We live in a data driven world, so it’s important to be good stewards of our own data and the data of others. Each year on January 28, we have a dedicated opportunity to raise awareness about the importance of protecting the privacy of personally identifiable information; encourage compliance with privacy laws and regulations; and create dialogues among stakeholders interested in advancing data protection and privacy.
As adversaries get craftier, Marine Corps cyber official touts appeal of zero-trust security
Written by Shannon Vavra
As the Department of Defense tries to be more proactive about preventing hackers from gaining access to its networks, the Marine Corps is working to implement zero-trust security, a top Marine Corps cybersecurity official said Tuesday.
What ‘Have I been Pwned?’ taught DHS’s internal cyber chief about passwords
Written by Sean Lyngaas
A website that informs users if their email address has been swept up in a data breach isn’t just popular with vigilant business owners or private security sleuths. The man charged with protecting the Department of Homeland Security’s systems from hackers also maintains an account on the “Have I been Pwned?” website, and it regularly reminds him of the risks passwords pose.
How to decrypt WhatsApp end-to-end media files
At the center of the “Saudis hacked Bezos” story is a mysterious video file investigators couldn’t decrypt, sent by Saudi Crown Prince MBS to Bezos via WhatsApp. In this blog post, I show how to decrypt it. Once decrypted, we’ll either have a smoking gun proving the Saudi’s guilt, or exoneration showing that nothing in the report implicated the Saudis. I show how everyone can replicate this on their own iPhones.
There’s no evidence the Saudis hacked Jeff Bezos’s iPhone
There’s no evidence the Saudis hacked Jeff Bezos’s iPhone.
Weekly Threat Briefing: Over Half of Organisations Were Successfully Phished In 2019
The various threat intelligence stories in this iteration of the Weekly Threat Briefing (WTB) discusses the following topics: BitPyLock, Business Email Compromise, Data Breaches, Konni Group, Phishing and Zero-Day Bugs. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity.
Time for Some Straight Talk Around Network Traffic Analysis
According to research from the Enterprise Strategy Group, 87% of organizations use Network Traffic Analysis (NTA) tools for threat detection and response today, and 43% say that NTA is a “first line of defense” in case of an attack. The increasing IT complexity is one of the main factors in the adoption of NTA tools – growing infrastructure, rise in hybrid and multi cloud deployments, employees accessing the network from any device and any location, and large number of smart devices (IoT/OT) connecting to the network. At the same time, the attack landscape has evolved as well – use of stolen credentials, threats hiding in encrypted traffic, rise in nation-state attacks, and more.
Acting Secretary Wolf Commemorates USCG Blackthorn Memorial
WASHINGTON – Today, Acting Secretary of Homeland Security Chad F. Wolf and U.S. Coast Guard Commandant Admiral Karl Schultz delivered remarks at the United States Coast Guard memorial service for the Coast Guard Cutter Blackthorn in St. Petersburgh, Florida.
Computer science researchers in Texas expose security risks of micromobility vehicles
Researchers at the Department of Computer Science of the University of Texas at San Antonio (UTSA) have recently exposed vulnerabilities in the micromobility ecosystem that may compromise the security, safety and privacy of users of battery-powered electric scooters.
The Cost of CCPA Noncompliance Is Steeper Than You Think
The new year is upon us, and with it, the strongest consumer data protection law in the U.S.: the California Consumer Privacy Act (CCPA).
A Christian-friendly payments processor spilled 6 million transaction records online
A little-known payments processor, which bills itself as a Christian-friendly company that does “not process credit card transactions for morally objectionable businesses,” left a database containing years’ worth of customer payment transactions online.
Huawei set for limited UK 5G role, but can we Trust Huawei?
Today the UK Government decided Huawei can be allowed to help build the UK’s 5G network, but remain banned from supplying kit to “sensitive parts” of the core network. The Prime Minister Boris Johnson made long await decision to ends months of concern for the Chinese telecoms giant.
The PM had briefed US President Donald Trump about the decision. Trump has been very vocal on his stance exclaiming, “we are not going to do business with Huawei”, and recently Trump’s administration is reportedly nearing publication of a rule that could further block shipments of US-made goods to Huawei. Trump administrator has said it ‘is disappointed’ with UK government decision. China had warned the UK there could be “substantial” repercussions to other trade and investment plans had the company been banned outright.
There was ferocious debate in the UK parliament post the government announcement, with MPs calling into question the cybersecurity risks which could prevail – the US says the cybersecurity risks are severe, the UK’s security services say they can be managed, whereas Australia has opted for an outright ban. There’s a clear disconnect and the decision today could cause turmoil to the US/UK working relationship that could ultimately impact a post-Brexit trade deal.
Privacy still eroding on National Data Privacy Day
On National Data Privacy Day, we find little has changed in what numerous privacy advocates and experts have called “the golden age of surveillance.”
DEF CON 27, Voting Village – Ion Sancho’s ‘The Factors Preventing Fair Effective And Secure Elections’
Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn.
*** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: https://www.youtube-nocookie.com/embed/TVePOjkIPKk
Wawa Breach May Have Compromised More Than 30 Million Payment Cards
In late December 2019, fuel and convenience store chain Wawa Inc. said a nine-month-long breach of its payment card processing systems may have led to the theft of card data from customers who visited any of its 850 locations nationwide. Now, fraud experts say the first batch of card data stolen from Wawa customers is being sold at one of the underground’s most popular crime shops, which claims to have 30 million records to peddle from a new nationwide breach.
After ransomware took Baltimore hostage, Maryland introduces legislation that bans disclosing the bugs ransomware exploits
Last spring, a Baltimore underwent a grinding, long-term government shutdown after the city’s systems were hijacked by ransomware. This was exacerbated by massive administrative incompetence: the city had not allocated funds for improved security, training or cyberinsurance, despite having had its emergency services network taken over by ransomware the previous hear, and five city CIOs had departed in the previous four years either through firings or forced resignations.
Zoom squashed a bug that left private meetings unprotected
Written by Jeff Stone
Corporate conferencing software provider Zoom patched a security flaw that could have enabled hackers to spy on private meetings, the company says.
DEF CON 27, Voting Village, John Odum’s – ‘Election Security Threats Posed By Very Small Jurisdictions’
Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn.
*** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: https://www.youtube-nocookie.com/embed/IQ5uxUYjTdE
Making Sure You’re PCI DSS 3.2 Compliant? MFA to the Rescue
Are Small Businesses Protecting Customer Data?
Editor’s note: Data Privacy Day is an international event that occurs every year on Jan. 28. The purpose of Data Privacy Day is to raise awareness and promote privacy and data protection best practices. It is currently observed in the United States, Canada, Israel and 47 European countries. The following story is relevant to this topic.