Customer data & marketing operations: Keeping your data safe on the journey to GDPR compliance

Emails. Web forms. Events. [Oh my!] These marketing tactics are all designed to gather, store, and evolve relationships with your prospects, customers, and partners. Often times, they are the first point of contact for your organization from the outside world—and they all feed into your marketing automation systems. With the General Data Protection Regulation (GDPR) that comes into effect on May 25th, 2018, it’s critical that the Marketing Operations teams are an integral part of the compliance process.

Hackers Built a ‘Master Key’ For Millions of Hotel Rooms

An anonymous reader writes: Security researchers have built a master key that exploits a design flaw in a popular and widely used hotel electronic lock system, allowing unfettered access to every room in the building. The electronic lock system, known as Vision by VingCard and built by Swedish lock manufacturer Assa Abloy, is used in more than 42,000 properties in 166 countries, amounting to millions of hotel rooms — as well as garages and storage units. These electronic lock systems are commonplace in hotels, used by staff to provide granular controls over where a person can go in a hotel — such as their room — and even restricting the floor that the elevator stops at. And these keys can be wiped and reused when guests check-out.

It turns out these key cards aren’t as secure as first thought. F-Secure’s Tomi Tuominen and Timo Hirvonen, who carried out the work, said they could create a master key ‘basically out of thin air.’ Any key card will do. Even old and expired, or discarded keys retain enough residual data to be used in the attack. Using a handheld device running custom software, the researchers can steal data off of a key card — either using wireless radio-frequency identification (RFID) or the magnetic stripe. That device then manipulates the stolen key data, which identifies the hotel, to produce an access token with the highest level of privileges, effectively serving as a master key to every room in the building.

Take back the initiative on DDoS protection – it’s time to be proactive

Since Mirai and its subsequent variants let the genie out of the bottle, DDoS attacks powered by the Internet of Things have become ubiquitous. As more and more IoT devices join the world’s networks – predicted by Gartner to be 24 billion by 2020 – so the potential for cybercriminals to recruit unsecured devices to botnets and wreak havoc through DDoS increases, and we see advanced multi-vector attacks that evolve in sophistication almost as fast as we can register them. Figures show that there were 7.5million DDoS attacks in 2017, with the frequency of those passing 500GBPS increasing four-fold and some notable incidents reaching as high as 1.7 TBPS. A10’s own research found that 38% of organisations said they had been affected by a DDoS attack in the last 12 months.

IDG Contributor Network: Doing security policies right

Most sophisticated businesses have at least some form of a security policy for their organizations.  Unfortunately, all too often, those policies are inadequate, fail to comply with applicable regulatory requirements, are profoundly complex and difficult for the average employee to understand, and almost always aren’t updated in a timely manner.

RSA Conference 2018 Recap: Building a Foundation for Tomorrow’s Cybersecurity

The RSA Conference has gotten bigger and louder — not just because of the clamoring sounds of tens of thousands of attendees, but also due to the din of construction equipment as San Francisco works to rebuild the Moscone Center. Despite all the noise, this year’s attendees heard a number of key themes reverberating loud and clear throughout the conference as experts shared ideas about where the industry is heading and how security professionals can build strong foundations for the future.

WTB: Energetic Bear/Crouching Yeti: attacks on servers

The intelligence in this week’s iteration discuss the following threats: Adblocker Malware, APT28, ARS VBS Loader, Desert Scorpion, DNS Hijacking, Mukstik, PBot, Roaming Mantis, SquirtDanger, Stresspaint, and XiaoBa. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.

The Risks of Bio-IoT

Trend Micro has been protecting its customers now for almost 30 years. Over that time our mission has not changed. We still fight every day to make the world a safer place to exchange digital information. However, our messaging has needed to evolve to take account of the ever-changing threat landscape, as well as the evolution in user behavior and customers’ IT infrastructure.

How to Manage an Insecure Employee

When employees lack self-confidence, it can be hard to get them to perform at their best. So how can you help them excel at their job? What kind of coaching should you provide? What’s the best way to boost their self-esteem? And how do you deal with your own frustration around their insecure behavior?

BrandPost: Fireside Chat with Renesas Electronics: Talking Security & Threat Protection for Connected Cars

Connected vehicles are the next major technology innovation disrupting the automotive industry. With 3D mapping, smart device integration, cloud-based services, advanced LAN/CAN networks, and autonomous driving defining the connected car of the future, the cyber risks are enormous. And with IoT devices connecting to the car network to access content and applications, the attack surface is even larger. Integrated security is paramount for the safety and consumer confidence in the connected car.

Tech-Support Scammers Are Ramping Up Attacks, Says Microsoft

Microsoft overnight announced that it received 153,000 reports in 2017 from customers who’d come in contact with tech-support scammers via a cold call, spam, or the web. The reports from customers last year were up 24 percent on 2016, with filings coming from 183 countries. Despite being a well-known fraud, some 15 percent of Microsoft customers who reported incidents lost money. Losses were typically between $200 and $400 each. Tim Helming, Director of Product Management at DomainTools commented below.

Protecting Your Employees’ Home IT From Cyberthreats

Increasingly, corporations are realizing that helping employees protect their home IT reduces risks to the company. Depending on the organization’s policies, employees may work with sensitive data or interact with self-service HR platforms remotely, and securing employees’ home technology is in the best interest of the enterprise.