December, 2019

A CISO's Security Predictions for 2020

Data Breach Today

GUEST ESSAY: Addressing DNS, domain names and Certificates to improve security postures

The Last Watchdog

In 2019, we’ve seen a surge in domain name service (DNS) hijacking attempts and have relayed warnings from the U.S. Cybersecurity and Infrastructure Agency, U.K.’s s Cybersecurity Centre, ICANN, and other notable security experts.

Risk 149

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

When Is Data "Public"? (And 2.5M Public Factual Records in HIBP)

Troy Hunt

When is data "public"? And what does "public" even mean? Does it mean it's merely visible to the public? Or does it mean the public can do anything they like with it? This discussion comes up time and time again as it did with the huge leak of PDL data only last month.

Insights about the first five years of Right to be Forgotten requests at Google

Elie

Right to be Forgotten” (RTBF). is a landmark European ruling that governs the delisting of personal information from search results.

Paper 69

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up

Krebs on Security

As if the scourge of ransomware wasn’t bad enough already: Several prominent purveyors of ransomware have signaled they plan to start publishing data stolen from victims who refuse to pay up.

More Trending

Data Protection in the Digital Transformation Era

Thales eSecurity

With more and more organizations embracing digital transformation and accelerating their pace to digitize every piece of information, they become increasingly vulnerable to sophisticated cyber-attacks and data breaches.

Do You Have the Right Stuff to Transition to Information Governance?

ARMA International

In the late 1950s, the United States invited its top test pilots to apply to become the nation’s first astronauts. As memorialized in the book The Right Stuff , test pilots then had to decide whether to transition into an uncertain-yet-vaguely-familiar new career or continue along their present path.

A study reveals the list of worst passwords of 2019

Security Affairs

Another year is ending and this is the right time to discover which are the worst passwords of 2019 by analyzing data leaked in various data breaches.

To Survive a Data Breach, Create a Response Playbook

Data Breach Today

Experts Detail Essential Systems and Procedures Every Organization Needs Now Surviving a data breach requires having a plan, and experts say such plans must be continually tested, practiced and refined. Experts detail seven essential components for building an effective data breach response playboo

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don’t overlook physical security

The Last Watchdog

Physical security is the protection of personnel and IT infrastructure (such as hardware, software, and data) from physical actions and events that could cause severe damage to an organization. This includes protection from natural disasters, theft, vandalism, and terrorism. Related: Good to know about IoT Physical security is often a second thought when it comes to information security.

Risk 143

5G Is More Secure Than 4G and 3G—Except When It’s Not

WIRED Threat Level

The next-generation wireless networks make it harder to track and spoof users, but security holes remain because devices still connect to older networks. Security Security / Privacy Business

IT 76

Is IoT undermining our reasonable expectation of privacy?

OpenText Information Management

In the US, the concept of the ‘reasonable expectation of privacy’ came about when the police were considered to have breached the fourth amendment by wiretapping a public phone to capture a gambling ring.

IoT 52

Ready for the New York SHIELD Act?

Data Breach Today

New Law Expands Consumer Protections and Give AG Additional Oversight While CCPA has drawn the biggest headlines when it comes to new U.S. privacy laws, businesses and consumers should also take notice of New York's SHIELD Act, which goes into effect in March 2020.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Why Ring Doorbells Perfectly Exemplify the IoT Security Crisis

WIRED Threat Level

A new wave of reports about the home surveillance cameras getting hijacked by creeps is painfully familiar. Security Security / Cyberattacks and Hacks

IoT 83

Ransomware at Colorado IT Provider Affects 100+ Dental Offices

Krebs on Security

A Colorado company that specializes in providing IT services to dental offices suffered a ransomware attack this week that is disrupting operations for more than 100 dentistry practices, KrebsOnSecurity has learned. Multiple sources affected say their IT provider, Englewood, Colo.

MY TAKE: Why it’s now crucial to preserve PKI, digital certificates as the core of Internet security

The Last Watchdog

For decades, the cornerstone of IT security has been Public Key Infrastructure, or PKI , a system that allows you to encrypt and sign data, issuing digital certificates that authenticate the identity of users. Related: How PKI could secure the Internet of Things If that sounds too complicated to grasp, take a look at the web address for the home page of this website. Take note of how the URL begins with HTTPS. The ‘S’ in HTTPS stands for ‘secure.’

Google warned 12K+ users targeted by state-sponsored hackers

Security Affairs

Google revealed that over 12,000 of its users were targeted by state-sponsored hackers in the third quarter of this year.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Cameras that Automatically Detect Mobile Phone Use

Schneier on Security

New South Wales is implementing a camera system that automatically detects when a driver is using a mobile phone. australia cameras cars phones

101
101

Mixcloud Breach Affects 21 Million Accounts

Data Breach Today

Hashed Passwords Were Leaked; No Financial Data Exposed Digital streaming platform Mixcloud says it is the victim of a data breach after an attacker shared personal data for registered users with several media outlets, including Vice and ZDNet.

Sales 264

Weekly Update 167

Troy Hunt

It's summer! Yes, I know it's back to front for many of you but Dec 1 means it's sunnier than ever here.

IT 89

The iPhone 11 Pro’s Location Data Puzzler

Krebs on Security

One of the more curious behaviors of Apple’s new iPhone 11 Pro is that it intermittently seeks the user’s location information even when all applications and system services on the phone are individually set to never request this data.

I Ditched Google for DuckDuckGo. Here's Why You Should Too

WIRED Threat Level

Once you realize most things you search for online are boring and obvious, you realize you don't really need Google in your life. . Security Security / Security Advice

Clop Ransomware attempts to disable Windows Defender and Malwarebytes

Security Affairs

Experts discovered a new malware dubbed Clop ransomware that attempts to remove Malwarebytes and other security products.

The United Kingdom Leaks Home Addresses of Prominent Brits

Adam Levin

2020 seems to be getting off to an inauspicious start with the compromise of the home addresses of prominent UK citizens–many of them in lines of work that could make them targets for crime.

The Lifecycle of Stolen Payment Data

Data Breach Today

Fiserv's Christine El Eris on How Fraudsters Sit on and Sell Stolen Card Data Even in the post-EMV era, payment card data is very much thriving on the dark web. Why is data still so accessible to fraudsters, and how can card issuers and merchants alike improve card data security?

Access 207

Cloud Data Security: Who Should Hold the Keys?

Thales eSecurity

Nearly half (48%) of all corporate data is stored in the cloud according to the 2019 Thales Global Cloud Security Study conducted by the Ponemon Institute.

Ransomware at IT Services Provider Synoptek

Krebs on Security

Synoptek , a California business that provides cloud hosting and IT management services to more than a thousand customer nationwide, suffered a ransomware attack this week that has disrupted operations for many of its clients, according to sources.

The Most Dangerous People on the Internet This Decade

WIRED Threat Level

In the early aughts the internet was less dangerous than it was disruptive. That's changed. . Security Security / Security News

IT 82

Data of 21 million Mixcloud users available for sale on the dark web

Security Affairs

The online music streaming service Mixcloud was recently breached by a hacker that is attempting to sell stolen user data a dark web marketplace.

Sales 112

ToTok Is an Emirati Spying Tool

Schneier on Security

The smartphone messaging app ToTok is actually an Emirati spying tool : But the service, ToTok, is actually a spying tool, according to American officials familiar with a classified intelligence assessment and a New York Times investigation into the app and its developers.