We live in a data driven world, so it’s important to be good stewards of our own data and the data of others. Each year on January 28, we have a dedicated opportunity to raise awareness about the importance of protecting the privacy of personally identifiable information; encourage compliance with privacy laws and regulations; and create dialogues among stakeholders interested in advancing data protection and privacy.
Written by Shannon Vavra
As the Department of Defense tries to be more proactive about preventing hackers from gaining access to its networks, the Marine Corps is working to implement zero-trust security, a top Marine Corps cybersecurity official said Tuesday.
Written by Sean Lyngaas
A website that informs users if their email address has been swept up in a data breach isn’t just popular with vigilant business owners or private security sleuths. The man charged with protecting the Department of Homeland Security’s systems from hackers also maintains an account on the “Have I been Pwned?” website, and it regularly reminds him of the risks passwords pose.
At the center of the “Saudis hacked Bezos” story is a mysterious video file investigators couldn’t decrypt, sent by Saudi Crown Prince MBS to Bezos via WhatsApp. In this blog post, I show how to decrypt it. Once decrypted, we’ll either have a smoking gun proving the Saudi’s guilt, or exoneration showing that nothing in the report implicated the Saudis. I show how everyone can replicate this on their own iPhones.
There’s no evidence the Saudis hacked Jeff Bezos’s iPhone.
The various threat intelligence stories in this iteration of the Weekly Threat Briefing (WTB) discusses the following topics: BitPyLock, Business Email Compromise, Data Breaches, Konni Group, Phishing and Zero-Day Bugs. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity.
According to research from the Enterprise Strategy Group, 87% of organizations use Network Traffic Analysis (NTA) tools for threat detection and response today, and 43% say that NTA is a “first line of defense” in case of an attack. The increasing IT complexity is one of the main factors in the adoption of NTA tools – growing infrastructure, rise in hybrid and multi cloud deployments, employees accessing the network from any device and any location, and large number of smart devices (IoT/OT) connecting to the network. At the same time, the attack landscape has evolved as well – use of stolen credentials, threats hiding in encrypted traffic, rise in nation-state attacks, and more.
WASHINGTON – Today, Acting Secretary of Homeland Security Chad F. Wolf and U.S. Coast Guard Commandant Admiral Karl Schultz delivered remarks at the United States Coast Guard memorial service for the Coast Guard Cutter Blackthorn in St. Petersburgh, Florida.
Researchers at the Department of Computer Science of the University of Texas at San Antonio (UTSA) have recently exposed vulnerabilities in the micromobility ecosystem that may compromise the security, safety and privacy of users of battery-powered electric scooters.
The new year is upon us, and with it, the strongest consumer data protection law in the U.S.: the California Consumer Privacy Act (CCPA).
A little-known payments processor, which bills itself as a Christian-friendly company that does “not process credit card transactions for morally objectionable businesses,” left a database containing years’ worth of customer payment transactions online.
The PM had briefed US President Donald Trump about the decision. Trump has been very vocal on his stance exclaiming, “we are not going to do business with Huawei”, and recently Trump’s administration is reportedly nearing publication of a rule that could further block shipments of US-made goods to Huawei. Trump administrator has said it ‘is disappointed’ with UK government decision. China had warned the UK there could be “substantial” repercussions to other trade and investment plans had the company been banned outright.
There was ferocious debate in the UK parliament post the government announcement, with MPs calling into question the cybersecurity risks which could prevail – the US says the cybersecurity risks are severe, the UK’s security services say they can be managed, whereas Australia has opted for an outright ban. There’s a clear disconnect and the decision today could cause turmoil to the US/UK working relationship that could ultimately impact a post-Brexit trade deal.
On National Data Privacy Day, we find little has changed in what numerous privacy advocates and experts have called “the golden age of surveillance.”
*** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: https://www.youtube-nocookie.com/embed/TVePOjkIPKk
In late December 2019, fuel and convenience store chain Wawa Inc. said a nine-month-long breach of its payment card processing systems may have led to the theft of card data from customers who visited any of its 850 locations nationwide. Now, fraud experts say the first batch of card data stolen from Wawa customers is being sold at one of the underground’s most popular crime shops, which claims to have 30 million records to peddle from a new nationwide breach.
Last spring, a Baltimore underwent a grinding, long-term government shutdown after the city’s systems were hijacked by ransomware. This was exacerbated by massive administrative incompetence: the city had not allocated funds for improved security, training or cyberinsurance, despite having had its emergency services network taken over by ransomware the previous hear, and five city CIOs had departed in the previous four years either through firings or forced resignations.
Written by Jeff Stone
Corporate conferencing software provider Zoom patched a security flaw that could have enabled hackers to spy on private meetings, the company says.
*** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: https://www.youtube-nocookie.com/embed/IQ5uxUYjTdE
Editor’s note: Data Privacy Day is an international event that occurs every year on Jan. 28. The purpose of Data Privacy Day is to raise awareness and promote privacy and data protection best practices. It is currently observed in the United States, Canada, Israel and 47 European countries. The following story is relevant to this topic.