Wed.Nov 07, 2018

How Cyber Insurance Is Changing in the GDPR Era

Data Breach Today

U.S. Secret Service Warns ID Thieves are Abusing USPS’s Mail Scanning Service

Krebs on Security

A year ago, KrebsOnSecurity warned that “Informed Delivery,” a new offering from the U.S.

HSBC Bank Alerts US Customers to Data Breach

Data Breach Today

Unauthorized Entry' to Some Accounts Exposes Account Details and Statements HSBC bank is warning some of its U.S. customers that their personal data was compromised in a breach, although it says it's detected no signs of fraud following the "unauthorized entry."

When Accounts are "Hacked" Due to Poor Passwords, Victims Must Share the Blame

Troy Hunt

It's just another day on the internet when the news is full of headlines about accounts being hacked. Yesterday was a perfect example of that with 2 separate noteworthy stories adorning my early morning Twitter feed.

Pakistan: Banks Weren't Hacked, But Card Details Leaked

Data Breach Today

Card Details From 22 Banks Appeared On Underground Market Pakistan says the nation's banks have not been hacked, but are taking defensive steps after nearly 20,000 payment card details appeared for sale online.

Sales 204

Search is Becoming Everything, And Vice Versa

Weissman's World

I’ve just come out of a series of discussions on the issue of records preservation, and one of my take-aways is how similar at least one current approach to the issue is to what we nominally call “search.” And the more I think about it, the more I wonder whether search is on its way […].

Groups 156

FDA Reacts to Critique of Medical Device Security Strategy

Data Breach Today

Watchdog Agency Cited Deficiencies, But Agency Says Many Have Already Been Addressed The FDA's procedures for handling cybersecurity concerns in medical devices once they are on the market are deficient, according to a new federal watchdog agency report.

More Trending

Smart Cities Challenge: Real-Time Risk Management

Data Breach Today

Risk 178

HSBC Bank USA notified customers of a security breach

Security Affairs

HSBC Bank USA notified customers of a data breach that has happened between Oct 4 and Oct 14, unknown attackers were able to access their online accounts.

How to Future-Proof the Critical National Infrastructure

Data Breach Today

Design Cyberattack Resilience Into Technology, Says Professor Prashant Pillai The challenge when designing technology for critical national infrastructure sectors is that it must be securable today and remain resilient to cyberattacks for decades to come, says cybersecurity Professor Prashant Pilla

How to write a disaster recovery plan

IT Governance

All organisations experience disruptions, whether that’s from a cyber attack, IT failure, weather event or something else, and they need to be prepared. The longer it takes to address an issue, the more the costs will spiral and the harder it will be to recover.

U.S. Air Force announced Hack the Air Force 3.0, the third Bug Bounty Program

Security Affairs

The United States Air Force announced earlier this week that it has launched the third bug bounty program called Hack the Air Force 3.0. The United States Air Force launched earlier this week its third bug bounty program, called Hack the Air Force 3.0 , in collaboration with HackerOne. “Thank you for your interest in participating in HackerOne’s U.S. Department of Defense (DoD) “Hack the Air Force 3.0” Bug Bounty challenge.”

How to write a GDPR data protection policy – with policy template

IT Governance

Updated 7 November 2018. This blog was originally published before the GDPR took effect in May 2018.

GDPR 73

Signed, Sealed, Delivered! Code Signing Makes Software Yours

Thales Data Security

In “Signed, Sealed, Delivered,” Stevie Wonder sings “You’ve got the future in your hand — signed, sealed, delivered, I’m yours.” That is not much different from what happens with software and firmware code signing today.

IoT 72

Top tips for starting a career in cyber security

IT Governance

Since the EU GDPR (General Data Protection Regulation) came into force in May 2018, data protection, privacy and information security have become a top priority for all organisations.

Tips 72

Consumer Reports Reviews Wireless Home-Security Cameras

Schneier on Security

Consumer Reports is starting to evaluate the security of IoT devices. As part of that, it's reviewing wireless home-security cameras. It found significant security vulnerabilities in D-Link cameras: In contrast, D-Link doesn't store video from the DCS-2630L in the cloud. Instead, the camera has its own, onboard web server, which can deliver video to the user in different ways. Users can view the video using an app, mydlink Lite.

Video 64

OpenText Extends Cloud Strategy with the Release of OpenText OT2

OpenText Information Management

I’m pleased to announce that today’s release of OpenText products, platforms and services further extends our enterprise cloud strategy, completing the need of our customers to access their business-critical information in the most convenient, secure and agile ways possible.

20 Cybersecurity Firms to Watch

Dark Reading

A look at some of the more interesting investments, acquisitions, and strategic moves in the security sector over the past year

How OpenText powers the Intelligent and Connected Enterprise

OpenText Information Management

Successful enterprises are both intelligent and connected. They collect information from as many sources as possible in every format imaginable and analyze it to drive decision making; that’s intelligent.

Blog 61

A flaw in WooCommerce WordPress Plugin could be exploited to take over e-stores

Security Affairs

A critical Remote Code Execution vulnerability affects eCommerce website running on WordPress and using the WooCommerce plugin. A critical vulnerability affects eCommerce website running on WordPress and using the WooCommerce plugin. WooCommerce is one of the major eCommerce plugins for WordPress that allows operators to easily build e-stores based on the popular CMS, it accounts for more than 4 million installations with 35% market share.

CMS 60

Why Password Management and Security Strategies Fall Short

Dark Reading

Researchers say companies need to rethink their password training and take a more holistic approach to security

Nine Duties of an Information Security Professional

IG Guru

by Dr. Shuyler Jan Buitron, DCS, MSIA, CISSP, MCSE Throughout my information technology and information security careers, I have encountered many different philosophies and ways of operating. The information security professional represents the profession wherever heshe goes.

5 Reasons Why Threat Intelligence Doesn't Work

Dark Reading

Cybersecurity folks often struggle to get threat intelligence's benefits. Fortunately, there are ways to overcome these problems

Cambridge Analytica Shook Up the Way We View Data Privacy—and Ediscovery Collections

Hanzo Learning Center

After 2018, companies may never view online data collection in the same way again. social media collection social media archiving social media Facebook native format Compliance Cambridge Analytica WARC web archive API

Utah Hacker Pleads Guilty to DoS Attacks: DoJ

Dark Reading

Online gaming companies, including Sony Online Entertainment, and servers were main targets

75

Avoiding threats and complications arising from stringent GDPR provisions

Information Management Resources

Cybercriminals are now incorporating the GDPR in in their modus operandi. Enterprising criminals use the threat of being reported for GDPR violations and non-compliance against businesses. Data security Cyber security Cyber attacks Ransomware

New Side-Channel Attacks Target Graphics Processing Units

Dark Reading

A trio of new attacks bypass CPUs to wring data from vulnerable GPUs

Data 75

CNIL Details Rules On Audience and Traffic Measuring In Publicly Accessible Areas

Hunton Privacy

On October 17, 2018, the French data protection authority (the “CNIL”) published a press release detailing the rules applicable to devices that compile aggregated and anonymous statistics from personal data—for example, mobile phone identifiers ( i.e. , media access control or “MAC” address) —for purposes such as measuring advertising audience in a given space and analyzing flow in shopping malls and other public areas. Read the press release (in French).

Crytpocurrency Exchange Targeted Via Attack on Web Traffic Analysis Firm

Dark Reading

"Island-hopping" attackers breached StatCounter so they could get to users of gate.io.

Medical Transcription Vendor Agrees to $200,000 Settlement with New Jersey Attorney General

Hunton Privacy

On October 30, 2018, ATA Consulting LLC (doing business as Best Medical Transcription) agreed to a $200,000 settlement with the New Jersey Attorney General resulting from a server misconfiguration that allowed private medical records to be posted publicly online. The fine was suspended to $31,000 based on the company’s financial condition. Read the settlement.

Finding Gold in the Threat Intelligence Rush

Dark Reading

Researchers sift through millions of threat intel observations to determine where to best find valuable threat data

Data 71

Greater 'data literacy' means higher profitability, says study

Information Management Resources

Large enterprises that have higher corporate data literacy experience can expect $320 million to $534 million in higher enterprise value. Data management Data strategy Data mining

Study 68

Program Looks to Tap Military Vets for Cyber-Jobs

Threatpost

The training and job-matching effort is a public-private partnership to address a growing workforce gap. Government Cisco cybersecurity workforce cybervets usa job training Maryland military veterans netapp public private partnership shortage skills gap transition

The importance of human intelligence grows in an AI-driven world

Information Management Resources

The ideal educational experience for today's data scientist provides the knowledge needed of statistics, database design and management, programming, data mining, visualization and predictive modeling. Data Scientist Machine learning Artificial intelligence

WordPress Flaw Opens Millions of WooCommerce Shops to Takeover

Threatpost

A file delete vulnerability in WordPress can be elevated into a remote code execution vulnerability for plugins like WooCommerce. Vulnerabilities Web Security Denial of Service file deletion vulnerability fix patch plugin remote code execution vulnerability WooCommerce wordpress

Yahoo! Agrees to Settle Data Breach Class Actions with $50 Million Fund and Credit Monitoring

Hunton Privacy

On October 23, 2018, the parties in the Yahoo! Yahoo!”) Customer Data Security Breach Litigation pending in the Northern District of California and the parties in the related litigation pending in California state court filed a motion seeking preliminary approval of a settlement related to breaches of the company’s data. These breaches were announced from September 2016 to October 2017 and collectively impacted approximately 3 billion user accounts worldwide. In June 2017, Yahoo!

Sales 45

Rapidly Growing Router Botnet Takes Advantage of 5-Year-Old Flaw

Threatpost

A sophisticated proxy code has infected hundreds of thousands of devices already. Malware Vulnerabilities Web Security bcmupnp_hunter botnet Broadcom Router Spam Universal Plug and Play UPnP vulnerability