Fri.Dec 04, 2020

Bad Cookies: Privacy Regulator Fines Supermarket Giant

Data Breach Today

Million Fine for French Supermarket Giant Carrefour for Alleged GDPR Violations France's privacy regulator has hit retail giant Carrefour with a $3.7 million fine for violating privacy laws, including GDPR.

IRS to Make ID Protection PIN Open to All

Krebs on Security

The U.S. Internal Revenue Service (IRS) said this week that beginning in 2021 it will allow all taxpayers to apply for an identity protection personal identification number (IP PIN), a single-use code designed to block identity thieves from falsely claiming a tax refund in your name.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Data Exfiltrated From Alaskan Voter Registration Servers

Data Breach Today

Officials Believe Stolen Data Used for Voter Intimidation, Propaganda Hackers exfiltrated voters' personally identifiable information from online voter registration servers in Alaska in September, and the information likely was used for voter intimidation and propaganda purposes, state officials sa

211
211

Recently disclosed CVE-2020-4006 VMware zero-day was reported by NSA

Security Affairs

VMware addressed CVE-2020-4006 zero-day flaw in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector.

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

Defense Bill Would Restore White House Cybersecurity Post

Data Breach Today

Measure Is the Latest Effort to Revive Position A defense policy bill that Congress plans to vote on later this month now includes a provision that would restore the position of national cyber director at the White House, says Rep. Jim Langevin, D-R.I.

More Trending

Phishing Campaign Targeted Universities Worldwide

Data Breach Today

Researchers: 'Shadow Academy' Activity Coincided With Start of School Year A hacking group targeted 20 universities and other schools around the world earlier this year with a series of phishing campaigns designed to steal credentials, according to researchers at RiskIQ

Enigma Machine Recovered from the Baltic Sea

Schneier on Security

Neat story : German divers searching the Baltic Sea for discarded fishing nets have stumbled upon a rare Enigma cipher machine used by the Nazi military during World War Two which they believe was thrown overboard from a scuttled submarine.

Analysis: Apple iOS 'Zero-Click Exploit'

Data Breach Today

This edition of the ISMG Security Report features an analysis of a serious Apple iOS "zero-click exploit" that could have allowed hackers to remotely gain complete control of a device. Also featured: a discussion of identity proofing challenges and a review of New Zealand's updated Privacy Act

Iranian hackers access unsecured HMI at Israeli Water Facility

Security Affairs

A group of Iranian hackers gained access to a un unprotected ICS at an Israeli Water Facility and posted a video as proof of the hack. Researchers from industrial cybersecurity firm OTORIO revealed that a group of Iranian hackers gained access to a un unprotected ICS at the Israeli Water Facility.

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

You've finally done it: You've won over C-Suite and your DevSecOps team is up and running. But how do you monitor your new program? Join Shannon Lietz, Leader and Director of DevsecOps at Intuit, and learn to lead your DevSecOps team to the top.

Hacking Group Used Crypto Miners as Distraction Technique

Data Breach Today

Microsoft: Bismuth APT Tries to Distract Targets From Spying Tools A hacking group recently deployed cryptocurrency miners within targeted victims' networks to distract security teams from their cyberespionage campaigns, Microsoft reports

Hundreds of millions of Android users exposed to hack due to CVE-2020-8913

Security Affairs

Hundreds of millions of Android users are potentially exposed to the risk of hack due to the use of Android Play Core Library versions vulnerable to CVE-2020-8913.

Balancing Security, Customer Service

Data Breach Today

Experian's David Britton on Identity Governance and Security Organizations can enhance security while maintaining a good customer experience by leveraging data for authentication, says David Britton of Experian

Flash Dies but Warning Signs Persist: A Eulogy for Tech's Terrible Security Precedent

Dark Reading

Flash will be gone by the end of the year, but the ecosystem that allowed it to become a software security serial killer is ready to let it happen again

IT 94

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

VMware Rolls a Fix for Formerly Critical Zero-Day Bug

Threatpost

VMware has issued a full patch and revised the severity level of the NSA-reported vulnerability to "important.".

BECs and EACs: What's the Difference?

Dark Reading

Email accounts are common targets for attack. Understanding how attack types differ is critical for successful defense

88

Escape Endless Implementation with Micro Focus Enterprise Service Management

Micro Focus

Companies are relying on Service Desks more than ever in this pandemic. More employees are working from home and do not have access to their “friendly IT guy.”

Intel Doubles Down on Emerging Technologies for Sharing and Using Data Securely

Dark Reading

Homomorphic encryption and federated learning could allow groups to share data and analysis while protecting the actual information

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

High-Severity Chrome Bugs Allow Browser Hacks

Threatpost

Desktop versions of the browser received a total of eight fixes, half rated high-severity. Vulnerabilities Web Security 87.0.4280.88

Kmart Hit by Egregor Ransomware

Dark Reading

Egregor is also behind recent attacks on UbiSoft and Barnes & Noble

Novel Online Shopping Malware Hides in Social-Media Buttons

Threatpost

The skimmer steals credit-card data, using steganography to hide in plain sight in seemingly benign images. Breach Hacks Vulnerabilities Web Security e-commerce holiday shopping malware online shopping payment card skimmer sansec social media buttons steganography

Islamic imprisoned hacker Ardit Ferizi ordered to be deported

Security Affairs

The Islamic hacker Ardit Ferizi, who is serving 20 years for giving his support to Islamic State group has been granted compassionate release. Ardit Ferizi , aka Th3Dir3ctorY, is the hacker that supported the ISIS organization by handing over data for 1,351 US government and military personnel.

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Vancouver Metro Disrupted by Egregor Ransomware

Threatpost

The attack, which prevented Translink users from using their metro cards or buying tickets at kiosks, is the second from the prolific threat group just this week.

The 2020 Workshop on Economics and Information Security (WEIS)

Schneier on Security

The workshop on Economics and Information Security is always an interesting conference. This year, it will be online. Here’s the program. Registration is free. Uncategorized conferences economics of security

Making Sense of the Security Sensor Landscape

Threatpost

Chris Calvert of Respond Software (now part of FireEye) outlines the challenges that reduce the efficacy of network security sensors.

Egregor ransomware attack paralyzed for 3 days payment systems at Metro Vancouver’s transportation agency TransLink

Security Affairs

The Egregor ransomware operators hit Metro Vancouver’s transportation agency TransLink disrupting services and payment systems.

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

The Future of Cyber Resilience—Enfuse On Air 2020

OpenText Information Management

The Future of Cyber Resilience – Click Here to View the Keynote OpenText’s 20th annual Enfuse conference—the cybersecurity and digital investigations event of the year—has just come to an end.

Weekly Update 220

Troy Hunt

It's a lighter weekly update this week, kinda feels like I'm still recovering from last week's epic IoT series TBH.

SEC Staff Allows Early Adoption of Electronic Signatures via JD Supra

IG Guru

Check out the article here. The post SEC Staff Allows Early Adoption of Electronic Signatures via JD Supra appeared first on IG GURU. Business IG News information privacy Records Management Electronic Signatures esignatures Finance SEC