News
-
Me on App Store Monopolies and Security
There are two bills working their way through Congress that would force companies like Apple to allow competitive app stores. Apple hates this, since it would break its monopoly, and it’s making a variety of security arguments to bolster its argument. I have written a rebuttal: I would like to address some of the unfounded…
-
Cyber-Attack on Oil Firms
Cyber-Attack on Oil Firms A cyber-attack has disrupted operations at two oil storage and logistics firms in Germany. Oiltanking GmbH Group and Mabanaft Group said on Tuesday that they had launched an investigation into a cyber-incident on Saturday. IT systems at both companies were affected, though the full extent of the attack is still being determined.…
-
California Passes FLASH Act
California Passes FLASH Act The California State Senate has passed legislation to ban the transmission of unsolicited sexually explicit images and videos without the recipient’s consent – a practice called ‘cyber flashing.’ Senate Bill 53, also known as the FLASH (Forbid Lewd Activity and Sexual Harassment) Act, was passed on Monday with bipartisan support. Introduced…
-
Social Security Numbers Most Targeted Sensitive Data
Social Security Numbers Most Targeted Sensitive Data Social Security Numbers (SSN) are the type of sensitive data most commonly targeted in data breaches in the United States, according to new research published today by Spirion. Analysis conducted against the Identity Theft Resource Center (ITRC) database of publicly reported data breaches in the United States revealed that 65% of…
-
British Council Students’ Data Exposed in Major Breach
British Council Students’ Data Exposed in Major Breach Hundreds of thousands of British Council students had their personal and login details exposed in a worrying data breach, according to an investigation by Clario researchers. The team discovered an open Microsoft Azure blob repository indexed by a public search engine that held 144K+ of xmal, json and xls/xlsx…
-
What Is IaC and Why Does It Matter to the CISO?
Many vendors and security companies are buying or building Infrastructure as Code (IaC) security into their portfolios, and this trend is only expected to continue. Here’s what you need to know. Infrastructure as code (IaC) is a relatively new phenomenon that is revolutionizing the way organizations manage their infrastructure. IaC offers many benefits to security…
-
UK/US data protection claim highlights ambiguity of GDPR’s geographic scope
A decision by the UK Court of Appeal to allow a claim for contravention of the European Union’s General Data Protection Regulation (GDPR) to be served against US defendants has raised questions over the territorial limits of the regulations. The case emphasizes the broad geographic applicability of both the EU GDPR and the UK GDPR…
-
Quantum computing brings new security risks: How to protect yourself
This blog was written by an independent guest blogger. Although commercial quantum computing may still be decades away, government agencies and industry experts agree that now is the time to prepare your cybersecurity landscape for the future. The power of quantum computing brings security complexities that we are only beginning to understand. Even now, our…
-
Alpha-Omega Project takes a human-centered approach to open-source software security
The Log4j vulnerability crisis that erupted in late-2021 heightened the security world’s awareness of supply chain risks in free and universally deployed open-source software. Following an intense holiday season push by admins and cybersecurity professionals to track and remediate the Log4j flaw, the White House held a meeting of industry leaders to discuss improving open…
-
Data Leak Exposes IDs of Airport Security Workers
Data Leak Exposes IDs of Airport Security Workers A cloud misconfiguration at a leading security services multinational has exposed the details of countless airport staff across South America, according to a new report. A team at AV comparison site Safety Detectives found an Amazon Web Services S3 bucket wide open without any authentication required to…