Fri.Jan 15, 2021

Biden Inauguration: Defending Against Cyberthreats

Data Breach Today

Experts Warn of an Elevated Risk of Attack From Domestic, Foreign Actors As thousands of National Guard troops pour into Washington to provide security for the Jan.

Successful Malware Incidents Rise as Attackers Shift Tactics

Dark Reading

As employees moved to working from home and on mobile devices, attackers followed them and focused on weekend attacks, a security firm says

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Appeals Court Vacates $4.3 Million HIPAA Penalty

Data Breach Today

What's the Potential Impact on HIPAA Enforcement? In a ruling that could have a profound impact on HIPAA enforcement, a U.S. Court of Appeals has vacated a $4.3

213
213

Cell Phone Location Privacy

Schneier on Security

We all know that our cell phones constantly give our location away to our mobile network operators; that’s how they work. A group of researchers has figured out a way to fix that. Pretty Good Phone Privacy” (PGPP) protects both user identity and user location using the existing cellular networks.

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

'Scam-as-a-Service' Scheme Spreads

Data Breach Today

Researchers: 40 Gangs Used Phony Classified Ads to Launch Phishing Schemes A Russian-speaking "scam-as-a-service" operation dubbed "Classiscam" is expanding globally, with 40 interconnected gangs in about a dozen countries using fake product advertisements to launch phishing schemes, the security firm Group-IB reports.

More Trending

Capitol Riot Suspects Identify Themselves

Data Breach Today

Livestreaming, Social Media Posts Lead to Arrests Many of the insurrectionists who marched on the Capitol on Jan. 6 and violently forced their way into the building livestreamed their activities or boasted about them via social media.

191
191

Signal is down for multiple users worldwide

Security Affairs

The popular signal messaging app Signal is currently facing issues around the world, users are not able to make calls and send/receive messages. At the time of this writing, it is not possible to make calls and send/receive messages.

Ransomware Disrupts Scottish Environment Protection Agency

Data Breach Today

Conti Gang Claims Credit for Christmas Eve Attack and Data Exfiltration The Scottish Environment Protection Agency says a ransomware attack last month continues to cause serious outages, and warns that ransom-demanding attackers also stole some data.

NSA Appoints Rob Joyce as Cyber Director

Dark Reading

Joyce has long worked in US cybersecurity leadership, most recently serving as the NSA's top representative in the UK

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

The new DevSecOps team is up and running, and you feel ready to take on rising security threats while delivering quality software updates. But that leaves just one question: how do you monitor your new program as effectively and efficiently as possible? Join Shannon Lietz, Director of DevsecOps at Intuit, and award-winning innovator, to learn the answers to these questions so you can lead your DevSecOps team to the top!

NSA Offers Guidance on Adopting Encrypted DNS

Data Breach Today

Agency Describes How DoH Can Help Prevent Eavesdropping The NSA has released guidance on how organizations can adopt encrypted domain name system protocols to prevent eavesdropping and manipulation of DNS traffic.

Expert launched Malvuln, a project to report flaws in malware

Security Affairs

The researcher John Page launched malvuln.com, the first website exclusively dedicated to the research of security flaws in malware codes. The security expert John Page (aka hyp3rlinx ) launched malvuln.com, the first platform exclusively dedicated to the research of security flaws in malware codes.

Excellus Health Plan Hit With $5.1 Million HIPAA Settlement

Data Breach Today

Security Shortcomings Found in Wake of Major Data Breach The Department of Health and Human Services has slapped Excellus Health Plan with a $5.1 million settlement in the wake of a 2015 data breach that affected more than 9.3 million individuals

Hackers Used Zero-Days to Infect Windows and Android Devices

WIRED Threat Level

Google researchers say the campaign, which booby-trapped sites to ensnare targets, was carried out by a “highly sophisticated actor.”. Security Security / Cyberattacks and Hacks

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

SolarWinds Supply Chain Hack: Investigation Update

Data Breach Today

The latest edition of the ISMG Security Report describes new details emerging from the SolarWinds supply chain hack investigation. Also featured: A discussion of why security education is so crucial in 2021 and tips on how to retain SOC analysts

Data Subject Access Requests – High Court dismisses claim where DSAR regime abused

DLA Piper Privacy Matters

Data Subject Access Requests – no unqualified right to documents.

The Critical Role of Dynamic Authentication

Data Breach Today

Wells Fargo's Sridhar Sidhu on Redefining IAM for Remote Workforce Organizations with largely remote workforces must strengthen their dynamic authentication processes to enhance security, says Sridhar Sidhu, senior vice president and head of the information security services group at Wells Fargo

Microsoft Implements Windows Zerologon Flaw ‘Enforcement Mode’

Threatpost

Starting Feb. 9, Microsoft will enable Domain Controller “enforcement mode” by default to address CVE-2020-1472. Vulnerabilities

113
113

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

How to Achieve Collaboration Tool Compliance

Dark Reading

Organizations must fully understand the regulatory guidance on collaboration security and privacy so they can continue to implement and expand their use of tools such as Zoom and Teams

Apple Kills MacOS Feature Allowing Apps to Bypass Firewalls

Threatpost

Security researchers lambasted the controversial macOS Big Sur feature for exposing users' sensitive data. Mobile Security Vulnerabilities

These Kids Are All Right

Dark Reading

Faculty and students at the William E. Doar School for the Performing Arts in Washington, D.C. created "Cyberspace," a rap song about online safety as part of the NSA's national STOP. THINK. CONNECT. campaign back in 2012. Wonder how many went into security

Google Boots 164 Apps from Play Marketplace for Shady Ad Practices

Threatpost

The tech giant removes 164 more offending Android apps after banning software showing this type of behavior from the store last year. Mobile Security

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Winnti APT continues to target game developers in Russia and abroad

Security Affairs

A Chinese Threat actor targeted organizations in Russia and Hong Kong with a previously undocumented backdoor, experts warn. Cybersecurity researchers from Positive Technologies have uncovered a series of attacks conducted by a Chinese threat actor that aimed at organizations in Russia and Hong Kong.

Tractors, Pod Ice Cream and Lipstick Awarded CES 2021 Worst in Show

Threatpost

Expert panel awards dubious honors to 2021 Consumer Electronics Show’s biggest flops, including security and privacy failures. IoT Privacy Vulnerabilities

7 information challenges impacting the semiconductor boom in 2021

OpenText Information Management

While the worst of the COVID-19 pandemic slowed the semiconductor sector, it is now recovering and can look forward to a period of significant growth in the year ahead. Some estimates place the growth at 12-14% for 2021, however trading conditions are still challenging and uncertain.

Vaccine passports: what are they and do they pose a danger to privacy?

The Guardian Data Protection

Paper 86

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Best Intrusion Detection and Prevention Systems: Guide to IDPS

eSecurity Planet

Intrusion Detection and Prevention Systems (IDPS) operate by monitoring network traffic, analyzing it and providing remediation tactics when malicious behavior is detected. They look for matching behavior or characteristics that would indicate malicious traffic, send out alerts and block attacks.

Read this before your next employee hits the ‘record’ button on an online meeting via ZDNet

IG Guru

Check out the article here. The post Read this before your next employee hits the ‘record’ button on an online meeting via ZDNet appeared first on IG GURU. Privacy Record Retention Records Management Risk News Online Meetings Recording ZDNET

Name That Toon: Before I Go.

Dark Reading

Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card

56