It’s Data Privacy (and Protection) Day!

We live in a data driven world, so it’s important to be good stewards of our own data and the data of others. Each year on January 28, we have a dedicated opportunity to raise awareness about the importance of protecting the privacy of personally identifiable information; encourage compliance with privacy laws and regulations; and create dialogues among stakeholders interested in advancing data protection and privacy. 

What ‘Have I been Pwned?’ taught DHS’s internal cyber chief about passwords

Written by

A website that informs users if their email address has been swept up in a data breach isn’t just popular with vigilant business owners or private security sleuths. The man charged with protecting the Department of Homeland Security’s systems from hackers also maintains an account on the “Have I been Pwned?” website, and it regularly reminds him of the risks passwords pose.

How to decrypt WhatsApp end-to-end media files

At the center of the “Saudis hacked Bezos” story is a mysterious video file investigators couldn’t decrypt, sent by Saudi Crown Prince MBS to Bezos via WhatsApp. In this blog post, I show how to decrypt it. Once decrypted, we’ll either have a smoking gun proving the Saudi’s guilt, or exoneration showing that nothing in the report implicated the Saudis. I show how everyone can replicate this on their own iPhones.

Time for Some Straight Talk Around Network Traffic Analysis

According to research from the Enterprise Strategy Group, 87% of organizations use Network Traffic Analysis (NTA) tools for threat detection and response today, and 43% say that NTA is a “first line of defense” in case of an attack. The increasing IT complexity is one of the main factors in the adoption of NTA tools – growing infrastructure, rise in hybrid and multi cloud deployments, employees accessing the network from any device and any location, and large number of smart devices (IoT/OT) connecting to the network. At the same time, the attack landscape has evolved as well – use of stolen credentials, threats hiding in encrypted traffic, rise in nation-state attacks, and more.

Huawei set for limited UK 5G role, but can we Trust Huawei?

Today the UK Government decided Huawei can be allowed to help build the UK’s 5G network, but remain banned from supplying kit to “sensitive parts” of the core network. The Prime Minister Boris Johnson made long await decision to ends months of concern for the Chinese telecoms giant. 

The PM had briefed US President Donald Trump about the decision. Trump has been very vocal on his stance exclaiming, “we are not going to do business with Huawei”, and recently Trump’s administration is reportedly nearing publication of a rule that could further block shipments of US-made goods to Huawei. Trump administrator has said it ‘is disappointed’ with UK government decision. China had warned the UK there could be “substantial” repercussions to other trade and investment plans had the company been banned outright.

There was ferocious debate in the UK parliament post the government announcement, with MPs calling into question the cybersecurity risks which could prevail – the US says the cybersecurity risks are severe, the UK’s security services say they can be managed, whereas Australia has opted for an outright ban. There’s a clear disconnect and the decision today could cause turmoil to the US/UK working relationship that could ultimately impact a post-Brexit trade deal.

DEF CON 27, Voting Village – Ion Sancho’s ‘The Factors Preventing Fair Effective And Secure Elections’

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn.

Permalink

*** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: https://www.youtube-nocookie.com/embed/TVePOjkIPKk

Wawa Breach May Have Compromised More Than 30 Million Payment Cards

In late December 2019, fuel and convenience store chain Wawa Inc. said a nine-month-long breach of its payment card processing systems may have led to the theft of card data from customers who visited any of its 850 locations nationwide. Now, fraud experts say the first batch of card data stolen from Wawa customers is being sold at one of the underground’s most popular crime shops, which claims to have 30 million records to peddle from a new nationwide breach.

After ransomware took Baltimore hostage, Maryland introduces legislation that bans disclosing the bugs ransomware exploits

Last spring, a Baltimore underwent a grinding, long-term government shutdown after the city’s systems were hijacked by ransomware. This was exacerbated by massive administrative incompetence: the city had not allocated funds for improved security, training or cyberinsurance, despite having had its emergency services network taken over by ransomware the previous hear, and five city CIOs had departed in the previous four years either through firings or forced resignations.

DEF CON 27, Voting Village, John Odum’s – ‘Election Security Threats Posed By Very Small Jurisdictions’

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn.

Permalink

*** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: https://www.youtube-nocookie.com/embed/IQ5uxUYjTdE

Are Small Businesses Protecting Customer Data?

Editor’s note: Data Privacy Day is an international event that occurs every year on Jan. 28. The purpose of Data Privacy Day is to raise awareness and promote privacy and data protection best practices. It is currently observed in the United States, Canada, Israel and 47 European countries. The following story is relevant to this topic.