Sat.Dec 08, 2018 - Fri.Dec 14, 2018

Scanning for Flaws, Scoring for Security

Krebs on Security

Is it fair to judge an organization’s information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices?

Expert devised a new WiFi hack that works on WPA/WPA2

Security Affairs

The popular expert Jens ‘Atom’ Steube devised a new WiFi hack that allows cracking WiFi passwords of most modern routers.

GDPR: 8,000 Data Breach Reports Filed So Far in UK

Data Breach Today

Privacy Watchdog Counts 41 Daily Breach Reports Since GDPR Enforcement Began The U.K.'s s privacy watchdog says that six months after enforcement of the EU's General Data Protection Regulation began, it's seen a dramatic increase in data breach reports - as well as privacy complaints from the publi

GUEST ESSAY: ‘Tis the season — to take proactive measures to improve data governance

The Last Watchdog

The holiday season is upon us and the bright lights and greenery aren’t the only indicators that we’ve reached December. Sadly, data breaches often occur at this time of year. Recently we’ve seen major news stories about breaches at Starwood Hotels and Quora. Related podcast: The need to lock down unstructured data. Last year, at this time, it was announced that there was a significant privacy leak at eBay affecting many customers.

How Internet Savvy are Your Leaders?

Krebs on Security

Back in April 2015, I tweeted about receiving a letter via snail mail suggesting the search engine rankings for a domain registered in my name would suffer if I didn’t pay a bill for some kind of dubious-looking service I’d never heard of.

Real-Time Attacks Against Two-Factor Authentication

Schneier on Security

More Trending

NetSecOPEN names founding members, appoints inaugural board of directors

The Last Watchdog

SAN JOSE, Calif. – 11, 2018 – NetSecOPEN , the first industry organization focused on the creation of open, transparent network security performance testing standards, today announced that 11 prominent security vendors, test solutions and services vendors, and testing laboratories have joined the organization as founding members. Related podcast: The importance of sharing alliances.

Patch Tuesday, December 2018 Edition

Krebs on Security

Adobe and Microsoft each released updates today to tackle critical security weaknesses in their software. Microsoft’s December patch batch is relatively light, addressing more than three dozen vulnerabilities in Windows and related applications.

New Australian Backdoor Law

Schneier on Security

Last week, Australia passed a law [link] the government the ability to demand backdoors in computers and communications systems. Details are still to be defined , but it's really bad. Note: Many people e-mailed me to ask why I haven't blogged this yet. One, I was busy with other things.

Fresh Google+ Bug Exposed 52.2 Million Users' Data

Data Breach Today

Google Advances Date for Mothballing Google+ Social Network for Consumers Google says a buggy API update it pushed last month for its soon-to-be-mothballed Google+ social network exposed personal information for 52.2 million users.

Data 217

GUEST ESSAY: Why corporate culture plays such a pivotal role in deterring data breaches

The Last Watchdog

Picture two castles. The first is impeccably built – state of the art, with impenetrable walls, a deep moat, and so many defenses that attacking it is akin to suicide. The second one isn’t quite as well-made. The walls are reasonably strong, but there are clear structural weaknesses. And while it does have a moat, that moat is easily forded. Related podcast: The case for ‘zero-trust’ security. Obviously, on paper the castle with better defenses is the one that survives a siege.

Spammed Bomb Threat Hoax Demands Bitcoin

Krebs on Security

A new email extortion scam is making the rounds, threatening that someone has planted bombs within the recipient’s building that will be detonated unless a hefty bitcoin ransom is paid by the end of the business day. Sources at multiple U.S. based financial institutions reported receiving the threats, which included the subject line, “I advise you not to call the police.” ” The email reads: My man carried a bomb (Hexogen) into the building where your company is located.

How long do you have to report a data breach?

IT Governance

This blog has been updated to reflect industry updates. Originally published 24 October 2018. The first 72 hours after you become aware of a data breach are critical.

Super Micro: Audit Didn't Find Chinese Spying Chip

Data Breach Today

Firm Says Audit 'Lays to Rest the Unwarranted Accusations' Super Micro says a third-party audit of recent and older motherboards has not turned up evidence of a spying chip as alleged in an explosive report two months ago by Bloomberg BusinessWeek.

Marriott Hack Reported as Chinese State-Sponsored

Schneier on Security

The New York Times and Reuters are reporting that China was behind the recent hack of Mariott Hotels. Note that this is still uncomfirmed, but interesting if it is true.

Tools 91

Facebook Exposed 6.8 Million Users' Photos to Cap Off a Terrible 2018

WIRED Threat Level

In the latest in its long string of 2018 incidents, Facebook let developers access the private photos of millions of users. Security

Google finds bug in Google+ – 52.5 million users affected

IT Governance

Google has announced yet another data breach affecting its Google+ social network.

Weak Encryption Leaves Mobile Health App at Risk for Hacking

Data Breach Today

2018 Annual Report from AI Now

Schneier on Security

The research group AI Now just published its annual report. It's an excellent summary of today's AI security challenges, as well as a policy agenda to address them. This is related, and also worth reading. artificialintelligence reports securityengineering

Hackers defaced Linux.org with DNS hijack

Security Affairs

The Linux.org website was defaced last week via DNS hijack, attackers breached into associated registrar account and changed the DNS settings.

Your DPO questions answered

IT Governance

Organisations have had to get a lot more serious about data processing and information security since the EU GDPR (General Data Protection Regulation) came into effect earlier this year.

Credit Card System Hack Led to HIPAA Breach Report

Data Breach Today

Baylor Scott & White Medical Center - Frisco Notifying Those Affected The hacking of a credit card processing system has prompted a Texas hospital to notify federal regulators and affected individuals of a breach as required by the HIPAA Breach Notification Rule

213
213

9 Trumpworld Figures Who Should Fear Mueller the Most

WIRED Threat Level

After Michael Cohen's sentencing, plenty more people and entities in Trump's orbit potentially sit in the special counsel's crosshairs. Security

Building a foundation of trust for the Internet of Things

Thales Data Security

In the digital transformation era, companies across all sectors are using next-generation technologies to streamline their operations, deliver value to customers, and gain a competitive edge. Invariably, Internet of Things (IoT) strategies form the backbone of those efforts.

IoT 75

Do schools need to appoint a data protection officer?

IT Governance

Finding a qualified DPO is arguably one of the GDPR’s hardest requirements, but is it something that schools need to be concerned about? The EU GDPR (General Data Protection Regulation) contains particularly strong requirements for protecting children’s data.

How to Maximize Data Used to Fight Fraud

Data Breach Today

Splunk's Jim Apger on Streamlining Omni-Channel Defenses The data being used to drive effective anti-fraud efforts can be rich in context and useful for other activities. Jim Apger of Splunk describes emerging fraud schemes and solutions, highlighting the role of machine learning

How To 194

Five reasons to choose OpenText Exstream for Salesforce

OpenText Information Management

OpenText Exstream™ has consistently been recognized by analysts as a leader in the Customer Communications Management (CCM) space for over 10 years.

Tools 74

An open letter to our customers and partners

Thales Data Security

As you will no doubt have heard by now, Thales and Gemalto announced last December that they had reached an agreement under which Thales will acquire Gemalto by way of an all-cash offer, upon receipt of all regulatory clearances.

Blog 74

How the ICO measures GDPR compliance

IT Governance

Whenever someone mentions the GDPR (General Data Protection Regulation) , one of the first things they discuss is the potential for huge fines that it brings. But there’s no universal system for monitoringcompliance and handing out fines.

HIPAA Case: Hospital Fined for Ex-Employee's Access to PHI

Data Breach Today

Enforcement Action is the Third in Recent Weeks, Eighth This Year In its third enforcement action in recent weeks, federal regulators have hit a Colorado medical center with a HIPAA fine in a case involving failure to terminate a former employee's remote access to patient data.

Access 188

Germany: First court decision on claims for immaterial damages under GDPR

DLA Piper Privacy Matters

The Local Court ( Amtsgericht ) Diez (in a final decision dated 7 November 18, case number 8 C 130/18) was the first German court – and as far as we know the first court EU-wide – to decide on a claim for immaterial damages under Art. 82 (1) GDPR. The main question was how to calculate a claim for immaterial damages caused by a single email that violated the provisions of the GDPR. Noticeable impairment required.

GDPR 74

5 Reasons Why Information Governance and Cybersecurity Go Hand in Hand

InfoGoTo

It’s a logical partnership. Those who know and manage the data working closely with those who strive to protect it – information governance and IT functioning in tandem.

Operation Sharpshooter targets critical infrastructure and global defense

Security Affairs

McAfee uncovered a campaign tracked as Operation Sharpshooter that hit at least 87 organizations in global defense and critical infrastructure. Security experts at McAfee uncovered a hacking campaign, tracked as Operation Sharpshooter, aimed at infrastructure companies worldwide.

Breach Response: When to Involve the Board and PR

Data Breach Today

Attorney Mark Rasch on How to Prepare and Practice Your Response In the wake of the recent Marriott and National Republican Congressional Committee data breaches, now is the time to get your board's attention regarding breach response and public disclosures.