Supply-Chain Attack against the Electron Development Platform

Schneier on Security

Electron is a cross-platform development system for many popular communications apps, including Skype, Slack, and WhatsApp. Security vulnerabilities in the update system allows someone to silently inject malicious code into applications.

RCE flaw in Electronic Arts Origin client exposes gamers to hack

Security Affairs

Electronic Arts (EA) has fixed a security issue in the Windows version of its gaming client Origin that allowed hackers to remotely execute code on an affected computer. Electronic Arts already released a security patch for the remote code execution vulnerability.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Keeping up with Quantum Technology | Quantum Computing

Everteam

While everyone is digging deep into the Artificial Intelligence, Machine Learning, Blockchain and many other new digital transformation phenomena, Quantum Computing has been transformed from theory to reality. Let’s move to how it’s related to computers. What is Quantum Computing?

Security Vulnerability in ESS ExpressVote Touchscreen Voting Computer

Schneier on Security

Of course the ESS ExpressVote voting computer will have lots of security vulnerabilities. It's a computer, and computers have lots of vulnerabilities. I am continuously amazed by how bad electronic voting machines are. Yes, they're computers.

More Attacks against Computer Automatic Update Systems

Schneier on Security

Me on supply chain security. Last month, Kaspersky discovered that Asus's live update system was infected with malware , an operation it called Operation Shadowhammer. Now we learn that six other companies were targeted in the same operation.

New Rules Announced for Border Inspection of Electronic Devices

Threatpost

Cloud Security Cryptography Government Mobile Security Privacy ACLU cameras computers digital privacy digital search Electronic Frontier Foundation Encryption passcodes phones reasonable suspicion tablets U.S. The U.S. Customs and Border Patrol announced new restrictions on when agents can copy data from digital devices at border crossing points.

The Race is On! Crypto Agility vs Quantum Computing. Who is ahead?

Thales eSecurity

Preparing for Data Security in the Quantum Computing Era. Each passing day brings the world closer to the exciting reality of powerful quantum computing. Weather prediction, air traffic control, urban planning, defense strategies, medical research and so much more will be affected by the new era of computing power in ways we can’t even yet predict. Quantum readiness, or crypto-agility, is critical to protecting and securing data and fending off new threats.

Supreme Court of Pennsylvania Ruling on Common Law Duty to Protect Electronic Employee Data

Hunton Privacy

The case arose from a data breach in which criminals accessed UPMC’s computer systems and stole the personal and financial information of 62,000 current and former UPMC employees. This information included names, birth dates, Social Security numbers, addresses, tax forms and bank account data, all of which the employees were required to provide as a condition of employment.

Maryland Court Finds Coverage for Lost Data and Slow Computers After Ransomware Attack

Hunton Privacy

State Auto Property and Casualty Insurance Company , finding coverage for a cyber attack under a non-cyber insurance policy after the insured’s server and networked computer system were damaged as a result of a ransomware attack. National Ink’s server and networked computers experienced a ransomware attack, which prevented National Ink from accessing the logos, designs and software that are stored on these servers.

Supply Chain Security 101: An Expert’s View

Krebs on Security

alongside Tony Sager , senior vice president and chief evangelist at the Center for Internet Security and a former bug hunter at the U.S. National Security Agency. Tony Sager, senior vice president and chief evangelist at the Center for Internet Security.

Securing Elections

Schneier on Security

Today, we conduct our elections on computers. Our registration lists are in computer databases. And our tabulation and reporting is done on computers. We do this for a lot of good reasons, but a side effect is that elections now have all the insecurities inherent in computers.

Supply Chain Security is the Whole Enchilada, But Who’s Willing to Pay for It?

Krebs on Security

From time to time, there emerge cybersecurity stories of such potential impact that they have the effect of making all other security concerns seem minuscule and trifling by comparison. Congress has held multiple hearings about supply chain security challenges, and the U.S.

IT 285

Midterm Election Security: Why Patching Is a Critical Issue

Data Breach Today

Many of the computer devices to be used for electronic voting in November's midterm elections have unpatched older operating systems that make them vulnerable, says Darien Kindlund, a data scientist at the cybersecurity firm Insight Engines, which advises governments and others

The Myth of Consumer-Grade Security

Schneier on Security

They affect national security. They're critical to national security as well as personal security. Before the Internet revolution, military-grade electronics were different from consumer-grade. If security is deliberately weakened, it will be weakened for everybody.

HHS Releases Guidance on HIPAA and Cloud Computing

Hunton Privacy

Earlier this month, the Department of Health and Human Services’ Office for Civil Rights issued guidance (the “Guidance”) for HIPAA-covered entities that use cloud computing services involving electronic protected health information (“ePHI”). The BAA must establish the permitted and required uses and disclosures of ePHI, and require the BAA to appropriately safeguard ePHI, including by implementing the requirements of the HIPAA Security Rule.

Court Rules Fraud Involving a Computer Is Not ‘Computer Fraud’ under Crime Protection Policy

Hunton Privacy

18, 2016), that a crime protection insurance policy does not cover loss resulting from a fraudulent email directing funds to be sent electronically to the imposter’s bank account because the scheme did not constitute “computer fraud” under the policy. GAIC denied coverage, claiming that the loss did not directly result from the use of a computer nor did the use of a computer cause the transfer of the funds.

Security expert Marco Ramilli released for free the Malware Hunter tool

Security Affairs

I am a computer security scientist with an intensive hacking background. I do have a MD in computer engineering and a PhD on computer security from University of Bologna. Security Affairs – MartyMcFly, malware).

Security Affairs newsletter Round 210 – News of the week

Security Affairs

The best news of the week with Security Affairs. Romanian duo convicted of fraud Scheme infecting 400,000 computers. Security Affairs newsletter Round 209 – News of the week. Gnosticplayers round 5 – 65 Million+ fresh accounts from 6 security breaches available for sale.

Sales 89

Podcast Episode 128: Do Security and Privacy have a Booth at CES?

The Security Ledger

In this episode of The Security Ledger podcast (#128): you're going to hear a lot from the annual Consumer Electronics Show (CES) out in Las Vegas this week, but are any of the new gadgets being released secure? But is it getting any more secure as it grows?

Understanding IoT Security Challenges – An Interview with an Industry Expert

Thales eSecurity

It is no secret that security plays a very important part in the successful deployment and management of this technology, and its applications are set to transform the way we live and do business. What is the biggest security challenge facing the growing IoT? Data security

IoT 100

Episode 172: Securing the Election Supply Chain

The Security Ledger

The post Episode 172: Securing the Election Supply Chain appeared first on The Security Ledger. Voting Machine Spotlight Podcast: Building Resilience into the IoT with Rob Spiger Spotlight Podcast: Two Decades On, Trusted Computing Group tackles IoT Insecurity.

IoT 52

Do you know the difference between cyber security and information security?

IT Governance

You often see people use the terms ‘ cyber security ’ and ‘ information security ’ interchangeably. Information security. It all needs to be kept safe, and the process of doing that is called information security. There are two sub-categories of information security.

Microsoft Calls for Legislative Action to Set Rules for Cloud Computing

Hunton Privacy

Microsoft is urging Congress and the information technology industry to act now to ensure that cloud computing is guided by an international commitment to privacy, security and transparency for consumers, businesses and government. Information Security Online Privacy Cloud Computing Computer Fraud and Abuse Act Electronic Communications Privacy Act Microsoft

NIST Issues Guidelines on Security and Privacy in Public Cloud Computing

Hunton Privacy

The National Institute of Standards and Technology (“NIST”) has issued draft Guidelines on Security and Privacy in Public Cloud Computing (SP 800-144) (the “Guidelines”) for public comment. The Guidelines provide an overview of the security and privacy challenges pertinent to public cloud computing, and identify considerations for organizations outsourcing data, applications and infrastructure to a public cloud environment.

Old Tech Spills Digital Dirt on Past Owners

Threatpost

Researcher buys old computers, flash drives, phones and hard drives and finds only two properly wiped devices out of 85 examined. Cryptography Privacy data breach data disposal data integrity data wiping hard drives insecure data leaky data old electronics personal identifiable information PII secure data

Security Affairs newsletter Round 181 – News of the week

Security Affairs

The best news of the week with Security Affairs. Google Android team found high severity flaw in Honeywell Android-based handheld computers. Magecart cybercrime group stole customers credit cards from Newegg electronics retailer. Security Affairs – Newsletter ).

Is Blockchain as Secure as People Think? Maybe Not: Cybersecurity Best Practices

eDiscovery Daily

Last month, the security team at Coinbase noticed something strange going on in Ethereum Classic, one of the cryptocurrencies people can buy and sell using Coinbase’s popular exchange platform. The post Is Blockchain as Secure as People Think? Blockchain Electronic Discovery Security

Does Your Business Depend on Stronger Election Security?

Adam Levin

This midterm election , a steady flow of headlines and heated controversy focused not on political leanings or flipping seats (at least directly), but rather on the security and integrity of the voting process itself. Security as Ecosystem.

EU to force tech firms to hand over terror suspects' messages

The Guardian Data Protection

Under the plans, judges in one member state will be able to seize electronic evidence held on a service provider in another European country through a transnational European production order. European Union Digital media Europe UK security and counter-terrorism Counter-terrorism policy Social media Politics UK news Privacy Police Brexit Telecommunications industry Data and computer security Data protection

Canada Uses Civil Anti-Spam Law in Bid to Fine Malware Purveyors

Krebs on Security

Section 8 involves the surreptitious installation of computer programs on computers or networks including malware and spyware. ” A Little Sunshine Ne'er-Do-Well News Security Tools Canada's Anti-Spam Legislation CASL Neil Barratt

MY TAKE: Why security innovations paving the way for driverless cars will make IoT much safer

The Last Watchdog

Intelligent computing systems have been insinuating themselves into our homes and public gathering places for a while now. The good news is that there is some very deep, behind-the-scenes research and development work being done to make driverless vehicles safe and secure enough for public acceptance. I’m encouraged that this work should produce a halo effect on other smart systems, ultimately making less-critical Internet of Things systems much more secure, as well.

IoT 113

Friday the 13th is Unlucky for the City of New Orleans. Almost. Maybe.: Cybersecurity Trends

eDiscovery Daily

CST on Friday, according to the City of New Orleans’ emergency preparedness campaign, NOLA Ready, managed by the Office of Homeland Security and Emergency Preparedness. Electronic Discovery Security

110 Nursing Homes Cut Off from Health Records in Ransomware Attack

Krebs on Security

A ransomware outbreak has besieged a Wisconsin based IT company that provides cloud data hosting, security and access management to more than 100 nursing homes across the United States. ” Ransomware The Coming Storm alex holden Hold Security Karen Christianson VCPI

Spotlight Podcast: Security Automation is (and isn’t) the Future of Infosec

The Security Ledger

In this Spotlight Podcast, we speak with David Brumley, the Chief Executive Officer at the security firm ForAllSecure and an expert on the use of machine learning and automation to cyber security problems. We talk about the growing demand for security automation tools and how the chronic cyber security talent shortage in North America and. Brumley is a noted expert on the use of machine learning and automation to cyber security problems.

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

Data Matters

On December 3, 2018, twelve attorneys general (“AGs”) jointly filed a data breach lawsuit against Medical Informatics Engineering and its subsidiary, NoMoreClipboard LLC (collectively “the Company”), an electronic health records company, in federal district court in Indiana. According to the complaint, over a period of 19 days, hackers were able to infiltrate the Company’s computer systems. Cybersecurity Data Breaches Data Security Enforcement Health Privacy HIPAA

DHS report – Voting systems in North Carolina county in 2016 were not hacked

Security Affairs

Computer faults that disrupted voting in a North Carolina county in 2016 were not caused by cyber attacks, a federal investigation states. The investigation involved 21 laptops used for the voters’ identification and experts performed a forensic exam of the seized computers.

According to the ABA, Lawyers are “Failing at Cybersecurity”: Cybersecurity Trends

eDiscovery Daily

The lack of effort on security has become a major cause for concern in the profession.”. Articles on cloud computing , cybersecurity and websites and marketing were released free online. So, the percentage of firms that have experienced a security breach could be quite a bit higher.