Free tools and resources for Data Protection Officers!

Category Archives for "Security"

Uber fined more than $1 million by U.K. and Dutch authorities

Uber was fined a combined $1.17 million by British and Dutch authorities Tuesday for a 2016 data breach that exposed the personal details of millions of customers. The penalties come from the U.K.’s Information Commissioner’s Office and the Dutch Data Protection Authority.

Source: Uber fined more than $1 million by U.K. and Dutch authorities

We Need to Talk About NIST’s New Password Management Recommendations

Recently, the National Institute of Standards and Technology (NIST) reversed its stance on organizational password management requirements. The institute now recommends banishing forced periodic password changes and getting rid of complexity requirements.

Full article: We Need to Talk About NIST’s New Password Management Recommendations

Stop focusing your information security efforts on the wrong things!

There once was a time not all that long ago when security teams could plead ignorant to IT security risks, with minimal possible consequence in terms of any significant damage coming to the company. Those days are long gone. In today’s era of advanced cyberattacks, information security is too important an element of business success to dismiss.

Full article: Stop focusing your information security efforts on the wrong things!

Google, Mozilla may let web apps edit files despite security warnings

The firms, known for their Chrome and Firefox web browsers, are heading a group that is devising a way for users to save changes they make using web apps.

The idea is to allow users to save changes they’ve made using web apps, without the hassle of having to download new files after each edit, as is necessary today. However, the biggest challenge will be guarding against malicious sites seeking to abuse persistent access to files on a user’s system.

Full article: Google, Mozilla working on letting web apps edit files despite warning it could be ‘abused in terrible ways’ – TechRepublic

Google is Adding Force-Installed Extension Removal to the Chrome Cleanup Tool

Google Chrome includes a built-in utility called the Chrome Cleanup Tool that scans for and remove malware that injects ads or performs other unwanted behavior in Chrome. A problem, though, is that this tool does not allow the removal of Chrome extensions that are force-installed through Windows group policies.

This is about to change according to a Chrome source code commit, which has the description of “Update chrome_cleaner/chrome_utils to remove force-installed extensions.” According to this update, the Chrome Cleanup Tool will now be able to detect and remove force-installed extensions. It will, though, utilize a whitelist of Google extensions that should continue to be automatically installed.

Full article: Google is Adding Force-Installed Extension Removal to the Chrome Cleanup Tool

Uber fined £385,000 for data breach affecting millions of passengers

Uber’s European operation has been fined £385,000 for a data breach that affected almost 3 million British users, the Information Commissioner’s Office has announced.

In November 2016, attackers obtained credentials to access Uber’s cloud servers and downloaded 16 large files, including the records of 35 million users worldwide. The records included passengers’ full names, phone numbers, email addresses, and the location where they had signed up.

Source: Uber fined £385,000 for data breach affecting millions of passengers

Widely used open source software contained bitcoin-stealing backdoor

A hacker or hackers sneaked a backdoor into a widely used open source code library with the aim of surreptitiously stealing funds stored in bitcoin wallets. The malicious code was inserted in two stages into event-stream, a code library with 2 million downloads that’s used by Fortune 500 companies and small startups alike.

In stage one, version 3.3.6, published on September 8, included a benign module known as flatmap-stream. Stage two was implemented on October 5 when flatmap-steam was updated to include malicious code that attempted to steal bitcoin wallets and transfer their balances to a server located in Kuala Lumpur. The backdoor came to light last Tuesday with this report from Github user Ayrton Sparling.

Full article: Widely used open source software contained bitcoin-stealing backdoor | Ars Technica

Microchip implants are threatening workers’ rights

Initially, the chips are being used in place of ID cards as a way of opening secure doors. But there’s good reason to think the use of implants could expand to more sinister purposes, giving employers much greater control over their workers and raising serious concerns over issues related to human dignity, ethics and health.

Full article: Microchip implants are threatening workers’ rights

E-commerce is winning as most Americans now trust online business with their data

Despite conflicting opinions about online privacy, customers choose to shop with companies that take reasonable security precautions.

Most Americans are actually willing to online shop with retailers that previously faced a security breach—if they have taken measures to secure data, according to the report. With years of conflicting news about cybersecurity threats and breaches, users have almost become desensitized to the information, the report found.

Full article: Why e-commerce is winning: Most Americans now trust online retailers with their data – TechRepublic

How Password Constraints Give You a False Sense of Security

The next time you’re forced to make a password—especially if a site requires you to use a crazy combination of uppercase and lowercase letters, or a number, or a symbol—don’t assume that these attempts at obfuscation automatically mean that your password is incredible and secure.

Full article: How Password Constraints Give You a False Sense of Security

>