Mon.Dec 03, 2018

Incident Response: Why a Tabletop Exercise Is Essential

Data Breach Today

Attorney Ronald Raether on Building a Cybersecurity Culture Tabletop exercises are a critical way to make sure an organization's incident response plan is effective and everyone knows their roles, says Ronald Raether of the law firm Troutman Sanders

Jared, Kay Jewelers Parent Fixes Data Leak

Krebs on Security

The parent firm of bling retailers Jared and Kay Jewelers has fixed a bug in the Web sites of both companies that exposed the order information for all of their online customers.

Data 191

Marriott Mega-Breach: Will GDPR Apply?

Data Breach Today

Legal Experts Suspect So, But Investigation Could Take a Year or More Will Marriott be the first organization that lost control of Europeans' personal data to feel the full force of the EU's General Protection Regulation? With GDPR in full effect since May, organizations with data security practices face the potential of massive fines

GDPR 185

Experts found data belonging to 82 Million US Users exposed on unprotected Elasticsearch Instances

Security Affairs

Security experts at HackenProof are warning Open Elasticsearch instances expose over 82 million users in the United States. Experts from HackenProof discovered Open Elasticsearch instances that expose over 82 million users in the United States.

Security Woes at Arizona Medicaid MCOs: Tip of the Iceberg?

Data Breach Today

Report: Medicaid Data and Systems Could Also Be at Risk at Other Medicaid MCOs A security review of two Medicaid managed care organizations in Arizona revealed several significant access control and configuration vulnerabilities, raising concerns about whether other MCOs face similar challenges

Tips 166

The DoJ's Secret Legal Arguments to Break Cryptography

Schneier on Security

Earlier this year, the US Department of Justice made a series of legal arguments as to why Facebook should be forced to help the government wiretap Facebook Messenger. Those arguments are still sealed. The ACLU is suing to make them public. aclu cryptowars cryptography nationalsecuritypolicy

More Trending

Have I Been Pwned - The Sticker

Troy Hunt

So today is Have I Been Pwned's (HIBP's) 5th birthday.

Russia-linked APT Sofacy leverages BREXIT lures in recent attacks

Security Affairs

Russia-linked cyber-espionage group Sofacy , (aka APT28 , Pawn Storm , Fancy Bear , Sednit , Tsar Team, and Strontium ) use BREXIT lures in recent attacks.

MY TAKE: Massive Marriott breach continues seemingly endless run of successful hacks

The Last Watchdog

I have a Yahoo email account, I’ve shopped at Home Depot and Target , my father was in the military and had a security clearance, which included a dossier on his family, archived at the U.S. Office of Personnel Management , I’ve had insurance coverage from Premera Blue Cross and I’ve stayed at the Marriott Marquis in San Francisco. Related: Uber hack shows DevOps risk. The common demonitor: All of those organizations have now disclosed massive data breaches over a span of the past five years.

114 Million US Citizens and Companies Found Unprotected Online

Adam Levin

The data of 114 million businesses and individuals has been discovered in an unprotected database.

Better together – Digital media collaboration made simple

OpenText Information Management

Marketers, we feel your pain. You’re constantly juggling multiple projects and deadlines, working with multiple people across different departments or external agencies, and navigating complex approval processes, all while needing to deliver new creative content.

How Lush could have protected its till system

IT Governance

In November, Lush – the high-street store known for its fragrant, eco-friendly beauty products – temporarily lost the ability to take card transactions after a member of the IT team “ deleted the till system by accident ”.

New Scam Apps Take Advantage of iPhone Touch ID

WIRED Threat Level

Touch ID is seamless, which makes it great for unlocking your phone—and for App Store scammers. Security

IT 73

The GDPR: What do I need to do?

IT Governance

Although the EU General Data Protection Regulation (GDPR) has come into effect, a large number of organisations are not yet compliant. A Ponemon Institute survey found that almost half of companies would not meet the 25 May 2018 deadline.

GDPR 69

5 trends that will drive machine learning projects in 2019

Information Management Resources

Machine learning adoption has been growing at a rapid pace, and there is no end in sight. Recent forecasts say pilots and implementations, as well as investments, will increase 400 percent by 2021. Machine learning Artificial intelligence Data strategy

New Zealand Security Bureau halts Spark from using Huawei 5G equipment

Security Affairs

New Zealand intelligence agency asked mobile company Spark to avoid using Huawei equipment for 5G infrastructure. According to New Zealand’s Government Communications Security Bureau, Huawei equipment for 5G infrastructure poses a “significant network security risk,” for this reason, it asked mobile company Spark to avoid using the equipment of the Chinese company.

Improve the employee experience with OpenText People Center Release 16 EP5

OpenText Information Management

Today’s employees are, like everyone else, sophisticated consumers of information. Whether a private sector executive or a public sector staffer, employees expect the same ease of use in searching for information at work as they do when shopping online.

Blog 63

What is an ISO 27001 risk assessment methodology?

IT Governance

The ISO 27001 implementation and review processes revolve around risk assessments. This is where organisations identify the threats to their information security and outline which of the Standard’s controls they must implement.

Risk 61

A New Product Helps You Get “Context” on Judge’s Opinions and Expert Witnesses: eDiscovery Trends

eDiscovery Daily

A legal analytics product being launched last week by LexisNexis analyzes the language of specific judges’ opinions to identify the cases and arguments each judge finds persuasive as well as analytics on expert witnesses. And, we remember one judge who, sadly, passed away over the weekend.

The hidden message in reams of text

OpenText Information Management

Excellence may be its own reward, but we consider recognition by one of the world’s most authoritative reviewers high praise indeed.

Blog 55

Marriott's $13.6B Starwood deal bought even bigger security risk

Information Management Resources

The Marriott purchase of Starwood Hotel & Resorts was a bet that its popular loyalty program would bring more travelers to its Courtyards and Residence Inns. It turns out Marriott was also buying a massive security risk. Data breaches Cyber security Data security

Risk 78

Association Governance: Why Transparency Matters

IG Guru

My purpose in writing this is to call for greater transparency in the governance of Information Governance related associations to which many of us belong.

iOS Fitness Apps Robbing Money From Apple Victims

Threatpost

The two apps, “Fitness Balance App” and “Calories Tracker app,” were tricking users into payments of $120. Mobile Security Web Security App Store apple fitness app ios malicious app scam

Filling the Cybersecurity Jobs Gap - Now and in the Future

Dark Reading

Employers must start broadening their search for experienced security professionals to include people with the right traits rather than the right skills

Cloud investments should be to boost agility, not cut costs

Information Management Resources

Beyond the hype and stats, there are real stories and scenarios where businesses are achieving significant business (not IT) returns on their cloud investments. Cloud computing Data strategy Cloud hosting

Cloud 70

Microsoft, Mastercard Aim to Change Identity Management

Dark Reading

A new partnership wants to improve how people use and manage the virtual identities that govern their lives online

CNIL Launches Public Consultation on Draft Standards on Data Processing for Managing Business Activities and Unpaid Invoices

Hunton Privacy

On November 29, 2018, the French Data Protection Authority (the “CNIL”) launched an online public consultation regarding two new CNIL draft standards (“Referentials”) concerning the processing of personal data to manage (1) business activities and (2) unpaid invoices. . Background.

GDPR 67

Harnessing Analytical Insights and Illuminating the Physical Realm of Dark Data – An Interview with Markus Lindelow of Iron Mountain

Information Governance Perspectives

Markus Lindelow leads the IG and Content Classification Practice Group at Iron Mountain, the world's largest information management company, where he’s been pioneering breakthrough analytic techniques for over decade. I interviewed him this November to discuss his thoughts on the evolution of metadata, content classification, AI, and how companies are using the new pillars of data science to break down their silos, help customers get lean and discover the hidden values in their big data sets.

How Would NYC's Anti-AirDrop Dick Pic Law Even Work?

WIRED Threat Level

The bill's sponsors want cyber flashers to face the same consequences as their offline counterparts, but there are technical and legal hurdles. Security

Privacy Legislation Could Provide Common Ground for the Newly Divided Congress

Data Matters

*This article first appeared in the Hill.com on November 19, 2018. With the House having now flipped, policy consensus in Congress is not likely to get any easier. But there is one subject around which countries, companies, consumers and, yes, even Congress is increasingly converging. That issue is privacy.

YouTuber PewDiePie Promoted Via 50K Hacked Printers

Threatpost

The incident sheds light on just how insecure printers are. Hacks Web Security pewdiepie Printer printer vulnerability t-series vulnerability Youtube

First Lawsuits Filed in Starwood Hotels' Breach

Dark Reading

Class-action suits have been filed on behalf of guests and shareholders, with more expected

63

Lawsuit Claims Pegasus Spyware Helped Saudis Spy on Khashoggi

Threatpost

The lawsuit alleges that NSO Group violated international law by allowing Pegasus to be used by oppressive regimes to hunt dissidents and journalists. Government Malware Privacy dissidents human rights Israel khashoggi Lawsuit NSO Group omar abdulaziz oppressive regime Pegasus Spyware

Coalition and Labor do deal on law enforcement access to encrypted messages

The Guardian Data Protection

Bill could pass this week after government agreed to restrict new powers to serious crimes Labor and the Coalition have come to an in-principle agreement on the government’s bill to give law enforcement agencies access to encrypted communication.