Sat.Dec 15, 2018 - Fri.Dec 21, 2018

GUEST ESSAY: The true cost of complacency, when it comes to protecting data, content

The Last Watchdog

Facebook was lucky when the Information Commissioner’s Office (ICO)—the UK’s independent authority set up to uphold information rights in the public interest—hit the U.S. social media company with a £500,000 fine. Related: Zuckerberg’s mea culpa rings hollow. This penalty was in connection with Facebook harvesting user data, over the course of seven years — between 2007 and 2014. This user data became part of the now infamous Cambridge Analytica scandal.

A Chief Security Concern for Executive Teams

Krebs on Security

Virtually all companies like to say they take their customers’ privacy and security seriously, make it a top priority, blah blah. But you’d be forgiven if you couldn’t tell this by studying the executive leadership page of each company’s Web site.

GDPR: EU Sees More Data Breach Reports, Privacy Complaints

Data Breach Today

Ireland, France, Germany and UK Report Increases Since Privacy Law Took Effect The number of data breach reports filed since the EU General Data Protection Regulation went into effect has hit nearly 3,500 in Ireland, over 4,600 in Germany, 6,000 in France and 8,000 in the U.K.

Countering Attacks That Leverage IoT

Data Breach Today

Eddie Doyle of Checkpoint Software on Mitigation Strategies How are cybercrime syndicates launching attacks that leverage IoT devices? Eddie Doyle of Check Point Software Technologies offers insights on the latest attack strategies and how to counter them

IoT 164

Drone Denial-of-Service Attack against Gatwick Airport

Schneier on Security

Someone is flying a drone over Gatwick Airport in order to disrupt service: Chris Woodroofe, Gatwick's chief operating officer, said on Thursday afternoon there had been another drone sighting which meant it was impossible to say when the airport would reopen.

Microsoft Issues Emergency Fix for IE Zero Day

Krebs on Security

Microsoft today released an emergency software patch to plug a critical security hole in its Internet Explorer (IE) Web browser that attackers are already using to break into Windows computers.

Risk 214

More Trending

Hackers Intercepted EU Diplomatic Cables for 3 Years

Data Breach Today

Fraudulent Tactics on Amazon Marketplace

Schneier on Security

Fascinating article about the many ways Amazon Marketplace sellers sabotage each other and defraud customers. The opening example: framing a seller for false advertising by buying fake five-star reviews for their products.

Sales 97

Feds Charge Three in Mass Seizure of Attack-for-hire Services

Krebs on Security

Faulty DoD Cybersecurity Leaves U.S. At Risk of Missile Attacks

Adam Levin

The U.S. Ballistic Missile Defense System (BMDS) falls short of critical cybersecurity standards, according to an audit issued by the Department of Defense Inspector General.

Ireland's Privacy Watchdog Probes Facebook Data Breaches

Data Breach Today

Million Users' Private Photos Exposed, Triggering GDPR Investigation Ireland's privacy watchdog is probing data breaches at Facebook that exposed users' private data. In the latest breach to be disclosed, Facebook has warned that for a 12-day period in September, up to 6.8

2019 may not be the year of quantum, but it should be the year of preparation

Thales Data Security

A few weeks ago, the National Academies of Sciences, Engineering and Medicine published a new report exploring the progress and prospects – or lack of – around quantum computing.

IT 94

AI for Insight: Three things we learned at the Forrester Data Strategy and Insights Forum

OpenText Information Management

We live in an age of unequaled access to data. By some estimates, the average company has between 150 and 400 terabytes of information stored. A large enterprise may have multiple petabytes, i.e. as much data as all the printed books in the world.

A Complete Guide to All 17 (Known) Trump and Russia Investigations

WIRED Threat Level

The investigation in to Russian interference and Donald Trump has sprung so many offshoots, it's hard to keep track. Here's a comprehensive list. It's long. Security

IT 88

2 Chinese Nationals Indicted for Cyber Espionage

Data Breach Today

Prosecutors Say They Were Part of APT10 Group and Had Government Ties The U.S. Department of Justice on Thursday unsealed an indictment charging two Chinese nationals in connection with a cyber espionage campaign, alleging they acted in association with a government agency

Teaching Cybersecurity Policy

Schneier on Security

Peter Swire proposes a a pedagogic framework for teaching cybersecurity policy. Specifically, he makes real the old joke about adding levels to the OSI networking stack: an organizational layer, a government layer, and an international layer. cybersecurity networksecurity

OpenText buys Liaison Technologies

OpenText Information Management

I’m pleased to announce that OpenText has acquired Liaison Technologies, a recognized leader in cloud-based information integration and data management solutions.

Amnesty Report: Twitter Abuse Toward Women Is Rampant

WIRED Threat Level

Frustrated by Twitter's silence on abuse against women, Amnesty International crowdsourced its own data and found that the platform was especially toxic for black women. Security

Data 86

Twitter Sees Signs of State-Sponsored Attack

Data Breach Today

Separately, Steganographic Cybercrime Scheme Employs Malicious Twitter Memes Twitter says that an unspecified number of its users may have been targeted by state-sponsored hackers seeking to unmask their identity.

Trends 210

Congressional Report on the 2017 Equifax Data Breach

Schneier on Security

The US House of Representatives Committee on Oversight and Government Reform has just released a comprehensive report on the 2017 Equifax hack. It's a great piece of writing, with a detailed timeline, root cause analysis, and lessons learned. Lance Spitzner also commented on this.

Pivots and Payloads

Adam Shostack

SANS has announced a new boardgame, “ Pivots and Payloads ,” that “takes you through pen test methodology, tactics, and tools with many possible setbacks that defenders can utilize to hinder forward progress for a pen tester or attacker. The game helps you learn while you play.

How Russian Trolls Used Meme Warfare to Divide America

WIRED Threat Level

A new report for the Senate exposes how the IRA used every major social media platform to target Americans before and after the 2016 election. Security

Email-Related Breaches: Why Are There So Many?

Data Breach Today

How Addressing Common Mistakes, Security Gaps Can Help Prevent These Incidents Several recent health data breaches point to the need to better mitigate the risks posed by email. Why do these incidents keep happening, and what can be done to help prevent them

Your checklist for responding to and reporting data breaches

IT Governance

This blog has been updated to reflect industry updates. Originally published 25 October 2018. There is a lot you need to do after you discover a data breach, so it’s a good idea to keep a checklist.

NASA Announces Data Breach

Adam Levin

The US National Aeronautics and Space Administration has announced that it experienced a data breach in October.

How China’s Elite Spies Stole the World’s Secrets

WIRED Threat Level

A new DOJ indictment outlines how Chinese hackers allegedly compromised data from companies in a dozen countries in a single intrusion. Security

Data 84

Why Perimeter Security Still Matters

Data Breach Today

Adam Bixler of Netscout on Countering Evolving Attacks Why do CISOs need to continue to pay attention to perimeter security? Adam Bixler of Netscout Systems provides insights on the importance of countering rapidly evolving perimeter attacks

GDPR: What will happen after a no-deal Brexit?

IT Governance

Since a no-deal Brexit is starting to look more and more likely, the UK government last week released additional guidance to supplement the ICO’s (Information Commissioner’s Office) previous description of the future data protection regime.

GDPR 77

NASA data breach – The agency notifies employees of a security intrusion

Security Affairs

National Aeronautics and Space Administration (NASA) notifies employees of a data breach that exposed social security numbers and other personal information.

How Instagram Became the Russian IRA's Go-To Social Network

WIRED Threat Level

A Senate report finds that Russia's Internet Research Agency was far more active, and more successful, on Instagram in 2017 than on Facebook or Twitter. Security

Data Leak Exposes Psychologists' Home Addresses

Data Breach Today

Leak Has Been Reported to Australia's Data Regulator A large health insurer in Western Australia shared the home addresses of some psychologists to a web-based appointment booking service, according to a news report.

Facebook Bug Exposes Photos of 6.8 Million Users

Adam Levin

A bug on Facebook gave app developers unauthorized access to the photos of as many as 6.8 million users. The bug, which affected Facebook’s photo API, was active from September 13 through September 25, when it was discovered by Facebook and fixed.

GDPR 75

How Military Tactics Apply to Cybersecurity

eSecurity Planet

Former West Point professor Greg Conti explains how military doctrines apply to cyber security, and what lessons enterprises can learn from that

New Shamoon Variant

Schneier on Security

A new variant of the Shamoon malware has destroyed signifigant amounts of data at a UAE "heavy engineering company" and the Italian oil and gas contractor Saipem. Shamoon is the Iranian malware that was targeted against the Saudi Arabian oil company, Saudi Aramco, in 2012 and 2016.

Data 74