Free tools and resources for Data Protection Officers!

Tag Archives for " cybersecurity "

How Password Constraints Give You a False Sense of Security

The next time you’re forced to make a password—especially if a site requires you to use a crazy combination of uppercase and lowercase letters, or a number, or a symbol—don’t assume that these attempts at obfuscation automatically mean that your password is incredible and secure.

Full article: How Password Constraints Give You a False Sense of Security

6 mobile security threats you should take seriously in 2019

While it’s easy to focus on the sensational subject of malware, the truth is that mobile malware infections are incredibly uncommon in the real world — with your odds of being infected significantly less than your odds of being struck by lightning, according to one estimate.

However, the more realistic mobile security hazards lie in some easily overlooked areas, all of which are only expected to become more pressing in the coming year.

Full article: 6 mobile security threats you should take seriously in 2019 | CSO Online

A timely raincheck on the GDPR: the law of unintended consequences

As we approach a six-month point since the full implementation date of the GDPR, it is interesting to see evidence of the legislation having much greater consequences and advantages than those for which it was originally intended.

GDPR in its most fundamental form can be seen as a beneficial facility for handling the core issue of risk management between data and people. In this instance, risk is both an opportunity to be exploited as well as a downside to be mitigated. To support this contention, one may cite recent instances of the GDPR having practical impacts way beyond that of its original draftsmen.

Full article: A timely raincheck on the GDPR: the law of unintended consequences

Hackers erase 6,500 sites from the Dark Web in one attack

One of the most popular Dark Web hosting services – Daniel’s Hosting – was slaughtered last week when attackers hosed it clean of about 6,500 hidden services. The admin says they’re gone for good: he hasn’t even figured out where the vulnerability is yet.

Source: Hackers erase 6,500 sites from the Dark Web in one attack – Naked Security

Amazon hit with major data breach

Amazon has suffered a major data breach that caused customer names and email addresses to be disclosed on its website, just two days ahead of Black Friday.

The firm said the issue was not a breach of its website or any of its systems, but a technical issue that inadvertently posted customer names and email addresses to its website.

Source: Amazon hit with major data breach days before Black Friday

85% of companies allow employees to access data from personal devices creating security risks

A recent report from security firm Bitglass surveyed IT experts, and found that 85% of organizations enable BYOD policies, citing employee mobility (74%) and employee satisfaction (54%) as the top two reasons for allowing employees, contractors, and other related parties to bring their own devices. However, the convenience of BYOD creates a particularly large attack surface for malicious actors to harvest information from these organizations.

Source: 85% of enterprises allow employees to access data from personal devices, security risks abound – TechRepublic

A leaky database of SMS text messages exposed password resets and 2FA codes

A security lapse has exposed a massive database containing tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more.

The exposed server belongs to Voxox (formerly Telcentris), a San Diego, Calif.-based communications company. The server wasn’t protected with a password, allowing anyone who knew where to look to peek in and snoop on a near-real-time stream of text messages.

Source: A leaky database of SMS text messages exposed password resets and two-factor codes | TechCrunch

Facebook May Face 100M Euro Lawsuit Over Privacy Breach

A French nongovernmental organization wants Facebook Inc. to pay 100 million euros ($113 million) and fix any problems stemming from recent data security incidents and privacy breaches.

The Internet Society of France says Facebook collected data on nonusers without getting their consent, and illegally limited its responsibilities with respects to personal information. The NGO also claimed that Facebook unduly collected the political opinions, religious beliefs, and sexual orientation of its users in violation of EU privacy laws.

The Internet Society is seeking 100 million in euros from Facebook if they can get 100,000 EU data subject to join the complaint. The organization said Facebook has four months to respond before it files its action in the Court of First Instance of Paris.

Source: Facebook May Face 100M Euro Lawsuit Over Privacy Breach

Massive Data Leaks Keep Happening Because Big Companies Can Afford to Lose Your Data

If you live in the United States, there’s almost a 50 percent chance your personal data was lost in the giant Equifax data breach a year ago of 143 million records. Google, Facebook had recend breaches. Over the last five years alone, major breaches at Anthem, eBay, JPMorgan Chase, Home Depot, Yahoo, Target, Adobe …

Each day there must have been another major data breach that keeps criminal hackers gainfully employed by selling your information. Bad guys keep getting smarter, experts say. Why not corporations? The short answer is, because it’s not worth their trouble.

Full article: Massive Data Leaks Keep Happening Because Big Companies Can Afford to Lose Your Data – Motherboard

The Hack Millions of People Are Installing Themselves

Security conscious users keep their operating system and other software up to date, but a huge risk is often overlooked: the underground trade of malicious browser extensions that people install themselves.

Extensions are in such as prime position for hackers because, depending on the purpose of the extension, they may have special permissions to access information inside the web browser. These can range from the data on all the websites you visit, which lets the extension potentially read, request, or modify data on anything, from your online banking site to Facebook. Others may request access to your browsing history, your clipboard, or bookmarks. The security of the particular browser may be great—it is getting more and more expensive for someone to remotely hack Chrome, for example—but that protection can be undermined if a malicious extension is just sitting inside the browser.

Full article: The Hack Millions of People Are Installing Themselves – Motherboard

>