Tag: Data Protection

Why you need to use a password manager

If you thought passwords will soon be dead, think again. They’re here to stay — for now. Passwords are cumbersome and hard to remember — and just when you did, you’re told to change it again. And sometimes passwords can be guessed and are easily hackable.

Nobody likes passwords but they’re a fact of life. And while some have tried to kill them off by replacing them with fingerprints and face-scanning technology, neither are perfect and many still resort back to the trusty (but frustrating) password. How do you make them better? You need a password manager.

Read more about why you may want to start using a password manager on TechCrunch.

Vulnerabilities in WibuKey Could Lead to Code Execution

Vulnerabilities in the WibuKey Digital Rights Management (DRM) solution could be leveraged to disclose information, elevate privileges, or even execute code on affected systems. Available for many interfaces and operating systems, WibuKey has been used in numerous solutions. However, Wibu Systems recommends that new projects use another of its technologies instead.

A total of three vulnerabilities were discovered in the DRM solution, leading to the unauthorized reading of kernel memory information, privilege escalation on the local system, and potential execution of code on accessible WibuKey network servers.

Read more about the vulnerabilities affecting WibuKey on SecurityWeek.

Amazon Slip-Up Shows How Much Alexa Really Knows

Your worst fears about home assistants came true for one Amazon customer whose Alexa recordings were accidentally sent to a complete stranger. Amazon failed to disclose the mistake, but don’t worry: The recipient learned enough about the Alexa owner to reach out.

It started when a German Amazon customer requested his Amazon-owned data under the General Data Protection Regulation (GDPR). The company sent a downloadable 100-Mb zip file. In addition to the person’s Amazon searches, the file contained hundreds of .wav files and transcripts of voice commands recorded by Alexa. The person had never owned an Alexa, so he reported the issue to Amazon, which did not respond but killed the download link.

Read more about this disturbing story on DarkReading.

Facebook Fined $11.3M for Privacy Violations

Facebook faces its second privacy-related fine in Europe, with the most recent action taken by the Italian Competition Authority. Facebook was hit with two fines, totaling 10 million Euros (about $11.3 million), for violating Italy’s Consumer Code.

The Italian Competition Authority (ICA) found that Facebook violated several articles of the statute by misleading consumers about how their data would be used. These include Articles 21 and 22. The ICA found that Facebook doesn’t explicitly inform people when they register that their information will be used for commercial purposes.

Read more about the new privacy-related fine for Facebook on Threatpost.

Hacking Humans: Protecting Our DNA From Cybercriminals

Direct-to-consumer DNA testing services have grown in popularity in recent years. By now there is no doubt that consumer DNA testing is here to stay, but we still need to ponder: Is the digitization of our DNA the safe thing to do?

If you consider that your DNA is the ultimate personally identifying information (PII), its dark web street value could be sky high. How would you feel if your DNA was suddenly out there on the dark web, free for the taking? And now that we have seen the first mega breach in the sector, what are the implications?

Read more about the security implications of DNA services on Forbes.

GDPR’s impact: The first six months

GDPR is now six months old – it’s time to take an assessment of the regulation’s impact so far. At first blush it would appear very little has changed. There are no well-publicized actions being taken against offenders. No large fines levied. So does this mean its yet another regulation that will be ignored? Actually nothing could be farther from the truth.

GDPR is a much-evolved form of European regulation allowing data subjects to file suits against data collectors whom they believe are violating their rights. The day GDPR came into law complaints were filed by data subjects against Facebook and Google. This battle is going to be fought in 28 EU countries courts much sooner than in their Data Protection commissioners ministries who enforce the law and handout fines for violations.

Read more about the GDPR’s impact so far on Help Net Security.

21% of all files in the cloud contain sensitive data

McAfee released its Cloud Adoption and Risk Report, which analyzed billions of events in anonymized customers production cloud use to assess the current state of cloud deployments and to uncover risks. The report revealed that nearly a quarter of the data in the cloud can be categorized as sensitive, putting an organization at risk if stolen or leaked.

The study found that while organizations aggressively use the public cloud to create new digital experiences for their customers, the average enterprise experiences more than 2,200 misconfiguration incidents per month in their infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) instances.

Read more about the findings of the new report on Help Net Security.

3 Keys to Reducing the Threat of Ransomware

There are two types of organizations: those that have been compromised and know it, and those that have been compromised and don’t know it. That (and the anxiety of whether data is being stolen or changed) keeps CIOs awake at night. As recent ransomware attacks are making news globally for their mounting costs, it’s obvious that once they’ve been hacked, these organizations discover there are deeper problems in their infrastructure or security hygiene that ransomware has exploited.

Avoiding ransomware problems boils down to three basic approaches that apply in general to both private and public sector organizations: good cyber hygiene and user training, best practices, and routine testing of backup and recovery plans.

Read more about how to reduce the threat of ransomware on DarkReading.

The Haunting Horror Story Of Cybercrime

Businesses worldwide face a sense of creeping dread and imminent disruption due to the threat of cybercrime. Nowadays, they are more prone than ever to terrors such as malware hijacking browsers to sniff or intercept application authentication credentials. Then there are the strains of malware that target financial logins to menace both browser and mobile clients.

There’s no way around it. Getting your cybersecurity posture right is the only way to stay safe. Get it wrong, however, and you’ll get the fright of your life in the shape of EU’s General Data Protection Regulation (GDPR) enforcement. There is definitively nowhere to hide this Halloween if you’re breached or fall short of tightening compliance expectations.

Read about the cybercrime threat and about the preventative measures you can take to improve your security posture and safeguard your employees’ applications and sensitive data on Information Security Buzz.

Audits: The Missing Layer in Cybersecurity

There is a broad spectrum of cybersecurity preparedness on the enterprise landscape, but even organizations that are relatively well-resourced and committed to cybersecurity stand to benefit from cybersecurity audits. Recent audit findings revealed gaps in the Washington Metropolitan Area Transit Authority’s cybersecurity posture, while deficiencies were similarly pinpointed in an audit of the Michigan Department of Technology, Management and Budget.

There is no question that, in many cases, earlier and expanded input from auditors would have helped organizations that have suffered high-profile cyberattacks from sifting through the financial and reputational damage that ensued.

Read more about the importance of cybersecurity audits on DarkReading.