Category Archives for "Security"

When Obscurity Is Not a Defense

Many organizations facing a data-security incident struggle to understand how or why their organization was targeted in an attack. Most simply believe they are too small or too obscure to be targeted by malicious cyber actors.

Even larger, well-known businesses are lulled into complacency, mistaking years without a major security incident as evidence that their business is an unlikely target, or believing that a small corner of their business, perhaps the new cloud instance they’re testing, will go unnoticed.

Source: When Obscurity Is Not a Defense

Data breach GDPR case study

The business has grown substantially over a number of years, and now has a number of different business units providing different services. Some of that growth has been through acquisitions.

There are a number of policies which impact on information security in place across the business. The business takes payment online via credit and debit card, but considers that it has appropriate security measures in place, and is working towards PCI-DSS certification. The growth of the business has resulted in fragmentation of databases across multiple servers, and the business has recently sought to move to a cloud solution. Multiple third parties have access to certain data through APIs.

Source: Global Data Hub

Deep Fakes: A Looming Crisis for National Security, Democracy and Privacy?

Manipulating images, sound, or video to convincingly mislead the public could take so-called “fake news” to a new level.

Recent events amply demonstrate that false claims—even preposterous ones—can be peddled with unprecedented success today thanks to a combination of social media ubiquity and virality, cognitive biases, filter bubbles, and group polarization. The resulting harms are significant for individuals, businesses, and democracy. Belated recognition of the problem has spurred a variety of efforts to address this most recent illustration of truth decay, and at first blush there seems to be reason for optimism. Alas, the problem may soon take a significant turn for the worse thanks to deep fakes.

Source: Deep Fakes: A Looming Crisis for National Security, Democracy and Privacy? – Lawfare

U.S. Customs Wants to Use Your Face As a Boarding Pass

By 2022, the agency plans to use biometrics to identify 97 percent of travelers flying out of the country.

Getting through an airport without a passport or boarding pass may only seem possible in the nostalgic memories of 20th-century travelers, but an initiative at Customs and Border Protection could make that bygone convenience a modern reality.

Source: U.S. Customs Wants to Use Your Face As a Boarding Pass – Nextgov

UK’s councils unprepared for cyber-attacks, report says

More than 25% of UK councils have had their computer systems breached in the past five years, campaigners say.

A report by privacy group Big Brother Watch based on freedom of information requests found 114 councils experienced at least one incident between 2013 and 2017. The group said it was “shocked” that staff often lacked cyber-training.

Source: Councils ‘unprepared’ for cyber-attacks, report says – BBC News

Siemens and partners sign joint charter on cybersecurity

At the Munich Security Conference 2018, Siemens and eight partners from industry signed the first joint charter for greater cybersecurity. Initiated by Siemens, the Charter of Trust calls for binding rules and standards to build trust in cybersecurity and further advance digitalization.

Source: Siemens and partners sign joint charter on cybersecurity – Siemens Global Website

NIST publishes report on metadata schema for attributes

This NIST Internal Report contains a metadata schema for attributes that may be asserted about an individual during an online transaction. The schema can be used by relying parties to enrich access control policies, as well as during runtime evaluation of an individual’s ability to access protected resources, and for an individual’s.

Attribute metadata could also create the possibility for data sharing permissions and limitations on individual data elements. There are other possible applications of attribute metadata, such as evaluation and execution of business logic in decision support systems; however the metadata contained herein is focused on supporting an organization’s risk-informed authorization policies and evaluation.

Source: NISTIR 8112, Attribute Metadata–Evaluating Federated Attributes | CSRC

US Attorney General Sessions Announces New Cybersecurity Task Force

Attorney General Jeff Sessions has ordered the creation of the Justice Department’s Cyber-Digital Task Force, which will canvass the many ways that the Department is combatting the global cyber threat, and will also identify how federal law enforcement can more effectively accomplish its mission in this vital and evolving area.

Source: Attorney General Sessions Announces New Cybersecurity Task Force | OPA | Department of Justice

Web Hosting Services Could Leave Small Businesses at Risk of Phishing

The Federal Trade Commission today released a staff report that examines 11 web-hosting services that market themselves to small businesses and finds that many do not provide by default certain email authentication and anti-phishing technologies, potentially leaving many small firms at risk of facilitating phishing scams.

Source: FTC Report Finds Some Small Business Web Hosting Services Could Leave Small Businesses at Risk of Facilitating Phishing Scams | Federal Trade Commission

Lawsuits threaten infosec research — just when we need it most

Security researchers and reporters have something in common: both hold the powerful accountable. But doing so has painted a target on their backs — and looming threats of legal action and lawsuits have many concerned.

Source: Lawsuits threaten infosec research — just when we need it most | ZDNet

1 2 3 43
>