⚠ DEA and ICE hiding cameras in streetlights and traffic barrels ⚠
📖 Read
via "Naked Security".
Drug and immigration cops in the US are buying surveillance cameras to hide in streetlights and traffic barrels.📖 Read
via "Naked Security".
Naked Security
DEA and ICE hiding cameras in streetlights and traffic barrels
Drug and immigration cops in the US are buying surveillance cameras to hide in streetlights and traffic barrels.
⚠ WordPress GDPR compliance plugin hacked ⚠
📖 Read
via "Naked Security".
There's no obvious executable payload in the attack but the attackers may be building a collection of websites and biding their time.📖 Read
via "Naked Security".
Naked Security
WordPress GDPR compliance plugin hacked
There’s no obvious executable payload in the attack but the attackers may be building a collection of websites and biding their time.
🕴 Sophisticated Campaign Targets Pakistan's Air Force 🕴
📖 Read
via "Dark Reading: ".
Espionage campaign uses a variety of new evasion techniques.📖 Read
via "Dark Reading: ".
Darkreading
Sophisticated Campaign Targets Pakistan's Air Force
Espionage campaign uses a variety of new evasion techniques.
❌ Podcast: IoT Firms Face a ‘Tidal Wave’ of Lawsuits, Attorney Explains ❌
📖 Read
via "Threatpost | The first stop for security news".
An attorney in the infamous 2015 Jeep hack predicts that more lawsuits related to IoT security are looming in the future.📖 Read
via "Threatpost | The first stop for security news".
Threat Post
Podcast: IoT Firms Face a ‘Tidal Wave’ of Lawsuits, Attorney Explains
An attorney in the infamous 2015 Jeep hack predicts that more lawsuits related to IoT security are looming in the future.
⚠ Google and Cloudfare traffic diverted to China… do we need to panic? ⚠
📖 Read
via "Naked Security".
A brief outage on Monday diverted traffic to providers such as Google and Cloudflare via China - was it a blunder or a hack?📖 Read
via "Naked Security".
Naked Security
Google and Cloudfare traffic diverted to China… do we need to panic?
A brief outage on Monday diverted traffic to providers such as Google and Cloudflare via China – was it a blunder or a hack?
🔐 Why Gen Z has the most dangerous password practices 🔐
📖 Read
via "Security on TechRepublic".
Some 87% of Gen Zers reuse old passwords across multiple accounts, compared to 75% of the whole employee population, a SailPoint report found.📖 Read
via "Security on TechRepublic".
TechRepublic
Why Gen Z has the most dangerous password practices
Some 87% of Gen Zers reuse old passwords across multiple accounts, compared to 75% of the whole employee population, a SailPoint report found.
🕴 RIP, 'IT Security' 🕴
📖 Read
via "Dark Reading: ".
Information security is vital, of course. But the concept of "IT security" has never made sense.📖 Read
via "Dark Reading: ".
Dark Reading
RIP, 'IT Security'
Information security is vital, of course. But the concept of IT security has never made sense.
🕴 Netskope Announces Series F Funding Round 🕴
📖 Read
via "Dark Reading: ".
The $168.7 million round will go toward R&D and global expansion, says cloud access security broker provider.📖 Read
via "Dark Reading: ".
Dark Reading
Netskope Announces Series F Funding Round
The $168.7 million round will go toward R&D and global expansion, says cloud access security broker provider.
❌ Adobe Fixes Acrobat and Reader Flaw With Publicly-Available PoC ❌
📖 Read
via "Threatpost | The first stop for security news".
Overall, the company released only three patches as part of its regularly-scheduled November update.📖 Read
via "Threatpost | The first stop for security news".
Threat Post
Adobe Fixes Acrobat and Reader Flaw With Publicly-Available PoC
Overall, the company released only three patches as part of its regularly-scheduled November update.
❌ Unpatched Android OS Flaw Allows Adversaries to Track User Location ❌
📖 Read
via "Threatpost | The first stop for security news".
The vulnerability is one of many with the same root cause: Cross-process information leakage.📖 Read
via "Threatpost | The first stop for security news".
Threat Post
Unpatched Android OS Flaw Allows Adversaries to Track User Location
The vulnerability is one of many with the same root cause: Cross-process information leakage.
🕴 Google Traffic Temporarily Rerouted via Russia, China 🕴
📖 Read
via "Dark Reading: ".
The incident, which Google reports is now resolved, could be the result of either technical mistakes or malicious activity.📖 Read
via "Dark Reading: ".
Darkreading
Google Traffic Temporarily Rerouted via Russia, China
The incident, which Google reports is now resolved, could be the result of either technical mistakes or malicious activity.
❌ Google’s G Suite, Search and Analytics Taken Down in Hijacking ❌
📖 Read
via "Threatpost | The first stop for security news".
Google cloud business customers were impacted by a Border Gateway Protocol hijacking.📖 Read
via "Threatpost | The first stop for security news".
Threat Post
Google’s G Suite, Search and Analytics Taken Down in Hijacking
Google cloud business customers were impacted by a Border Gateway Protocol hijacking.
🕳 TrustArc Participates at California Lawyers Association IP Institute 🕳
<code>Media</code><code>On November 8th in sunny San Jose, TrustArc was pleased to take part at the California Lawyers Association’s annual IP Institute. Speaking on a panel entitled GDPR: Lessons Learned from the Front Line, TrustArc shared tips and insights both for organizations still working towards GDPR compliance, and for those seeking to take their privacy programs to the next level, including for interoperability with other global privacy laws and frameworks.</code><code>Not lost in the discussion was the fact that many law firms, of all sizes, are likewise still looking to their own GDPR/privacy compliance, which is critical to their being viewed as trustworthy stewards of confidential client information.</code><code>During a discussion-based panel with lively audience questions, TrustArc Senior Counsel, Darren Abernethy, offered observations for companies and law firms based on TrustArc’s unique position in the privacy and data protection ecosystem–as a provider of privacy technology platform solutions, privacy consulting services, and certifications/verifications. </code><code>Some of the practical topics discussed included:</code><code>Knowing and Documenting Your Data Points. Companies should assemble cross-team privacy leads and think-through all of their business process activities, the purpose(s) of processing, and the categories of individuals and personal data being processed for each. Then they can begin to analyze where they act as a data controller versus a data processor; the flow of personal data in and out of each business activity, including any disclosures to third parties; determine where likely high risk is involved for possible (DPIA) creation; and fully understand where/how cross-border transfers occur. This is necessary for Article 30 records of processing, and is tremendously simplified across an organization using TrustArc’s Data Flow Manager and Intelligence Engine.</code><code> </code><code>Individual Rights Management. Companies should move away from ad hoc response processes in favor of having a customized, streamlined intake mechanism for centralized tracking of requests to timely honor the GDPR’s default one-month timeframe for Arts. 15-22. Anticipating possible requests based on a company’s Article 30 records, training staff on escalations, engaging politely with submitters to understand what they are really asking for, and having a reliable verification method to ensure a requester is the individual in question prior to providing any personal information, are also key measures.</code><code> </code><code>Correctly Capturing Consent–Important for Compliance and M&A. Companies should have defined solutions for being able to point to when and for what an individual provided consent–whether for dropping cookies and processing data for cookie-related purposes, or for providing consent to receive direct marketing communications. More and more companies are being asked for this information to demonstrate compliance during RFPs, via audits or during transactional due diligence.</code><code> </code><code>Tips around successful internal data protection preparation strategies seen with TrustArc customers–from identifying privacy stakeholders to updating contracts.</code><code> </code><code>How GDPR relates to mobile ecosystem issues, geolocation and the California Consumer Privacy Act–and the current status of the ePrivacy Regulation.</code><code> </code><code>The criticality of thinking through all of an organization’s business process activities in order to map data flows and prepare GDPR Article 30 records of processing–while automating risk evaluations for possible Article 35 data protection impact assessments (DPIAs).</code><code> </code><code>Individual rights management issues, tips on setting up a program for data subject access requests (using centralized technology to do so), and verificatio…
<code>Media</code><code>On November 8th in sunny San Jose, TrustArc was pleased to take part at the California Lawyers Association’s annual IP Institute. Speaking on a panel entitled GDPR: Lessons Learned from the Front Line, TrustArc shared tips and insights both for organizations still working towards GDPR compliance, and for those seeking to take their privacy programs to the next level, including for interoperability with other global privacy laws and frameworks.</code><code>Not lost in the discussion was the fact that many law firms, of all sizes, are likewise still looking to their own GDPR/privacy compliance, which is critical to their being viewed as trustworthy stewards of confidential client information.</code><code>During a discussion-based panel with lively audience questions, TrustArc Senior Counsel, Darren Abernethy, offered observations for companies and law firms based on TrustArc’s unique position in the privacy and data protection ecosystem–as a provider of privacy technology platform solutions, privacy consulting services, and certifications/verifications. </code><code>Some of the practical topics discussed included:</code><code>Knowing and Documenting Your Data Points. Companies should assemble cross-team privacy leads and think-through all of their business process activities, the purpose(s) of processing, and the categories of individuals and personal data being processed for each. Then they can begin to analyze where they act as a data controller versus a data processor; the flow of personal data in and out of each business activity, including any disclosures to third parties; determine where likely high risk is involved for possible (DPIA) creation; and fully understand where/how cross-border transfers occur. This is necessary for Article 30 records of processing, and is tremendously simplified across an organization using TrustArc’s Data Flow Manager and Intelligence Engine.</code><code> </code><code>Individual Rights Management. Companies should move away from ad hoc response processes in favor of having a customized, streamlined intake mechanism for centralized tracking of requests to timely honor the GDPR’s default one-month timeframe for Arts. 15-22. Anticipating possible requests based on a company’s Article 30 records, training staff on escalations, engaging politely with submitters to understand what they are really asking for, and having a reliable verification method to ensure a requester is the individual in question prior to providing any personal information, are also key measures.</code><code> </code><code>Correctly Capturing Consent–Important for Compliance and M&A. Companies should have defined solutions for being able to point to when and for what an individual provided consent–whether for dropping cookies and processing data for cookie-related purposes, or for providing consent to receive direct marketing communications. More and more companies are being asked for this information to demonstrate compliance during RFPs, via audits or during transactional due diligence.</code><code> </code><code>Tips around successful internal data protection preparation strategies seen with TrustArc customers–from identifying privacy stakeholders to updating contracts.</code><code> </code><code>How GDPR relates to mobile ecosystem issues, geolocation and the California Consumer Privacy Act–and the current status of the ePrivacy Regulation.</code><code> </code><code>The criticality of thinking through all of an organization’s business process activities in order to map data flows and prepare GDPR Article 30 records of processing–while automating risk evaluations for possible Article 35 data protection impact assessments (DPIAs).</code><code> </code><code>Individual rights management issues, tips on setting up a program for data subject access requests (using centralized technology to do so), and verificatio…
🔐 Android Security Bulletin November 2018: What you need to know 🔐
📖 Read
via "Security on TechRepublic".
Another month where Android finds itself with a mixture of Critical and High vulnerabilities. Jack Wallen offers highlights.📖 Read
via "Security on TechRepublic".
TechRepublic
Android Security Bulletin November 2018: What you need to know
Another month where Android finds itself with a mixture of Critical and High vulnerabilities. Jack Wallen offers highlights.
🔐 How to download your data stored by Apple 🔐
📖 Read
via "Security on TechRepublic".
Downloading a copy of your data that Apple stores in iCloud and other services is easier than ever. Learn how to get your copy and what to do with it. Learn more about this massive privacy change.📖 Read
via "Security on TechRepublic".
TechRepublic
How to download your data stored by Apple
Downloading a copy of your data that Apple stores in iCloud and other services is easier than ever. Learn more about this massive privacy change.
🕴 Empathy: The Next Killer App for Cybersecurity? 🕴
📖 Read
via "Dark Reading: ".
The toughest security problems involve people not technology. Here's how to motivate your frontline employees all the way from the service desk to the corner office.📖 Read
via "Dark Reading: ".
Darkreading
Empathy: The Next Killer App for Cybersecurity?
The toughest security problems involve people not technology. Here's how to motivate your frontline employees all the way from the service desk to the corner office.
🕴 Getting to Know Magecart: An Inside Look at 7 Groups 🕴
📖 Read
via "Dark Reading: ".
A new report spills the details on Magecart, the criminal groups driving it, and ongoing attacks targeting low- and high-profile victims.📖 Read
via "Dark Reading: ".
Darkreading
Getting to Know Magecart: An Inside Look at 7 Groups
A new report spills the details on Magecart, the criminal groups driving it, and ongoing attacks targeting low- and high-profile victims.
🔐 4 communication fundamentals that should be in every disaster recovery plan 🔐
📖 Read
via "Security on TechRepublic".
See where the communication breakdowns are likely to occur--and revise the disaster recovery plan accordingly.📖 Read
via "Security on TechRepublic".
TechRepublic
4 communication fundamentals that should be in every disaster recovery plan
See where the communication breakdowns are likely to occur--and revise the disaster recovery plan accordingly.
🕴 Sharpen Your Malware-Fighting Skills at Black Hat Europe 🕴
📖 Read
via "Dark Reading: ".
Don't miss out on the Black Hat Briefings, Trainings, and Arsenal tools that will equip you with the knowledge and skills you need to deal with today's top malware.📖 Read
via "Dark Reading: ".
Dark Reading
Sharpen Your Malware-Fighting Skills at Black Hat Europe - Dark Reading
Don't miss out on the Black Hat Briefings, Trainings, and Arsenal tools that will equip you with the knowledge and skills you need to deal with today's top malware.
🕴 Microsoft Patch Tuesday Recap: 12 Critical Bugs Fixed 🕴
📖 Read
via "Dark Reading: ".
Eight of the 12 critical vulnerabilities addressed this month affect the Chakra Scripting Engine in Microsoft Edge.📖 Read
via "Dark Reading: ".
Dark Reading
Cyber Risk recent news | Dark Reading
Explore the latest news and expert commentary on Cyber Risk, brought to you by the editors of Dark Reading
❌ Microsoft Patches Zero-Day Bug in Win7, Server 2008 and 2008 R2 ❌
📖 Read
via "Threatpost | The first stop for security news".
Microsoft’s November Patch Tuesday fixes include mitigation against a zero-day vulnerability leaving Windows 7, Server 2008 and Server 2008 R2 open to attack.📖 Read
via "Threatpost | The first stop for security news".
Threat Post
Microsoft Patches Zero-Day Bug in Win7, Server 2008 and 2008 R2
Microsoft’s November Patch Tuesday fixes include mitigation against a zero-day vulnerability leaving Windows 7, Server 2008 and Server 2008 R2 open to attack.