Mon.Nov 16, 2020

Ticketmaster Fined $1.7 Million for Data Security Failures

Data Breach Today

Following Alerts of Potential Fraud, Ticketmaster Took 9 Weeks to Spot Big Breach Ticketmaster UK has been fined $1.7 million by Britain's privacy watchdog for its "serious failure" to comply with the EU's General Data Protection Regulation.

STEPS FORWARD: Math geniuses strive to make a pivotal advance — by obfuscating software code

The Last Watchdog

Most of time we take for granted the degree to which fundamental components of civilization are steeped in mathematics. Everything from science and engineering to poetry and music rely on numeric calculations. Albert Einstein once observed that “pure mathematics is, in its way, the poetry of logical ideas.” Related: How Multi Party Computation is disrupting encrypti on An accomplished violinist, Einstein, no doubt, appreciated the symmetry of his metaphor.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

IoT Supply Chains: Where Risks Abound

Data Breach Today

ENISA Releases Guidance on Reducing IoT Supply Chain Risk IoT devices are like sausages: They're full of components of varying quality, and it's invariably disturbing to think about their origins.

IoT 167

On Blockchain Voting

Schneier on Security

Blockchain voting is a spectacularly dumb idea for a whole bunch of reasons. I have generally quoted Matt Blaze : Why is blockchain voting a dumb idea? Glad you asked. For starters: It doesn’t solve any problems civil elections actually have.

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Healthcare Supply Chain Security: Updated Guidance

Data Breach Today

With the escalation of cyberattacks on the healthcare sector during the COVID-19 pandemic, supply chain partners need to strengthen their security controls and defenses, say Vishwas Gadgil of pharmaceutical firm Merck and Ed Gaudet of the consultancy Censinet.

More Trending

Unprotected database exposed a scam targeting 100K+ Facebook accounts

Security Affairs

Researchers discovered an ElasticSearch database exposed online that contained data for over 100000 compromised Facebook accounts. Researchers at vpnMentor discovered an ElasticSearch database exposed online that contained an archive of over 100.000 compromised Facebook accounts.

Breakdown of a Break-in: A Manufacturer's Ransomware Response

Dark Reading

The analysis of an industrial ransomware attack reveals common tactics and proactive steps that businesses can take to avoid similar incidents

Citrix SD-WAN Bugs Allow Remote Code Execution

Threatpost

The bugs tracked as CVE-2020–8271, CVE-2020–8272 and CVE-2020–8273 exist in the Citrix SD-WAN Center. Cloud Security Vulnerabilities Web Security citrix CVE-2020–8271 CVE-2020–8272 CVE-2020–8273 realmode remote code execution sd-wan Security Bugs vulnerabilities

Cloud 103

Global Pandemic Fuels Cyber-Threat Workload for National Cyber Security Centre, Shows Annual Review

Dark Reading

From securing the Nightingale hospitals to tackling threats to vaccine research and production, a large part of the National Cyber Security Centre's (NCSC) recent work in the UK has been related to the coronavirus pandemic, as Ron Alalouff discovered when reporting on its Annual Review

IT 73

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Hacked Security Software Used in Novel South Korean Supply-Chain Attack

Threatpost

Lazarus Group is believed to be behind a spate of attacks that leverage stolen digital certificates tied to browser software that secures communication with government and financial websites in South Korea.

Zoom Debuts New Tools to Fight Meeting Disruptions

Dark Reading

Two new capabilities in version 5.4.3 let hosts and co-hosts pause Zoom meetings to remove and report disruptive attendees

69

Exposed Database Reveals 100K+ Compromised Facebook Accounts

Threatpost

Cybercriminals left an ElasticSearch database exposed, revealing a global attack that compromised Facebook accounts and used them to scam others. Facebook Hacks Web Security account takeover Bitcoin bitcoin scam elastic search exposed databased facebook account Fraud scam see who visits your profil

Crooks use software skimmer that pretends to be a security firm

Security Affairs

Security experts from Sucuri analyzing a software skimmer that is abusing its brand name in order to evade detection. Researchers at Sucuri analyzed a software skimmer that is using their brand name in order to evade detection.

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Today’s organizations are faced with the overwhelming challenge of managing, finding, and leveraging their information. This eBook discusses a newly discovered information discipline and is filled to the brim with helpful information.

Dating Site Bumble Leaves Swipes Unsecured for 100M Users

Threatpost

Bumble fumble: An API bug exposed personal information of users like political leanings, astrological signs, education, and even height and weight, and their distance away in miles.

Lazarus malware delivered to South Korean users via supply chain attacks

Security Affairs

North Korea-linked Lazarus APT group is behind new campaigns against South Korean supply chains that leverage stolen security certificates. . Security experts from ESET reported that North-Korea-linked Lazarus APT (aka HIDDEN COBRA ) is behind cyber campaigns targeting South Korean supply chains.

Cybercrime Moves to the Cloud to Accelerate Attacks Amid Data Glut

Threatpost

A report on the underground economy finds that malicious actors are offering cloud-based troves of stolen data, accessible with handy tools to slice and dice what's on offer.

Cloud 90

What Did Ediscovery pros say in the Benchmark Collaboration Data Survey?

Hanzo Learning Center

Does your organization use a collaboration platform like Slack to keep employees connected and coordinated as they work remotely? If so, you may have found that it’s largely replaced email for internal communications. But those communications are still discoverable.

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

US: As expected, California ballot initiative passes, significantly altering the California Consumer Privacy Act

DLA Piper Privacy Matters

As the business community takes stock of (and impatiently waits for) 2020 election results, it should place particular significance on the passage of Proposition 24, the California Privacy Rights Act (CPRA) by about a 12 percent margin.

B2B 60

“We are experiencing longer than normal wait times”

OpenText Information Management

Recent events have resulted in increasingly difficult conditions in which to run a business, disrupting even the most efficient and well-prepared company’s ability to operate and deliver products and services.

Twitter Taps Mudge

Dark Reading

Noted security researcher Peiter Zatko joins the social network as head of security

You are what you eat, so what are you feeding your VIM?

OpenText Information Management

Are you getting the most from your Vendor Invoice Management (VIM) solution? Many businesses that have invested in a VIM solution to manage their cashflow are making strategic decisions based on an incomplete picture.

B2B 59

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

International: Data protection compensation claims, Webinar, 2 December 2020

DLA Piper Privacy Matters

Data protection compensation claims are on the rise. Buoyed by front page press coverage of high profile data incidents, claims management companies and lawyers are looking to develop their practices in this area and are actively seeking out individuals who may have been affected.

GDPR 56

DICOM file security: How malware can hide behind HIPAA-protected images via Security Boulevard

IG Guru

Check out this interested article here. Photo by Owen Beard on Unsplash. The post DICOM file security: How malware can hide behind HIPAA-protected images via Security Boulevard appeared first on IG GURU.

What’s new in OpenText Enterprise Applications CE 20.4

OpenText Information Management

OpenText™ Cloud Editions (CE) 20.2 focused heavily on the cloud centric architecture of our Enterprise Application solutions. As we move into CE 20.4, there are key launches for several of our Enterprise Application solutions.

ECM 55

Webinar: Why Mainframe Executives are Investing in Diversity

Rocket Software

Over the past few months, we have seen a renewed commitment to supporting diversity across all industries. But what are mainframe executives doing to support diversity? .

52

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

Important Changes to the Singapore Data Privacy Regime

Data Matters

On November 2, 2020, Singapore’s legislature finally approved amendments to the Personal Data Protection Act (PDPA). The changes become law once a government gazette is passed (possibly before the end of 2020). If you operate in Singapore, handle Singapore data, or maintain a server in Singapore, it is crucial that you have protocols in place to guide employees on what to do when a data breach occurs and consider doing a data breach tabletop exercise. (We

Accumulating Technical Debt is a Contagion, that Federal, DoD and Army Data Centers can Battle

Interactive Information Management

Among the Federal government data center communities, the threat of incurable technical debt (TD) is pervasive - where short term planning and siloed IT design leads to procurement of IT COTS software, hardware and services that quickly become obsolescent and continually increase maintenance costs. This leads to the inability of Agencies to find and use new revenues or cost savings to deal with unexpected mission demands or to use new industry technologies.

European Commission Releases Draft Standard Contractual Clauses for Article 28 Data Processing Agreements

Hunton Privacy

On November 12, 2020, somewhat in the shadow of the new standard contractual clauses for data transfers to recipients outside the European Economic Area (“EEA”), the European Commission also adopted draft standard contractual clauses to be used between controllers and processors in the EEA (“EEA Controller-Processor SCCs”).

GDPR 55