Is All Encryption Equal?

Thales eSecurity

Data encryption has been around almost since the age of computers. In truth, anyone with minimal experience can write a simple script that uses default services built into virtually every OS to encrypt data. The answer to these question changes your encryption strategy.

GDPR Compliance – Encryption

Perficient Data & Analytics

Nowhere GDPR Articles mention that encryption is necessary but implementing such measures can reduce the occurrence of a data breach. In the event of a breach, one need not inform the data subjects if proper data protection measures have been applied. Standard Encryption.

Encrypted Messaging Apps Have Limitations You Should Know

WIRED Threat Level

As recent events have shown, using an encrypted messaging app like WhatsApp or Signal is no privacy panacea. Security

Why Enterprises Should Control Their Encryption Keys

Thales eSecurity

Cloud providers have done a good job of integrating default encryption services within their core infrastructure. However, as discussed in previous blogs , the encryption service is only as secure as the keys that are used to encrypt the data.

Boards Now Face ‘the Encryption Question’

Thales eSecurity

So, what are we doing about encryption?”. A spokesperson later added that this will focus on ensuring universal encryption of passport numbers. Marriott’s response may well set a new normal, in the travel industry: all sensitive traveler data should be encrypted.

Malicious developer distributed tainted version of Event-Stream NodeJS Module to steal Bitcoins

Security Affairs

Hacker compromised third-party NodeJS module “Event-Stream” introducing a malicious code aimed at stealing funds in Bitcoin wallet apps. The Event-Stream library is a very popular NodeJS module used to allow developers the management of data streams, it has nearly 2 million downloads a week. The bad news is that the code remained undetected for more than 2 months because it was encrypted. For example: $ npm ls event-stream flatmap -stream.

Guest Blog: End-to-End Data Encryption with Data Reduction from Thales & Pure Storage

Thales eSecurity

At the 2019 RSA Conference, Pure Storage and Thales introduced Vormetric Transparent Encryption for Efficient Storage – the IT and security industries’ first end-to-end data encryption framework that realizes storage array data reduction. Storage Costs of Encrypted Data.

Learn About the Underground World of Anti-Cheats at Black Hat Europe

Dark Reading

Applied Security Briefing lineup for this December event also includes expert looks at Google's ClusterFuzz and the art of breaking PDF encryption

Spotlight Podcast: Unpacking Black Hat Hacks with Digicert CTO Dan Timpson

The Security Ledger

Authentication, Encryption and Code Authenticity Core Issues. But if you look behind many of the security demonstrations, a common theme emerges: poor security designs and implementation centered on a trifecta of issues: authentication, encryption and code signing.

IoT 52

Bypassing Passcodes in iOS

Schneier on Security

If a full seven days (168 hours) elapse [sic] since the last time iOS saved one of these events, the Lightning port is entirely disabled," Thomas wrote in a blog post published in a customer-only portal, which Motherboard obtained. apple encryption hacking ios passwords

Emergency Power Outage? Don’t Forget Old-School Redundancy


Hint: Such runbooks should include pesky details like login passwords, software license keys , encryption keys, network topology diagrams, recovery steps, etc.). Backup tape should be stored away from your headquarters or general region, in the event the disaster is greater than just a local power outage. After a sudden power outage, you tend to have questions and want fast answers. I know I did when faced with an unexpected outage during a windy, Friday evening storm.

Paper 40

GUEST ESSAY: Why the hack of South Korea’s weapons, munitions systems was so predictable

The Last Watchdog

war plans, including strategies to be implemented in event of collapsing diplomatic relations. In today’s environment for commercial business, let alone government security and defense agencies, the de rigueur approach for cyber security necessarily includes end-to-end encryption, single sign-on, and two-factor authentication, at minimum.

German DPAs Address a Wide Range of Topics at Annual Conference and Adopt Resolutions

Hunton Privacy

securing electronic communications by implementing and developing end-to-end encryption. Resolution on End-to-End Encryption. They request that the public sector takes a leadership role and implements “end-to-end” encryption using the “Online Services Computer Interface (OSCI)” standard developed by the federal state of Bremen. European Union Events Health Privacy International Online Privacy Data Protection Authority Encryption EU Regulation Germany

Protecting Big Data, while Preserving Analytical Agility

Thales eSecurity

Moreover, encryption keys must be protected and managed in a trusted manner for security and compliance with regulations. So, while strong encryption secures data, it must be done in a manner that does not impact performance or interfere with the database query process.

IoT and Quantum Computing’s Impact on the Federal Government

Thales eSecurity

The focus on the rest of 2019 and looking ahead to 2020 was very clear when I attended two recent industry events. I spoke at both an Air Force Information Technology and Cyberpower (AFITC) training event and the 2019 Billington Cybersecurity Summit.

IoT 100

Virginia Adds State Income Tax Provision to Data Breach Notification Law

Hunton Privacy

Recently, Virginia passed an amendment to its data breach notification law that adds state income tax information to the types of data that require notification to the Virginia Office of the Attorney General in the event of unauthorized access and acquisition of such data. State Law Consumer Protection Encryption Personal Data State Attorneys General Virginia

UK ICO Issues Unprecedented Fine Against Mobile Phone Retailer for Lax Security

Hunton Privacy

In its decision, the ICO meticulously detailed the chronology of events and technical failures that led to the breach. the encryption keys for historical transactions were not stored safely. Cybersecurity Enforcement International Security Breach Encryption EU Regulation Information Commissioners Office Penalty Personal Data Privacy United Kingdom

Q&A: Here’s how Google’s labeling HTTP websites “Not Secure” will strengthen the Internet

The Last Watchdog

In a move to blanket the Internet with encrypted website traffic, Google is moving forward with its insistence that straggling website publishers adopt HTTPS Secure Sockets Layer (SSL). SSL and TLS come into play in the form of digital certificates issued by Certificate Authorities (CAs) — vendors that diligently verify the authenticity of websites, and then also help the website owners encrypt the information consumers type into web page forms.

iNSYNQ Ransom Attack Began With Phishing Email

Krebs on Security

Because of the quick reaction we had, we were able to contain the encryption part” to roughly 50 percent of customer systems, he said. “It’s one thing to prepare for these sorts of events but it’s an entirely different experience to deal with first hand.”

The state of European cybersecurity and lessons to learn

Thales eSecurity

Encryption, encryption, encryption. Only 27% of European organisations encrypt their data, leaving the door wide open to the likes of cyber-criminals and hacktivists.

China Releases National Standard on Personal Information Security

Hunton Privacy

Encryption measures must be adopted whenever sensitive personal information is retained. In the event of an actual data breach incident, the enterprise must inform the affected data subjects by email, letter, telephone or other reasonable and efficient method. Cybersecurity Information Security Online Privacy Security Breach Anonymization China Consent Data Processor Encryption Information Sharing Personal Data Personal Information Privacy Privacy Policy

Pitney-Bowes the Target of Ransomware

Adam Levin

It has been confirmed that our systems have been affected by a malware attack that encrypted information on some systems and disrupted client access to our services. mailing services company Pitney-Bowes experienced services outages after a ransomware attack earlier this week. “It

Retailers Face Many Challenges, Data Security Doesn’t Have to be One of the Them

Thales eSecurity

And herein lies another big challenge for retailers: payment and personal preference data resides inextricably together creating a “perfect storm” in the event of a cyberattack. Retailers must encrypt everything — not just payment or customer preference data.

Korean Privacy Law Updated

Hunton Privacy

encryption of RRNs. Information Security International Compliance Consent Data Transfer Encryption Korea Personal Information TelemarketingOn April 26, 2016, Korean law firm Bae, Kim & Lee LLC released a Privacy News Alert outlining amendments to Korea’s Personal Information Protection Act (“PIPA”) and the Act on the Promotion of IT Network Use and Information Protection (“IT Network Act”).

Amended Nebraska Data Breach Notification Law Adds Regulator Notification Requirement

Hunton Privacy

Specifically, the Bill: requires entities to notify the Nebraska Attorney General in the event of a data breach, and no later than notice is provided to Nebraska residents; adds to the definition of “personal information” a user name or email address, in combination with a password or security question and answer, that would permit access to an online account; and. State Law Consumer Protection Encryption Legislation Personal Information Personally Identifiable Information

Own Your Cloud Security

Thales eSecurity

Minimizing your data footprint not only lowers complexity, making it easier to spot misconfigurations, but also reduces the potential damage in the event you do become the victim of a breach. It’s hard to believe it’s mid-October.

Cloud 108

Priming the payments ecosystem for explosive growth

Thales eSecurity

This week marks the return of Amazon Prime Day – Amazon’s seasonal retail event which has fast become a masterclass in driving demand and growth through great customer experience.

PCI Security Standards Council Releases Enhanced Validation Requirements for Designated Entities as PCI DSS Version 3.0 Set to Retire

Hunton Privacy

Identify and respond to suspicious events. contains mostly minor updates and clarifications, the new version notably updates the standard’s encryption requirements to clarify that Secure Sockets Layer (“SSL”) and early Transport Layer Security (“TLS”) are not considered strong cryptography, and therefore will no longer be PCI DSS-compliant encryption protocols as of June 30, 2016.

Ransomware, Leakware, Scareware… Oh My!

Thales eSecurity

Encryption is… a panic room for your data and means you’ve treated your data well by preparing for those smash-and-grab attacks in advance. Ransomware essentially comes in two icky flavors: file encryption or cryptolocker. The Dagger of Choice: Encryption with Strong Access Controls.

Supply-Chain Attack against the Electron Development Platform

Schneier on Security

Those modifications can create new event-based "features" that can access the file system, activate a Web cam, and exfiltrate information from systems using the functionality of trusted applications­ -- including user credentials and sensitive data.

Finding the Best Business Cloud Storage with Advanced Security Features – Plus 3 Bonus Security Tips


Event Logging and Two-Factor Authentication. Event logs track notifications, errors, and events happening in the background of your computer. If you suspect malicious activity within your network, checking your event log is one way to confirm or dismiss your suspicions.

Achieving Trust: Bake Security into Your Brand

Thales eSecurity

For example, in their terms and conditions, assure customers that all their personal data will be tokenized or encrypted so that in the event of a breach, their data will remain protected. Data is the most valuable online currency a consumer possesses.

SHARED INTEL: Here’s one way to better leverage actionable intel from the profusion of threat feeds

The Last Watchdog

Centripetal also delivers a Splunk-based SIEM (some clients opt for integration into their existing SIEM) that enables the client and Centripetal’s team of cyberthreat analysts to view events and work directly with the customer to identify malicious threats that are infiltrating the network and exfiltrating data. This enables the SIEM, and the other parts of the security stack, to trigger on those events that the cyber threat analysts should be spending their time on,” Rashed says.

How to Ensure Your Digital Security During the Rugby World Cup

Thales eSecurity

Sports fans aren’t the only ones who are looking forward to this event. It’s not like bad actors haven’t taken an interest in major sporting events before. Now that it’s September, the excitement is beginning to build in earnest for the 2019 Rugby World Cup.

IoT 99

Blockchain, Cybersecurity and Global Finance

Hunton Privacy

The technology – a distributed, consensus-driven ledger that enables and records encrypted digital asset transfers without the need of a confirming third party – is revolutionary to global financial services, whose core functions include the trusted intermediary role ( e.g. , payment processor, broker, dealer, custodian). Cybersecurity Financial Privacy Information Security Data Transfer Encryption

Protecting America’s Critical Infrastructure

Thales eSecurity

But any disruption of critical infrastructure is very alarming, and the March event should be a wake-up call about the importance of ensuring utilities are consistently and effectively protecting themselves against cyberattacks.

2018 Global Data Regulations & Compliance Heat Up – Are you Ready?

Thales eSecurity

The only true way to protect data is to encrypt it. Encryption is key when it comes to protecting data. Using encryption solutions like the solutions Thales provides, companies can encrypt their data, rendering the data unintelligible in the event of a breach.