Data, Information Security and Security - Information Management Today

$10,000,000 civil penalty for disclosing personal data without consent

Data Protection Report

APRIL 30, 2024

The claims related to the company’s sharing personal data without consumer consent and making it very difficult for consumers to cancel their subscriptions to this telehealth service. As indicated in the paragraph quoted above, the company collected some very sensitive personal information.

Personal data

Personal data Privacy Information governance Compliance

Burger King forgets to put a password on their systems, again

Security Affairs

AUGUST 2, 2023

The fast food giant Burger King put their systems and data at risk by exposing sensitive credentials to the public for a second time. It’s not the first time Burger King has leaked sensitive data. Among other sensitive data, the file contained credentials for a database.

Passwords

Passwords Analytics Access Risk

China: Navigating China Episode 19: China’s new Data Security Law: what multinational businesses need to know

DLA Piper Privacy Matters

JUNE 21, 2021

China’s Data Security Law (“ DSL ”) has come into force and takes effect on 1 September 2021. The DSL applies to data in general, and forms part of the broader China data framework. The DSL confirms – rather than changes – data localisation requirements. Authors: Carolyn Bigg , Venus Cheung, Fangfang Song.

Security

Security Compliance Data Privacy Risk

A new Magecart campaign hides the malicious code in 404 error page

Security Affairs

OCTOBER 12, 2023

Researchers from the Akamai Security Intelligence Group uncovered a Magecart web skimming campaign that is manipulating the website’s default 404 error page to hide malicious code. ” The attack chain of this campaign consists of three main parts: loader, malicious attack code, and data exfiltration. .”

Retail

Retail IT Security Information Security

Guest Post -- GDPR Compliance starts with Data Discovery

AIIM

NOVEMBER 16, 2017

You might also be interested in: Mitigate Data Privacy and Security Risks with Machine Learning. The Privacy and Security Dichotomy. GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. Compliance starts with data discovery. Privacy by Design: The Intersection of Law and Technology.

GDPR

GDPR Compliance Privacy Paper

Keep Your Business Data Safe and Secure With Onehub

OneHub

DECEMBER 14, 2020

Data security is one of the most important factors to consider when choosing how to store and share your business files. Some company decision-makers are hesitant to upgrade to cloud storage and file sharing due to concerns about protecting sensitive information. That’s a devastating price tag for many companies.

Security

Security Cloud Encryption Authentication

Newly Proposed SEC Cybersecurity Risk Management and Governance Rules and Amendments for Public Companies

Data Matters

MARCH 11, 2022

Securities and Exchange Commission (SEC) proposed new cybersecurity rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies. an incident in which a malicious actor has demanded payment to restore company data that was stolen or altered.

Cybersecurity

Cybersecurity Risk Government e-Discovery

Magecart campaign abuses legitimate sites to host web skimmers and act as C2

Security Affairs

JUNE 5, 2023

Akamai researchers discovered a new ongoing Magecart web skimmer campaign aimed at stealing personally identifiable information (PII) and credit card information from users in North America, Latin America, and Europe. The researchers identified two distinct variations of the skimmer code employed in this ongoing campaign.

CMS

CMS Retail Analytics IT

Exclusive: Pro-Russia group ‘Cyber Spetsnaz’ is attacking government agencies

Security Affairs

JUNE 6, 2022

USA) has identified an increase in activity within hacktivist groups conducted by a new group called “Cyber Spetsnaz”. USA) has identified an increase in activity within hacktivist groups, they’re leveraging current geopolitical tensions between the Ukraine and Russia to perform cyber-attacks. Resecurity, Inc. Resecurity, Inc.

Government

Government Cybersecurity IoT Security

SEC Proposes Cybersecurity Rules for Public Companies

Hunton Privacy

MARCH 11, 2022

On March 9, 2022, the Securities and Exchange Commission (“SEC”) held an open meeting and proposed new cybersecurity disclosure rules for public companies by a 3-1 vote. Current Reporting on Form 8-K and Form 6-K.

Cybersecurity

Cybersecurity Risk Government Security

UniCredit bank discloses a data breach that impacted 3 million of Italian clients

Security Affairs

OCTOBER 28, 2019

Italian bank UniCredit announced today that around three million of its customers in Italy have been affected by a data breach in 2015. The Italian bank UniCredit announced today that around three million of its Italian clients have been affected by a data breach that took place in 2015, . ” reported the Reuters.

Data breaches

Data breaches Personal data Access Cybersecurity

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

2 Because First American’s violations included the exposure of millions of documents containing nonpublic information (NPI), the total penalty potentially could be substantial. limit user access privileges to information systems that provide access to NPI (23 NYCRR § 500.07). The NYDFS Cybersecurity Regulation. e) and 500.01(g),

Financial Services

Financial Services Cybersecurity Insurance Risk

California Consumer Privacy Act: GDPR-like definition of personal information

Data Protection Report

AUGUST 27, 2018

This is the Data Protection Report’s third blog in a series of blogs that will break down the major elements of the CCPA which will culminate in a webinar on the CCPA in October. This blog focuses on the CCPA’s broad definition of Personal Information.

GDPR

GDPR Privacy Data breaches Sales

CIPL and AvePoint Release Global GDPR Readiness Report

Hunton Privacy

NOVEMBER 10, 2016

On November 9, 2016, the Centre for Information Policy Leadership (“CIPL”) at Hunton & Williams LLP and AvePoint released the results of a joint global survey launched in May 2016 concerning organizational preparedness for implementing the EU General Data Protection Regulation (“GDPR”).

GDPR

GDPR Data Privacy Compliance Privacy

The Hacker Mind Podcast: Hacking Teslas

ForAllSecure

JUNE 8, 2022

Welcome to The Hacker Mind, an original podcast from for all secure. Herfurt: My name is Martin Herfurt and I'm a security researcher. The consequences of this could be that a police officer could be listening into a car ahead of them on the road even if that person wasn't even currently making a call. I'm Robert Vamosi.

Manufacturing

Manufacturing Encryption IT Security

EU Commission Issues Recommendation on RFID, Privacy and Data Protection

Hunton Privacy

MAY 13, 2009

On May 12, 2009, the European Commission issued a long-awaited recommendation on the implementation of privacy and data protection principles in applications supported by radio-frequency identification (“RFID”). Companies and public authorities should develop a framework for privacy and data protection impact assessments.

Privacy

Privacy Data collection Sales Personal data

Guest Post -- New Global Data and Privacy Regulations in 2018 and the GDPR

AIIM

NOVEMBER 2, 2017

Data privacy breaches have been in the news again and again this year, eliciting increased concern from regulators and legislative bodies. But one of the most important data privacy milestones on the horizon in 2018 has its roots far earlier, and has been of utmost concern to multinational organizations. But more on them later.

GDPR

GDPR Privacy Compliance Information architecture

Security Affairs newsletter Round 413 by Pierluigi Paganini – International edition

Security Affairs

APRIL 2, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! If you want to also receive for free the newsletter with the international press subscribe here.

Security

Security Artificial Intelligence Data breaches Ransomware

Google issued 40,000 alerts of State-Sponsored attacks in 2019

Security Affairs

MARCH 27, 2020

Google shared data on alerts related to state-sponsored attacks, the tech giant revealed that it issued almost 40,000 alerts of state-sponsored phishing or malware attacks to its users during 2019. ” wrote Toni Gidwani, a Security Engineering Manager with Google’s Threat Analysis Group (TAG). ” reads the APP page.

Phishing

Phishing Passwords Risk Personal data

The Hacker Mind Podcast: Bug Bounty Hunters

ForAllSecure

NOVEMBER 13, 2020

In this episode, Stok talks about his beginnings in enterprise security and his transition into the top tier of bug bounty hunters. Vamosi: Like a lot of us, information security wasn’t necessarily our first line of work. But did you know there’s an elite group of bug bounty hunters that travel the world? and such.

Communications

Communications IT Security Mining

The Hacker Mind Podcast: Bug Bounty Hunters

ForAllSecure

NOVEMBER 12, 2020

In this episode, Stok talks about his beginnings in enterprise security and his transition into the top tier of bug bounty hunters. Vamosi: Like a lot of us, information security wasn’t necessarily our first line of work. But did you know there’s an elite group of bug bounty hunters that travel the world? and such.

Communications

Communications IT Security Mining

The Hacker Mind Podcast: Bug Bounty Hunters

ForAllSecure

NOVEMBER 12, 2020

In this episode, Stok talks about his beginnings in enterprise security and his transition into the top tier of bug bounty hunters. Vamosi: Like a lot of us, information security wasn’t necessarily our first line of work. But did you know there’s an elite group of bug bounty hunters that travel the world? and such.

Communications

Communications IT Security Mining

The CyberWire Daily Podcast EP. 389 With Guest Speaker David Brumley

ForAllSecure

AUGUST 14, 2019

The CyberWire Daily podcast delivers the day's cyber security news into a concise format. Dave Bittner: [00:00:03] A contractor for Russia's FSB security agency was apparently breached. Dave Bittner: [00:00:03] A contractor for Russia's FSB security agency was apparently breached. It's time to build your security the same way.

Cloud

Cloud Energy and Utilities Security Access

The CyberWire Daily Podcast EP. 389 With Guest Speaker David Brumley

ForAllSecure

AUGUST 14, 2019

The CyberWire Daily podcast delivers the day's cyber security news into a concise format. Dave Bittner: [00:00:03] A contractor for Russia's FSB security agency was apparently breached. Dave Bittner: [00:00:03] A contractor for Russia's FSB security agency was apparently breached. It's time to build your security the same way.

Cloud

Cloud Energy and Utilities Security Access

THE CYBERWIRE DAILY PODCAST EP. 389 WITH GUEST SPEAKER DAVID BRUMLEY

ForAllSecure

AUGUST 14, 2019

The CyberWire Daily podcast delivers the day's cyber security news into a concise format. Dave Bittner: [00:00:03] A contractor for Russia's FSB security agency was apparently breached. Dave Bittner: [00:00:03] A contractor for Russia's FSB security agency was apparently breached. It's time to build your security the same way.

Cloud

Cloud Energy and Utilities Security Access

Information Management Today

$10,000,000 civil penalty for disclosing personal data without consent

Burger King forgets to put a password on their systems, again

Trending Sources

China: Navigating China Episode 19: China’s new Data Security Law: what multinational businesses need to know

A new Magecart campaign hides the malicious code in 404 error page

Guest Post -- GDPR Compliance starts with Data Discovery

Keep Your Business Data Safe and Secure With Onehub

Newly Proposed SEC Cybersecurity Risk Management and Governance Rules and Amendments for Public Companies

Magecart campaign abuses legitimate sites to host web skimmers and act as C2

Exclusive: Pro-Russia group ‘Cyber Spetsnaz’ is attacking government agencies

SEC Proposes Cybersecurity Rules for Public Companies

UniCredit bank discloses a data breach that impacted 3 million of Italian clients

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

California Consumer Privacy Act: GDPR-like definition of personal information

CIPL and AvePoint Release Global GDPR Readiness Report

The Hacker Mind Podcast: Hacking Teslas

EU Commission Issues Recommendation on RFID, Privacy and Data Protection

Guest Post -- New Global Data and Privacy Regulations in 2018 and the GDPR

Security Affairs newsletter Round 413 by Pierluigi Paganini – International edition

Google issued 40,000 alerts of State-Sponsored attacks in 2019

The Hacker Mind Podcast: Bug Bounty Hunters

The Hacker Mind Podcast: Bug Bounty Hunters

The Hacker Mind Podcast: Bug Bounty Hunters

The CyberWire Daily Podcast EP. 389 With Guest Speaker David Brumley

The CyberWire Daily Podcast EP. 389 With Guest Speaker David Brumley

THE CYBERWIRE DAILY PODCAST EP. 389 WITH GUEST SPEAKER DAVID BRUMLEY

Stay Connected