it), because this vote is for the final.

Phishing

Phishing Cybersecurity Security IT

Information Security vs Cyber Security: The Difference

Do you know the difference between cyber security and information security?

Webinars

Trending Sources

Best IT Certifications (by category) in 2019 via Business News Daily

Webinars

China Releases National Standard on Personal Information Security

Counting Down to the EU NIS2 Directive

Pwn2Own Toronto 2022 Day 3: Participants earned nearly $1 million

China issues Personal Information Security Specification

What Is a Pentest Framework? Top 7 Frameworks Explained

Pwn2Own 2021, more than $1,500,000 in cash and prizes for contestants

Pwn2Own Toronto 2022 hacking competition. Samsung S22 hacked

Pwn2Own Toronto 2022 Day 2: Participants earned $281K

UK ICO Issues Updated Guidance on AI and Data Protection

GUEST ESSAY: ‘CyberXchange’ presents a much-needed platform for cybersecurity purchases

FCC Issues Declaratory Ruling that TCPA Applies to AI-Generated Voice Calls

T-Mobile suffered a new data breach

CISA guidelines to protect critical infrastructure against AI-based threats

Security Compliance & Data Privacy Regulations

ISO 27001 and Physical Security

Building cyber security careers

Pwn2Own Vancouver 2023 Day 1: Windows 11 and Tesla hacked

CIPL Submits Response to China’s Personal Information Protection Law

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

New Woody RAT used in attacks aimed at Russian entities

US CISA releases a Ransomware Readiness Assessment (RRA) tool

CHINA: Clarifications of data classification and grading requirements

Adobe fixed multiple critical flaws in Acrobat and Reader

Police seized Crimemarket, the largest German-speaking cybercrime marketplace

Hurricane Hilary Heading Toward Southern California

Google announced its Mobile VRP (vulnerability rewards program)

Disaster Preparedness during the 2023 Atlantic Hurricane Season

Record Retention Policy for Businesses: A Strategic Guide to Compliance and Efficiency

How to implement the General Data Protection Regulation (GDPR)

SOC 2 Audits are a Crucial Weapon in Your Organisation’s Arsenal

California Assembly Proposes Data Privacy Law for Workers

Pwn2Own 2021 Day 1 – participants earned more than $500k

Several apps on the Play Store used to spread Joker, Facestealer and Coper malware

IRELAND: First GDPR fine issued in Ireland

The UK Data Protection Regulator Fines TikTok £12.7 Million

Black Basta ransomware now supports encrypting VMware ESXi servers

Anatsa Android banking Trojan expands to Slovakia, Slovenia, and Czechia

First American Financial Pays Farcical $500K Fine

Cyber Defense Magazine – August 2021 has arrived. Enjoy it!

A new WhatsApp OTP scam could allow the hijacking of users’ accounts

Experts believe that Russian Gamaredon APT could fuel a new round of DDoS attacks

Stay Connected