Sat.Dec 15, 2018 - Fri.Dec 21, 2018

GUEST ESSAY: The true cost of complacency, when it comes to protecting data, content

The Last Watchdog

Facebook was lucky when the Information Commissioner’s Office (ICO)—the UK’s independent authority set up to uphold information rights in the public interest—hit the U.S. social media company with a £500,000 fine. Related: Zuckerberg’s mea culpa rings hollow. This penalty was in connection with Facebook harvesting user data, over the course of seven years — between 2007 and 2014. This user data became part of the now infamous Cambridge Analytica scandal.

A Chief Security Concern for Executive Teams

Krebs on Security

Virtually all companies like to say they take their customers’ privacy and security seriously, make it a top priority, blah blah. But you’d be forgiven if you couldn’t tell this by studying the executive leadership page of each company’s Web site.

GDPR: EU Sees More Data Breach Reports, Privacy Complaints

Data Breach Today

Ireland, France, Germany and UK Report Increases Since Privacy Law Took Effect The number of data breach reports filed since the EU General Data Protection Regulation went into effect has hit nearly 3,500 in Ireland, over 4,600 in Germany, 6,000 in France and 8,000 in the U.K.

Countering Attacks That Leverage IoT

Data Breach Today

Eddie Doyle of Checkpoint Software on Mitigation Strategies How are cybercrime syndicates launching attacks that leverage IoT devices? Eddie Doyle of Check Point Software Technologies offers insights on the latest attack strategies and how to counter them

IoT 155

Drone Denial-of-Service Attack against Gatwick Airport

Schneier on Security

Someone is flying a drone over Gatwick Airport in order to disrupt service: Chris Woodroofe, Gatwick's chief operating officer, said on Thursday afternoon there had been another drone sighting which meant it was impossible to say when the airport would reopen.

Microsoft Issues Emergency Fix for IE Zero Day

Krebs on Security

Microsoft today released an emergency software patch to plug a critical security hole in its Internet Explorer (IE) Web browser that attackers are already using to break into Windows computers.

Risk 215

More Trending

Hackers Intercepted EU Diplomatic Cables for 3 Years

Data Breach Today

Fraudulent Tactics on Amazon Marketplace

Schneier on Security

Fascinating article about the many ways Amazon Marketplace sellers sabotage each other and defraud customers. The opening example: framing a seller for false advertising by buying fake five-star reviews for their products.

Sales 102

Feds Charge Three in Mass Seizure of Attack-for-hire Services

Krebs on Security

US ballistic missile defense systems (BMDS) open to cyber attacks

Security Affairs

Ballistic Missile Defense Systems Fail Cybersecurity Audit. US DoD Inspector General’s report revealed United States’ ballistic missile defense systems (BMDS) fail to implements cyber security requirements. The U.S.

Ireland's Privacy Watchdog Probes Facebook Data Breaches

Data Breach Today

Million Users' Private Photos Exposed, Triggering GDPR Investigation Ireland's privacy watchdog is probing data breaches at Facebook that exposed users' private data. In the latest breach to be disclosed, Facebook has warned that for a 12-day period in September, up to 6.8

Faulty DoD Cybersecurity Leaves U.S. At Risk of Missile Attacks

Adam Levin

The U.S. Ballistic Missile Defense System (BMDS) falls short of critical cybersecurity standards, according to an audit issued by the Department of Defense Inspector General.

2019 may not be the year of quantum, but it should be the year of preparation

Thales eSecurity

A few weeks ago, the National Academies of Sciences, Engineering and Medicine published a new report exploring the progress and prospects – or lack of – around quantum computing.

IT 98

Twitter uncovered a possible nation-state attack

Security Affairs

Twitter discovered a possible nation-state attack while it was investigating an information disclosure flaw affecting its platform. Experts at Twitter discovered a possible state-sponsored attack while they were investigating an information disclosure vulnerability affecting its support forms.

Blog 100

2 Chinese Nationals Indicted for Cyber Espionage

Data Breach Today

Prosecutors Say They Were Part of APT10 Group and Had Government Ties The U.S. Department of Justice on Thursday unsealed an indictment charging two Chinese nationals in connection with a cyber espionage campaign, alleging they acted in association with a government agency

AI for Insight: Three things we learned at the Forrester Data Strategy and Insights Forum

OpenText Information Management

We live in an age of unequaled access to data. By some estimates, the average company has between 150 and 400 terabytes of information stored. A large enterprise may have multiple petabytes, i.e. as much data as all the printed books in the world.

GDPR: What will happen after a no-deal Brexit?

IT Governance

Since a no-deal Brexit is starting to look more and more likely, the UK government last week released additional guidance to supplement the ICO’s (Information Commissioner’s Office) previous description of the future data protection regime.

GDPR 91

Researcher disclosed a Windows zero-day for the third time in a few months

Security Affairs

Security researcher SandboxEscaper released a working proof-of-concept (PoC) exploit for a new Windows zero-day vulnerability. Hacker Discloses New Unpatched Windows Zero-Day Exploit On Twitter.

Twitter Sees Signs of State-Sponsored Attack

Data Breach Today

Separately, Steganographic Cybercrime Scheme Employs Malicious Twitter Memes Twitter says that an unspecified number of its users may have been targeted by state-sponsored hackers seeking to unmask their identity.

Trends 197

A Complete Guide to All 17 (Known) Trump and Russia Investigations

WIRED Threat Level

The investigation in to Russian interference and Donald Trump has sprung so many offshoots, it's hard to keep track. Here's a comprehensive list. It's long. Security

IT 88

Teaching Cybersecurity Policy

Schneier on Security

Peter Swire proposes a a pedagogic framework for teaching cybersecurity policy. Specifically, he makes real the old joke about adding levels to the OSI networking stack: an organizational layer, a government layer, and an international layer. cybersecurity networksecurity

Russia-linked Sofacy APT developed a new ‘Go’ variant of Zebrocy tool

Security Affairs

Researchers at Palo Alto Networks discovered that the Russian-linked Sofacy APT has written a new version of their Zebrocy backdoor using the Go programming language.

Tools 99

Email-Related Breaches: Why Are There So Many?

Data Breach Today

How Addressing Common Mistakes, Security Gaps Can Help Prevent These Incidents Several recent health data breaches point to the need to better mitigate the risks posed by email. Why do these incidents keep happening, and what can be done to help prevent them

How Russian Trolls Used Meme Warfare to Divide America

WIRED Threat Level

A new report for the Senate exposes how the IRA used every major social media platform to target Americans before and after the 2016 election. Security

OpenText buys Liaison Technologies

OpenText Information Management

I’m pleased to announce that OpenText has acquired Liaison Technologies, a recognized leader in cloud-based information integration and data management solutions.

Malware controlled through commands hidden in memes posted on Twitter

Security Affairs

New Malware Takes Commands From Memes Posted On Twitter. Security researchers at Trend Micro have spotted a new strain of malware that retrieved commands from memes posted on a Twitter account controlled by the attackers.

Data Leak Exposes Psychologists' Home Addresses

Data Breach Today

Leak Has Been Reported to Australia's Data Regulator A large health insurer in Western Australia shared the home addresses of some psychologists to a web-based appointment booking service, according to a news report.

NASA Announces Data Breach

Adam Levin

The US National Aeronautics and Space Administration has announced that it experienced a data breach in October.

Congressional Report on the 2017 Equifax Data Breach

Schneier on Security

The US House of Representatives Committee on Oversight and Government Reform has just released a comprehensive report on the 2017 Equifax hack. It's a great piece of writing, with a detailed timeline, root cause analysis, and lessons learned. Lance Spitzner also commented on this.

Czech cyber-security agency warns over Huawei, ZTE security threat

Security Affairs

A Czech cyber-security agency is warning against using Huawei and ZTE technologies because they pose a threat to state security.

Why Perimeter Security Still Matters

Data Breach Today

Adam Bixler of Netscout on Countering Evolving Attacks Why do CISOs need to continue to pay attention to perimeter security? Adam Bixler of Netscout Systems provides insights on the importance of countering rapidly evolving perimeter attacks

Amnesty Report: Twitter Abuse Toward Women Is Rampant

WIRED Threat Level

Frustrated by Twitter's silence on abuse against women, Amnesty International crowdsourced its own data and found that the platform was especially toxic for black women. Security

Data 83

Your checklist for responding to and reporting data breaches

IT Governance

This blog has been updated to reflect industry updates. Originally published 25 October 2018. There is a lot you need to do after you discover a data breach, so it’s a good idea to keep a checklist.

Twitter fixed bug could have exposed Direct Messages to third-party apps

Security Affairs

Researcher Terence Eden discovered that the permissions dialog when authorizing certain apps to Twitter could expose direct messages to the third-party. The flaw is triggered when apps that require a PIN to complete the authorization process instead of the using the OAuth protocol.