❌ Unpatched Android OS Flaw Allows Adversaries to Track User Location ❌

The vulnerability is one of many with the same root cause: Cross-process information leakage.

📖 Read

via "Threatpost | The first stop for security news".

🕴 Google Traffic Temporarily Rerouted via Russia, China 🕴

The incident, which Google reports is now resolved, could be the result of either technical mistakes or malicious activity.

📖 Read

via "Dark Reading: ".

❌ Google’s G Suite, Search and Analytics Taken Down in Hijacking ❌

Google cloud business customers were impacted by a Border Gateway Protocol hijacking.

📖 Read

via "Threatpost | The first stop for security news".

🕳 TrustArc Participates at California Lawyers Association IP Institute 🕳

<code>Media</code><code>On November 8th in sunny San Jose, TrustArc was pleased to take part at the California Lawyers Association’s annual IP Institute.  Speaking on a panel entitled GDPR: Lessons Learned from the Front Line, TrustArc shared tips and insights both for organizations still working towards GDPR compliance, and for those seeking to take their privacy programs to the next level, including for interoperability with other global privacy laws and frameworks.</code><code>Not lost in the discussion was the fact that many law firms, of all sizes, are likewise still looking to their own GDPR/privacy compliance, which is critical to their being viewed as trustworthy stewards of confidential client information.</code><code>During a discussion-based panel with lively audience questions, TrustArc Senior Counsel, Darren Abernethy, offered observations for companies and law firms based on TrustArc’s unique position in the privacy and data protection ecosystem–as a provider of privacy technology platform solutions, privacy consulting services, and certifications/verifications.  </code><code>Some of the practical topics discussed included:</code><code>Knowing and Documenting Your Data Points.  Companies should assemble cross-team privacy leads and think-through all of their business process activities, the purpose(s) of processing, and the categories of individuals and personal data being processed for each.  Then they can begin to analyze where they act as a data controller versus a data processor; the flow of personal data in and out of each business activity, including any disclosures to third parties; determine where likely high risk is involved for possible (DPIA) creation; and fully understand where/how cross-border transfers occur.  This is necessary for Article 30 records of processing, and is tremendously simplified across an organization using TrustArc’s Data Flow Manager and Intelligence Engine.</code><code> </code><code>Individual Rights Management.  Companies should move away from ad hoc response processes in favor of having a customized, streamlined intake mechanism for centralized tracking of requests to timely honor the GDPR’s default one-month timeframe for Arts. 15-22.  Anticipating possible requests based on a company’s Article 30 records, training staff on escalations, engaging politely with submitters to understand what they are really asking for, and having a reliable verification method to ensure a requester is the individual in question prior to providing any personal information, are also key measures.</code><code> </code><code>Correctly Capturing Consent–Important for Compliance and M&A.  Companies should have defined solutions for being able to point to when and for what an individual provided consent–whether for dropping cookies and processing data for cookie-related purposes, or for providing consent to receive direct marketing communications.  More and more companies are being asked for this information to demonstrate compliance during RFPs, via audits or during transactional due diligence.</code><code> </code><code>Tips around successful internal data protection preparation strategies seen with TrustArc customers–from identifying privacy stakeholders to updating contracts.</code><code> </code><code>How GDPR relates to mobile ecosystem issues, geolocation and the California Consumer Privacy Act–and the current status of the ePrivacy Regulation.</code><code> </code><code>The criticality of thinking through all of an organization’s business process activities in order to map data flows and prepare GDPR Article 30 records of processing–while automating risk evaluations for possible Article 35 data protection impact assessments (DPIAs).</code><code> </code><code>Individual rights management issues, tips on setting up a program for data subject access requests (using centralized technology to do so), and verificatio…

🔐 Android Security Bulletin November 2018: What you need to know 🔐

Another month where Android finds itself with a mixture of Critical and High vulnerabilities. Jack Wallen offers highlights.

📖 Read

via "Security on TechRepublic".

🔐 How to download your data stored by Apple 🔐

Downloading a copy of your data that Apple stores in iCloud and other services is easier than ever. Learn how to get your copy and what to do with it. Learn more about this massive privacy change.

📖 Read

via "Security on TechRepublic".

🕴 Empathy: The Next Killer App for Cybersecurity? 🕴

The toughest security problems involve people not technology. Here's how to motivate your frontline employees all the way from the service desk to the corner office.

📖 Read

via "Dark Reading: ".

🕴 Getting to Know Magecart: An Inside Look at 7 Groups 🕴

A new report spills the details on Magecart, the criminal groups driving it, and ongoing attacks targeting low- and high-profile victims.

📖 Read

via "Dark Reading: ".

🔐 4 communication fundamentals that should be in every disaster recovery plan 🔐

See where the communication breakdowns are likely to occur--and revise the disaster recovery plan accordingly.

📖 Read

via "Security on TechRepublic".

🕴 Sharpen Your Malware-Fighting Skills at Black Hat Europe 🕴

Don't miss out on the Black Hat Briefings, Trainings, and Arsenal tools that will equip you with the knowledge and skills you need to deal with today's top malware.

📖 Read

via "Dark Reading: ".

🕴 Microsoft Patch Tuesday Recap: 12 Critical Bugs Fixed 🕴

Eight of the 12 critical vulnerabilities addressed this month affect the Chakra Scripting Engine in Microsoft Edge.

📖 Read

via "Dark Reading: ".

❌ Microsoft Patches Zero-Day Bug in Win7, Server 2008 and 2008 R2 ❌

Microsoft’s November Patch Tuesday fixes include mitigation against a zero-day vulnerability leaving Windows 7, Server 2008 and Server 2008 R2 open to attack.

📖 Read

via "Threatpost | The first stop for security news".

⚠ Microsoft update breaks Calendar and Mail on Windows 10 phones ⚠

Still reeling from last week's Windows 10 Pro debacle, Microsoft dropped a fresh pile of “Oops!” onto Windows 10 Mobile users.

📖 Read

via "Naked Security".

⚠ Support wouldn’t change his password, so he mailed them a bomb ⚠

The Cryptopay customer asked customer services for a new password. They refused, given that it was against the company privacy policy.

📖 Read

via "Naked Security".

⚠ HTTP/3: Come for the speed, stay for the security ⚠

Key personnel at the Internet Engineering Task Force (IETF) have suggested basing the next version of a core web protocol on Google technology.

📖 Read

via "Naked Security".

⚠ Targeted ransomware attacks – SophosLabs 2019 Threat Report ⚠

This year's SophosLabs Threat Report is out. We talk targeted ransomware attacks, and in particular, SamSam.

📖 Read

via "Naked Security".

🔐 How to improve enterprise IoT security: 5 tips 🔐

Some 15% of companies struggling with IoT security lost at least $34 million in the last couple years. Here are five ways to stay better protected.

📖 Read

via "Security on TechRepublic".

🔐 69% of ATMs can be hacked to spit cash in minutes 🔐

ATM vulnerabilities highlight the importance of securing machines against network attacks, according to a Positive Technologies report.

📖 Read

via "Security on TechRepublic".

🕴 To Click or Not to Click: The Answer Is Easy 🕴

Mega hacks like the Facebook breach provide endless ammo for spearphishers. These six tips can help you stay safer.

📖 Read

via "Dark Reading: ".

🔐 AI, IoT, and edge computing drive cybersecurity concerns for 2019 🔐

As companies adopt emerging technologies, the cyber risk landscape is set to grow larger in the new year, according to a Forcepoint report.

📖 Read

via "Security on TechRepublic".

🕴 Can Businesses Stand Up to Cybercrime? Only 61% Say Yes 🕴

While 96% of US organizations say business resilience should be core to company strategy, only 61% say it actually is.

📖 Read

via "Dark Reading: ".