Mon.Dec 03, 2018

Incident Response: Why a Tabletop Exercise Is Essential

Data Breach Today

Attorney Ronald Raether on Building a Cybersecurity Culture Tabletop exercises are a critical way to make sure an organization's incident response plan is effective and everyone knows their roles, says Ronald Raether of the law firm Troutman Sanders

Jared, Kay Jewelers Parent Fixes Data Leak

Krebs on Security

The parent firm of bling retailers Jared and Kay Jewelers has fixed a bug in the Web sites of both companies that exposed the order information for all of their online customers.

Data 185

Marriott Mega-Breach: Will GDPR Apply?

Data Breach Today

Legal Experts Suspect So, But Investigation Could Take a Year or More Will Marriott be the first organization that lost control of Europeans' personal data to feel the full force of the EU's General Protection Regulation? With GDPR in full effect since May, organizations with data security practices face the potential of massive fines

GDPR 183

Experts found data belonging to 82 Million US Users exposed on unprotected Elasticsearch Instances

Security Affairs

Security experts at HackenProof are warning Open Elasticsearch instances expose over 82 million users in the United States. Experts from HackenProof discovered Open Elasticsearch instances that expose over 82 million users in the United States.

Security Woes at Arizona Medicaid MCOs: Tip of the Iceberg?

Data Breach Today

Report: Medicaid Data and Systems Could Also Be at Risk at Other Medicaid MCOs A security review of two Medicaid managed care organizations in Arizona revealed several significant access control and configuration vulnerabilities, raising concerns about whether other MCOs face similar challenges

Tips 173

Have I Been Pwned - The Sticker

Troy Hunt

So today is Have I Been Pwned's (HIBP's) 5th birthday.

Marriott's Mega-Breach: Many Concerns, But Few Answers

Data Breach Today

Massive Breach Prompts Calls for New Data Security and Minimization Laws Marriott's mega-breach underscores the challenges companies face in securing systems that come from acquisitions as well as simply storing too much consumer data for too long, computer security experts say. Meanwhile, the hotel giant has yet to answer many pressing data breach questions

More Trending

The DoJ's Secret Legal Arguments to Break Cryptography

Schneier on Security

Earlier this year, the US Department of Justice made a series of legal arguments as to why Facebook should be forced to help the government wiretap Facebook Messenger. Those arguments are still sealed. The ACLU is suing to make them public. aclu cryptowars cryptography nationalsecuritypolicy

114 Million US Citizens and Companies Found Unprotected Online

Adam Levin

The data of 114 million businesses and individuals has been discovered in an unprotected database.

Russia-linked APT Sofacy leverages BREXIT lures in recent attacks

Security Affairs

Russia-linked cyber-espionage group Sofacy , (aka APT28 , Pawn Storm , Fancy Bear , Sednit , Tsar Team, and Strontium ) use BREXIT lures in recent attacks.

New Scam Apps Take Advantage of iPhone Touch ID

WIRED Threat Level

Touch ID is seamless, which makes it great for unlocking your phone—and for App Store scammers. Security

IT 75

How Lush could have protected its till system

IT Governance

In November, Lush – the high-street store known for its fragrant, eco-friendly beauty products – temporarily lost the ability to take card transactions after a member of the IT team “ deleted the till system by accident ”.

Better together – Digital media collaboration made simple

OpenText Information Management

Marketers, we feel your pain. You’re constantly juggling multiple projects and deadlines, working with multiple people across different departments or external agencies, and navigating complex approval processes, all while needing to deliver new creative content.

The GDPR: What do I need to do?

IT Governance

Although the EU General Data Protection Regulation (GDPR) has come into effect, a large number of organisations are not yet compliant. A Ponemon Institute survey found that almost half of companies would not meet the 25 May 2018 deadline.

GDPR 68

5 trends that will drive machine learning projects in 2019

Information Management Resources

Machine learning adoption has been growing at a rapid pace, and there is no end in sight. Recent forecasts say pilots and implementations, as well as investments, will increase 400 percent by 2021. Machine learning Artificial intelligence Data strategy

CNIL Launches Public Consultation on Draft Standards on Data Processing for Managing Business Activities and Unpaid Invoices

Hunton Privacy

On November 29, 2018, the French Data Protection Authority (the “CNIL”) launched an online public consultation regarding two new CNIL draft standards (“Referentials”) concerning the processing of personal data to manage (1) business activities and (2) unpaid invoices. . Background.

GDPR 64

What is an ISO 27001 risk assessment methodology?

IT Governance

The ISO 27001 implementation and review processes revolve around risk assessments. This is where organisations identify the threats to their information security and outline which of the Standard’s controls they must implement.

Risk 61

Improve the employee experience with OpenText People Center Release 16 EP5

OpenText Information Management

Today’s employees are, like everyone else, sophisticated consumers of information. Whether a private sector executive or a public sector staffer, employees expect the same ease of use in searching for information at work as they do when shopping online.

Blog 60

iOS Fitness Apps Robbing Money From Apple Victims

Threatpost

The two apps, “Fitness Balance App” and “Calories Tracker app,” were tricking users into payments of $120. Mobile Security Web Security App Store apple fitness app ios malicious app scam

The hidden message in reams of text

OpenText Information Management

Excellence may be its own reward, but we consider recognition by one of the world’s most authoritative reviewers high praise indeed.

Blog 56

Marriott's $13.6B Starwood deal bought even bigger security risk

Information Management Resources

The Marriott purchase of Starwood Hotel & Resorts was a bet that its popular loyalty program would bring more travelers to its Courtyards and Residence Inns. It turns out Marriott was also buying a massive security risk. Data breaches Cyber security Data security

Risk 76

e-Records 2018: Using Assessments to Engage Your Organization and Your Next EDMS Upgrade

The Texas Record

At this year’s e-Records conference, we hosted Access Science’s Lisa Cromwell and Amelia Johnson who showed us how to use assessments to engage our organizations. Both stressed the need to continually reassess business operations in an open empathetic way.

Demo 52

Association Governance: Why Transparency Matters

IG Guru

My purpose in writing this is to call for greater transparency in the governance of Information Governance related associations to which many of us belong.

New Zealand Security Bureau halts Spark from using Huawei 5G equipment

Security Affairs

New Zealand intelligence agency asked mobile company Spark to avoid using Huawei equipment for 5G infrastructure. According to New Zealand’s Government Communications Security Bureau, Huawei equipment for 5G infrastructure poses a “significant network security risk,” for this reason, it asked mobile company Spark to avoid using the equipment of the Chinese company.

How Would NYC's Anti-AirDrop Dick Pic Law Even Work?

WIRED Threat Level

The bill's sponsors want cyber flashers to face the same consequences as their offline counterparts, but there are technical and legal hurdles. Security

Filling the Cybersecurity Jobs Gap - Now and in the Future

Dark Reading

Employers must start broadening their search for experienced security professionals to include people with the right traits rather than the right skills

Cloud investments should be to boost agility, not cut costs

Information Management Resources

Beyond the hype and stats, there are real stories and scenarios where businesses are achieving significant business (not IT) returns on their cloud investments. Cloud computing Data strategy Cloud hosting

Cloud 69

Microsoft, Mastercard Aim to Change Identity Management

Dark Reading

A new partnership wants to improve how people use and manage the virtual identities that govern their lives online

Lawsuit Claims Pegasus Spyware Helped Saudis Spy on Khashoggi

Threatpost

The lawsuit alleges that NSO Group violated international law by allowing Pegasus to be used by oppressive regimes to hunt dissidents and journalists. Government Malware Privacy dissidents human rights Israel khashoggi Lawsuit NSO Group omar abdulaziz oppressive regime Pegasus Spyware

Harnessing Analytical Insights and Illuminating the Physical Realm of Dark Data – An Interview with Markus Lindelow of Iron Mountain

Information Governance Perspectives

Markus Lindelow leads the IG and Content Classification Practice Group at Iron Mountain, the world's largest information management company, where he’s been pioneering breakthrough analytic techniques for over decade. I interviewed him this November to discuss his thoughts on the evolution of metadata, content classification, AI, and how companies are using the new pillars of data science to break down their silos, help customers get lean and discover the hidden values in their big data sets.

First Lawsuits Filed in Starwood Hotels' Breach

Dark Reading

Class-action suits have been filed on behalf of guests and shareholders, with more expected

65

A New Product Helps You Get “Context” on Judge’s Opinions and Expert Witnesses: eDiscovery Trends

eDiscovery Daily

A legal analytics product being launched last week by LexisNexis analyzes the language of specific judges’ opinions to identify the cases and arguments each judge finds persuasive as well as analytics on expert witnesses. And, we remember one judge who, sadly, passed away over the weekend.

YouTuber PewDiePie Promoted Via 50K Hacked Printers

Threatpost

The incident sheds light on just how insecure printers are. Hacks Web Security pewdiepie Printer printer vulnerability t-series vulnerability Youtube

Privacy Legislation Could Provide Common Ground for the Newly Divided Congress

Data Matters

*This article first appeared in the Hill.com on November 19, 2018. With the House having now flipped, policy consensus in Congress is not likely to get any easier. But there is one subject around which countries, companies, consumers and, yes, even Congress is increasingly converging. That issue is privacy.

Privacy Blog Nominated for Best AmLaw Blog of 2018 – Please Vote to Win

Hunton Privacy

Hunton Andrews Kurth’s Privacy & Information Security Law Blog has been nominated in The Expert Institute’s 2018 Best Legal Blog Contest for Best AmLaw Blog of 2018. For nearly 10 years, our award-winning privacy blog has provided readers with current information and legal commentary on news stories; breaking international, federal and state legislation; and other issues on privacy, data protection and cybersecurity.

'Influence Agents' Used Twitter to Sway 2018 Midterms

Dark Reading

About 25% of political support in Arizona and Florida was generated by influence agents using Twitter as a platform, research shows

63

U.S. Military Members Catfished and Hooked for Thousands of Dollars

Threatpost

Prisoners in South Carolina posed convincingly as beautiful women on social media platforms. Mobile Security Web Security catfish enforcement action ncis prisoners sextortion scam South Carolina U.S. Military