#DPI19: Data Regulators Reflect on First Months of GDPR
  • #DPI19: Data Regulators Reflect on First Months of GDPRSpeaking at the IAPP Data Protection Intensive 2019 conference in London, a panel discussion on the first year of GDPR and “What Actions Have Been Taken?” explored how over €55m has been handed out in fines, although the majority of that was the €50m levied at Google. The last year has also seen data protection authorities more than double their head counts.Moderator Vivienne Artz, chief policy officer of





  • US Lawmakers Call for Senate Breach AlertsTwo senior lawmakers have called on the US Senate to provide greater transparency on cyber-attacks, with a view to improving oversight of online threats to the legislature.Senators Rony Wyden and Tom Cotton signed an open letter to the institution’s sergeant at arms, Michael Stenger, arguing that senators shouldn’t be kept in the dark over cyber threats, given how big a target the Senate is for hackers.Congressional computers belonging to Fra

  • Elasticsearch Crypto-Miner Sinkholes the CompetitionResearchers have discovered a new crypto-mining campaign targeting Elasticsearch instances which contains sinkholing capabilities to squash any competing miners.The aptly named “CryptoSink” malware campaign exploits an Elasticsearch vulnerability from 2014 (CVE-2014-3120) to mine cryptocurrency in Windows and Linux environments, according to F5’s Andrey Shalnev and Maxim Zavodchik.At the time of the research, just one of the t

  • ICO Raids Nuisance Call FirmsThe Information Commissioner’s Office (ICO) has raided the offices of two companies suspected of making millions of nuisance calls.The UK’s privacy watchdog said this week that the execution of search warrants in Birmingham and Brighton were part of a year-long campaign launched after it received over 600 complaints about the firms.The companies are said to have breached the Privacy and Electronic Communications Regulations (PECR) 2003 as recipients were





  • No More Nugs after Telegrass Drug BustAfter months of investigating what was believed to be the largest online drug trafficking ring in the past decade, Israeli police, in conjunction with officers of the Security Service of Ukraine (SBU), have arrested 42 suspects, including the alleged leader.According to SBU, “On March 12, Ukrainian law enforcers basing on the motion about international assistance, detained the head of the drug cartel in Kyiv, where he arrived to create ‘business

  • Source Code Error in Swiss Post E-Voting SystemA group of international researchers at the University of Melbourne discovered a flaw in the Swiss Post e-voting system that had also been independently discovered by Thomas Haines of NTNU and by Rolf Haenni of Bern University of Applied Sciences.According to the research, the vote verification process is flawed. Researchers revealed there was a significant gap in the source code of the shuffle proof in the universal verifiability mechanis

  • #DPI19: Open Banking and Data Sharing Will Benefit ConsumersSpeaking at the IAPP Data Protection Intensive 2019 conference in London on ‘How Privacy & Data Protection are Impacted by Competition Considerations,’ Helena Koning, senior managing counsel and data protection officer at Mastercard, said that new rules on open banking are permitting more sharing and reuse “of different types of data whilst respecting the privacy and benefit of consumers.”Saying that data “is

  • Block in Russia Unjustified, Says ProtonMailClaiming that it had received multiple bomb threats via email messages, the Russian government restricted internet access, which resulting in blocking ProtonMail email servers, according to PortSwigger.In a March 12 blog post authored by Andy Yen, ProtonMail founder, Yen called the block “unjustified” and promised to restore full service to users in Russia. “The Russian government has ordered a partial block of ProtonMail, preventi





  • #DPI19: Privacy Playbooks Can Help Navigate Data Protection Act RulesSpeaking at the IAPP Data Protection Intensive 2019 conference in London, panel moderator Kabir Barday, CEO of OneTrust, asked “How the UK’s Data Protection Act 2018 Impacts Your GDPR Programme.”Julie Varcoe-Cocks, head of ethics, regulatory and compliance and data protection officer of Serco, said that the new Data Protection Act (DPA) has “more focus on the rights of the individual” as

  • MAGA App Dev Mad After Security SnafuThe developer of an app for US conservatives has hit out at a researcher who exposed fundamental security shortcomings that put users at risk.The individual, who goes by the name Elliot Alderson on Twitter and claims to be a French security researcher, was quick to take down the 63red Safe app launched over the weekend.The Yelp-like app makes promises about “keeping conservatives safe” by showing listings for shops and restaurants which are s

  • An initiative conceived and funded by the SIA, supported by Police Scotland and the Scottish Business Resilience Centre (SBRC), has won a major award.

  • March Patch Tuesday Fixes Two Zero DaysMicrosoft has patched over 60 vulnerabilities this month, two of which are being exploited in the wild and four of which were previously disclosed.The two Windows flaws being used to attack targets are elevation of privilege bugs CVE-2019-0797 and CVE-2019-0808. The latter was being used in combination with a use-after-free vulnerability in Google Chrome (CVE-2019-5786).“Although not as severe due to requiring local access, they could be used in




  • A Chester security boss has been fined over £2,000 for employing an unlicensed door supervisor.

  • Last Friday 8 March, John Raymond Daley, was ordered to pay £25,000 and also prosecution costs of £11,000.

  • Google, Apple & GoDaddy Recall Over One Million CertificatesOver one million digital certificates have been mis-issued by Google, Apple and GoDaddy after an operational snafu left them non-compliant with industry standards.Researcher Adam Caudill revealed the issue late last week, claiming that the companies had misconfigured the EJBCA software package used by many Certificate Authorities to generate certs.In effect, this meant they were generating certificates with just 63-bit serial number

  • New Ursnif Variant Bypasses Japanese AVA prolific malware, dubbed Ursnif, has resurfaced with new features, including the ability to bypass a popular Japanese antivirus software called PhishWall, according to Cybereason.Described as one of the most prolific information-stealing malware programs, Ursnif has been around since at least 2013. For nearly three months, researchers have been observing a campaign that has introduced a new variant of Ursnif using delivery methods through Bebloh. Accordin

  • The Pakistan Air Force (PAF) on Tuesday successfully test-fired an indigenously developed “extended range smart weapon” from a JF-17 Thunder aircraft, adding to the multi-role fighter…

  • File Sharing Links Leave Data out of the BoxSecurity researchers have found that hundreds of thousands of documents were unintentionally leaked after multiple companies left sensitive corporate and customer data exposed on their Box enterprise storage accounts. The issue, though, is not a vulnerability but a feature of Box, according to researchers.“After identifying thousands of Box customer sub-domains through standard intelligence gathering techniques and using a relatively large wordli

  • Cyber-Attacks Increasing for Canadian OrgsCybersecurity threats are intensifying in Canada, with a large majority of organizations saying they have been the victim of a cyber-attack in the past 12 months, according to a new report.As part of a global threat research project, Carbon Black has published its first study looking at the evolving threat landscape in Canada. Released today, 2019 Cyberattack Landscape in Canada found that among the 250 Canadian CIOs, CTOs and CISOs surveyed, 83% sa

  • Non-UK Far-Right Twitter Accounts Amplify Brexit MessagesFar right Twitter accounts from outside the UK are amplifying pro-Brexit messages and spreading content from non-authoritative news sources on the network, in what could be a sign of a coordinated misinformation campaign.As the clock ticks down to EU exit day for the UK at the end of March, F-Secure undertook a detailed study into inorganic activity on the social network. It analyzed 24 million tweets from 1.65 million accounts c

  • Techworld’s flagship awards are celebrating the best in UK tech innovation and disruption, and you could be there

  • Four devices were found in London and Glasgow; alleged fifth has not been foundInvestigators are looking for a possible unexploded letter bomb after an Irish terror group said it had sent five packages to targets across Britain last week, three of which were discovered in London and one in Glasgow.In a claim of responsibility, a group calling itself the IRA said it was behind the packages and added that a fifth letter containing an improvised explosive device had been addressed to an unnamed arm

  • Devices sent to Waterloo station, Heathrow and London City airports, and University of GlasgowA group calling itself the IRA has claimed it sent explosive devicesto three London transport hubs and the University of Glasgow last week as well as another, which has yet to be found.Police Scotland and the Metropolitan police said in a joint statement that the claim was received on Monday by a media organisation in Northern Ireland using a recognised codeword. Continue reading…

  • Chinese Hackers Backdoor Gaming TitlesChinese hackers have launched supply chain attacks against three gaming companies in order to spread malware far and wide across Asian endpoints, according to ESET.The security vendor’s malware researcher, Marc-Etienne M.Léveillé, wrote in a blog post on Monday that the attacks are the work of the well-known Winnti Group, which has used such tactics before.It targeted two gaming titles and a “gaming platform application,” compr

  • OIG: NASA’s Poor Cybersecurity is Operational ThreatGovernment inspectors have uncovered serious deficiencies in NASA’s information security program which they claim could threaten operations.The findings come from the latest Office of Government Inspector (OIG) review of the space agency for fiscal year 2018, under the Federal Information Security Modernization Act of 2014 (FISMA).The OIG tested the maturity of NASA’s infosec program via 61 metrics in five security functi

  • Trump’s 2020 Budget Asks for $11bn for Cyber-DefenseIn the proposed 2020 federal budget, released by the White House today, President Donald Trump has requested nearly $11bn be allocated to improving cybersecurity.“For cyber, the budget continues to integrate efforts and operationalize US cyber strategy, while scaling artificial intelligence throughout the department,” the document stated.Throughout the 150-page document, cybersecurity appeared several times, falling into d

  • ICS Ethernet Switches Littered with FlawsSecurity researchers discovered multiple vulnerabilities in Moxa industrial switches, according to Positive Technologies and Moxa.Moxa published a security advisory stating that it had issued resolutions for the vulnerabilities in the EDS-405A, EDS-408A, EDS-510A, and IKS-G6824A series ethernet switches that are used to build industrial networks across several sectors including oil and gas, transportation, and maritime logistics.“A vulnerable s

  • Presidential Hopefuls Leverage SXSW to Talk CyberDespite Austin’s South by Southwest (SXSW) conference and festival being largely focused on film and music, 2020 presidential candidates arrived in Texas ready to talk about data privacy and cybersecurity.On March 8, Sen. Elizabeth Warren made headlines for her promise to break up big tech companies such as Amazon, Google, Facebook and Apple, while Sen. Amy Klobuchar proposed reforming antitrust laws and the possibility of taxing techno

  • Over 80% of Firms Suffer Security Skills ShortagesThe majority of security professionals believe it’s getting harder to recruit talent into the industry, according to a new study from Tripwire.The firm commissioned Dimensional Research to poll over 300 industry professionals back in February, in order to compile its Tripwire 2019 Skills Gap Survey.Some 85% claimed their IT security department is already understaffed, and just 1% said they can manage all of their organization’s cybers

  • Pre-GDPR UK Breach Reporting Was a MessMany UK firms struggled to identify breach incidents, delayed reporting to the regulator and left out key details in the year prior to the GDPR, and could still be non-compliant today, according to new data obtained by Redscan.The managed security services provider obtained its findings from Freedom of Information (FOI) data relating to 181 anonymized incidents reported to the Information Commissioner’s Office (ICO) in the financial year ending April

  • Read More

    Leave a Reply

    Close Menu