Blog, Data collection and Government - Cyber Security Informer

Digital Personal Data Protection Bill 2022 Is Under Discussion in India

Heimadal Security

NOVEMBER 21, 2022

On Friday, November 18, 2022, the Indian government proposed a new online data protection regulation version. The post Digital Personal Data Protection Bill 2022 Is Under Discussion in India appeared first on Heimdal Security Blog. The proposal […]. The proposal […].

Data collection

Data collection Government Cybersecurity

OpenAI Is Not Training on Your Dropbox Documents—Today

Schneier on Security

DECEMBER 19, 2023

Simon Willison nails it in a tweet: “OpenAI are training on every piece of data they see, even when they say they aren’t” is the new “Facebook are showing you ads based on overhearing everything you say through your phone’s microphone.” A key role of government is to prevent this from happening.

Government

Government Banking Risk Internet

What’s in the NIST Privacy Framework 1.1?

Centraleyes

MARCH 14, 2024

Data Governance and Risk Management Recognizing the foundational role of data governance in privacy and cybersecurity, the updated Privacy Framework may emphasize data governance principles, practices, and controls. and the Profile for further feedback and refinement.

Government

Government Risk Artificial Intelligence Cybersecurity

GUEST ESSAY: Threat hunters adapt personas, leverage AI to gather intel in the Dark Web

The Last Watchdog

JUNE 20, 2022

Data collections released after ransomware attacks. Ransomware attacks hit indiscriminately across business categories, from private corporations to government agencies, including schools and universities, hospitals and healthcare providers, financial institutions, and everything in between.

Ransomware

Ransomware Marketing Data collection VPN

SHARED INTEL: VCs pumped $21.8 billion into cybersecurity in 2021 — why there’s more to come

The Last Watchdog

JUNE 13, 2022

Among them: an expanding digital footprint, growing attack surfaces, and increasing government regulation. Still, given the impact data science has had on other areas of software development, it seems likely that in the coming years one or more of these proposed solutions will yield a significant improvement in identity management systems.

Cybersecurity

Cybersecurity Artificial Intelligence Software Marketing

GUEST ESSAY: California pioneers privacy law at state level; VA, VT, CO, NJ take steps to follow

The Last Watchdog

NOVEMBER 21, 2018

These regulations have certainly contributed to the movement towards consumerism and prompted businesses in the United States to rethink data collection and management, considering how violating these regulations could adversely affect their business and brand. For many, the answer is yes. If the U.S.

Data privacy

Data privacy Data collection Big data Government

The Best 10 Vendor Risk Management Tools

Centraleyes

MARCH 25, 2024

Centraleyes collects real-time threat intelligence from various sources, providing unparalleled visibility into potential vulnerabilities and gaps. The platform goes beyond data collection by automatically generating actionable remediation tasks with intelligent prioritization and efficient management.

Risk

Risk Data collection Architecture Government

A chink in the armor of China-based hacking group Nickel

Malwarebytes

DECEMBER 7, 2021

Nickel’s techniques vary, but in the end the group’s activity has only one objective, namely to implant stealthy malware for getting into networks, stealing data, and spying on government agencies, think tanks, and human rights organizations. A long list of IOCs can be found at the end of this write-up about Nickel by MSTIC.

Hacking

Hacking Malware Surveillance Data collection

The Ultimate ESG Audits Checklist

Centraleyes

NOVEMBER 20, 2023

ESG Disclosures According to the annual survey of sustainability professionals conducted by WSJ Pro in the spring of 2023, nearly 66% of respondents indicated that their respective companies disclosed information about environmental, social, and governance strategies. ESG Audit Checklist 1.

Government

Government Energy and Utilities Risk Technology

Microsoft disrupts China-based hacking group Nickel

Malwarebytes

DECEMBER 7, 2021

Nickel’s techniques vary, but in the end the group’s activity has only one objective, namely to implant stealthy malware for getting into networks, stealing data, and spying on government agencies, think tanks, and human rights organizations. A long list of IOCs can be found at the end of this write-up about Nickel by MSTIC.

Hacking

Hacking Malware Surveillance Data collection

Regional privacy but global clouds. How to manage this complexity?

Thales Cloud Protection & Licensing

MAY 31, 2022

More than 120 governments have already implemented data privacy regulation to that very purpose, as stated in Recital 1 of the GDPR in the EU (General Data Protection Regulation). Data controllers are accountable to the persons (consumers, citizens) or other organisations (customers) they serve as part of their purpose.

Data privacy

Data privacy Digital transformation Accountability Data collection

MY TAKE: Even Google CEO Sundar Pichai agrees that it is imperative to embed ethics into AI

The Last Watchdog

JULY 27, 2020

Here’s what everyone should know about what’s at stake when it comes to infusing some level of ethics into AI. ‘Ethical AI’ Companies and big government agencies know ethical use of AI is important. At the moment, there’s little to constrain corporations or government agencies from using AI however they want.

Surveillance

Surveillance Government Accountability Artificial Intelligence

GUEST ESSAY: 5 security steps all companies should adopt from the Intelligence Community

The Last Watchdog

DECEMBER 6, 2018

Businesses at large would do well to model their data collection and security processes after what the IC refers to as the “intelligence cycle.” This cycle takes a holistic approach to detecting and deterring external threats and enforcing best-of-class data governance procedures. infrastructure from cyber attacks.

Financial Services

Financial Services Data collection Manufacturing Cyber Attacks

Knock, Knock; Who’s There? – IoT Device Identification & Data Integrity Is No Joke

Thales Cloud Protection & Licensing

JULY 12, 2018

The use of IoT technologies holds enormous potential in practically every segment of human enterprise – government, banking and finance, healthcare, retail, agriculture, and ecommerce to name a few. But making the IoT work requires trust in the devices and the data they collect.

IoT

IoT Data collection Encryption eCommerce

Critical Success Factors to Widespread Deployment of IoT

Thales Cloud Protection & Licensing

FEBRUARY 16, 2021

There are three major threat vectors that harm IoT deployments: Devices are hijacked by malicious software; Data collected and processed in IoT ecosystems is tampered with and impacts the confidentiality, integrity and availability of the information; and, Weak user and device authentication.

IoT

IoT Manufacturing Energy and Utilities Data collection

New Jersey Privacy Act: What to Expect

Centraleyes

JANUARY 15, 2024

By late 2022, the federal government and 29 states were playing the game, with even more getting in line. On January 8, 2024, New Jersey achieved a significant milestone by passing the comprehensive data protection bill, Senate Bill 332 (SB 332), marking its entry as the 13th state in the U.S. Why Didn’t the ADPPA Pass?

Data privacy

Data privacy Advertising Data collection Government

How to prepare for the California Consumer Privacy Act

Thales Cloud Protection & Licensing

AUGUST 15, 2019

state to pass its own data privacy law. Last August, my colleague Ashvin Kamaraju wrote a blog shortly after this took place. For example, data collected by an entity may not be associated with an individual but could identify a household. 375 the California Consumer Privacy Act (CCPA), making California the first U.S.

Digital transformation

Digital transformation Data collection Data privacy CISO

Alleged FruitFly malware creator ruled incompetent to stand trial

Malwarebytes

JANUARY 16, 2024

Apple released a security update to protect users against FruitFly, Malwarebytes published a blog post with technical details about the malware, and the FBI knocked on the door of the house linked to the IP address used by the malware. The IP address was linked to the malware using data collected by CWRU, Malwarebytes, and AT&T.)

Malware

Malware Passwords Identity Theft Data collection

Building a foundation of trust for the Internet of Things

Thales Cloud Protection & Licensing

DECEMBER 13, 2018

Finally, it looks like progress is being made in this regard, with the UK Government launching a “Code of Practice” to secure the ever-expanding ecosystem of connected devices. Finally, it is difficult to underemphasise the importance of encryption to protect sensitive data collected by IoT devices.

Internet

Internet Internet IoT Manufacturing

What To Know About Privacy Data

Identity IQ

JANUARY 17, 2023

Staying safe on the internet means knowing what privacy data is and how to help protect your personal information. In this blog, we will take a closer look at what privacy data is and share details about how you can keep yourself safe. Your identity or social security number is one of the most important privacy data elements.

Data privacy

Data privacy Identity Theft Accountability Banking

New NYC Biometric Law Takes Effect In Two Weeks – Is Your Organization Ready?

Privacy and Cybersecurity Law

JUNE 25, 2021

Government institutes are exempt from the entirety of the law. Key Takeaway #1 – Know Your Data. Receive our latest blog posts by email. Are There Exemptions? Financial institutions (which is separately defined) are exempt from the notice provision but are still subject to the prohibition of sale provision. Key Takeaways.

Data privacy

Data privacy Retail Data collection Government

A Full Guide to Achieving SOC 2 Certification for Startups

Centraleyes

NOVEMBER 16, 2023

Modern platforms streamline onboarding with smart questionnaires, making data collection more manageable. Automation: A top-tier compliance platform automates various processes, from data collection and analysis to providing insightful remediation steps and progress tracking.

Risk

Risk Data collection Backups Accountability

Russia-linked Sofacy APT developed a new ‘Go’ variant of Zebrocy tool

Security Affairs

DECEMBER 19, 2018

The Sofacy APT group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The Go variant of Zebrocy initially starts collecting info on the compromised system, then sends it to the command and control server. ” reads the analysis published by Palo alto Networks.

Malware

Malware Advertising Data collection Phishing

Data Privacy in the United States: A Recap of 2023 Developments

Centraleyes

FEBRUARY 1, 2024

The bill clarifies liability for failing to perform age verification and illegal retention of data and emphasizes parental consent. California – A 127: State Government California’s A 127 focuses on the California Age-Appropriate Design Code Act and the California Children’s Data Protection Working Group.

Data privacy

Data privacy Consumer Protection Media Data collection

The Ultimate Guide to Excelling in Your External Audit: 5 Proven Strategies

Centraleyes

APRIL 25, 2024

Both play integral roles in maintaining a robust governance and risk management framework. This initial step is pivotal for establishing timelines and deadlines and ensuring alignment with the guidelines provided by the governing body for the chosen compliance framework.

Risk

Risk Accountability Technology Software

More SRE Lessons for SOC: Simplicity Helps Security

Security Boulevard

NOVEMBER 17, 2022

Phil’s 8 megatrends blog reminds us about this by calling one of his cloud megatrends “Simplicity: Cloud as an abstraction machine.” Metrics and associated data collection? Related blog posts: “Achieving Autonomic Security Operations: Why metrics matter (but not how you think)”. 10X fun assured! But what is simplicity?

Engineering

Engineering Software Data collection Architecture

GDPR for WooCommerce Sites

SiteLock

AUGUST 27, 2021

State departments, like travel and tourism which specifically target EU residents to encourage tourism in their state, are particularly attentive to these rulings but many parts of government are also affected. Check with your plugin authors to find the data export process for each plugin. GDPR in WooCommerce Core.

eCommerce

eCommerce Data collection Accountability Marketing

Understanding the Different Types of Audit Evidence

Centraleyes

APRIL 18, 2024

Types of Audits Now that we’ve established the role of audits and evidence let’s explore the diverse types of audits organizations may undergo: Internal Audits The organization’s internal audits assess controls, governance processes, risk management strategies, and compliance status.

Risk

Risk Penetration Testing Encryption Cybersecurity

A Pandora's Box: Unpacking 5 Risks in Generative AI

Thales Cloud Protection & Licensing

APRIL 17, 2024

Security researchers from Imperva described in a blog called XSS Marks the Spot: Digging Up Vulnerabilities in ChatGPT how they discovered multiple security vulnerabilities in OpenAI’s ChatGPT that, if exploited, would enable bad actors to hijack a user’s account. Consent management is also considered critical.

Risk

Risk Data collection Artificial Intelligence Accountability

A Pandora’s Box: Unpacking 5 Risks in Generative AI

Security Boulevard

APRIL 17, 2024

Security researchers from Imperva described in a blog called XSS Marks the Spot: Digging Up Vulnerabilities in ChatGPT how they discovered multiple security vulnerabilities in OpenAI’s ChatGPT that, if exploited, would enable bad actors to hijack a user’s account. Consent management is also considered critical.

Risk

Risk Data collection Artificial Intelligence Accountability

Cyber CEO: Data Privacy Day – How to Enhance Your Data Privacy

Herjavec Group

JANUARY 27, 2022

Data Privacy Week aims to create awareness about online privacy, educate citizens on how to manage and secure their personal information, and support businesses in respecting data and being more transparent about how they collect and use customer data.

Data privacy

Data privacy Digital transformation Education Cybersecurity

Education Sector has Seen a 44% Rise in Cyber Attacks Since 2021

CyberSecurity Insiders

OCTOBER 24, 2022

From December 2021 through January the following year, Bernalillo County was slammed by a ransomware attack that targeted government services. From banking to personal data collection, schools must ensure that their systems come with security features and that their employees comply with those security features.

Education

Education Cyber Attacks Cyber Insurance Insurance

Spam and phishing in 2022

SecureList

FEBRUARY 16, 2023

In addition to that, they might ask the victim to cover the “shipping costs” Growing utility rates and an increase in the price of natural resources have prompted several governments to start discussing compensations for the population. Payout notices could arrive by mail, email, or as a text message.

Phishing

Phishing Scams Accountability Energy and Utilities

Privacy predictions 2023

SecureList

NOVEMBER 28, 2022

Our last edition of privacy predictions focused on a few important trends where business and government interests intersect, with regulators becoming more active in a wide array of privacy issues. This showed how consumer data collection can directly impact the relationships between citizens and governments.

Insurance

Insurance Social Engineering IoT Data breaches

The 11 Best GRC Tools for 2024

Centraleyes

APRIL 1, 2024

Governance, Risk, and Compliance (GRC) platforms help organizations optimize their governance strategies, streamline risk management processes, and ensure compliance with regulatory requirements. G is for Governance Governance is set to take center stage in the GRC world, with the NIST CSF 2.0

Risk

Risk Government Artificial Intelligence Software

Threat Report Portugal: Q2 2020

Security Affairs

AUGUST 14, 2020

The Threat Report Portugal: Q2 2020 compiles data collected on the malicious campaigns that occurred from April to Jun, Q2, of 2020. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática.

Threat Reports

Threat Reports Phishing Banking Malware

Regulations roundup part 1: how the new EU data directives affect you

BH Consulting

NOVEMBER 28, 2022

This blog will look at who those Acts apply to, when they’ll come into force, as well as how and if they interact with the EU General Data Protection Regulation (GDPR). Then in our follow-up blog, we’ll outline the EU Data Act, the Data Governance Act, and the Artificial Intelligence Act.

Artificial Intelligence

Artificial Intelligence Marketing Advertising Wireless

Threat Report Portugal: Q4 2020

Security Affairs

JANUARY 26, 2021

The Threat Report Portugal: Q4 2020 compiles data collected on the malicious campaigns that occurred from October to December, Q4, of 2020. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt. The submissions were classified as either phishing or malware.

Threat Reports

Threat Reports Phishing Malware Banking

Consumer privacy reaches the U.S. with the California Consumer Privacy Act

Thales Cloud Protection & Licensing

AUGUST 30, 2018

Malcom Chisholm’s blog post on CCPA vs. GDPR describes the differences between the two laws. One noteworthy difference is that while the GDPR defines terms such as “Data Controller”, “Data Processor” and “Data Subject”, the CCPA only defines “businesses” and “consumers”. Right to DELETE your data.

Data breaches

Data breaches Data collection Data privacy Government

Cyber Playbook: Information Technology vs Operational Technology – How to Leverage IT to Secure Your OT Systems

Herjavec Group

JANUARY 31, 2022

However, as physical devices and processes become more dependent on IT systems to operate and as the need for data collection and analytics has grown, it has become clear that we need to start adapting our approach to securing OT by integrating IT security tools and best practices.

Technology

Technology Cybersecurity InfoSec Software

Anton and The Great XDR Debate, Part 1

Security Boulevard

AUGUST 6, 2021

This is definitely a defensible view of XDR as EDR with more data collection outside of the endpoint. Related blog posts: Our Cloud Security Podcast by Google (yes, XDR episode is coming!). “A Thus defined, XDR can nicely coexist with SIEM, but may also collide with it later on. There you have it! How to Do It?”.

Technology

Technology Data collection Marketing Risk

‘A lot of late nights’: Zoom’s compliance chief reflects on the year that was the pandemic

SC Magazine

MARCH 19, 2021

We also took significant strides to directly educate users on security best practices for setting up their meetings, including via blogs, videos, and by hosting a weekly webinar to provide privacy and security updates to our community. Ultimately, all of these changes were just the first step for us to better serve our users.

Advertising

Advertising Education Media Encryption

Threat Report Portugal Q1 2020

Security Affairs

APRIL 20, 2020

The Threat Report Portugal: Q1 2020 compiles data collected on the malicious campaigns that occurred from January to March, Q1, of 2020. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt. The campaigns were classified as either phishing or malware.

Threat Reports

Threat Reports Phishing Banking Malware

SOC Technology Failures?—?Do They Matter?

Security Boulevard

DECEMBER 10, 2021

Hence this blog was born. Data collection failures still plague many SOCs. Now, again, one can also blame this on people and processes (especially, those people in IT who just didn’t give us the data). BTW, if somebody wakes me up at 3:00 a.m. I would name the loss of executive commitment. Yes, DIY SOC tools fail as well.

Technology

Technology CISO Data collection Threat Detection

Digital Personal Data Protection Bill 2022 Is Under Discussion in India

OpenAI Is Not Training on Your Dropbox Documents—Today

Trending Sources

What’s in the NIST Privacy Framework 1.1?

GUEST ESSAY: Threat hunters adapt personas, leverage AI to gather intel in the Dark Web

SHARED INTEL: VCs pumped $21.8 billion into cybersecurity in 2021 — why there’s more to come

GUEST ESSAY: California pioneers privacy law at state level; VA, VT, CO, NJ take steps to follow

The Best 10 Vendor Risk Management Tools

A chink in the armor of China-based hacking group Nickel

The Ultimate ESG Audits Checklist

Microsoft disrupts China-based hacking group Nickel

Regional privacy but global clouds. How to manage this complexity?

MY TAKE: Even Google CEO Sundar Pichai agrees that it is imperative to embed ethics into AI

GUEST ESSAY: 5 security steps all companies should adopt from the Intelligence Community

Knock, Knock; Who’s There? – IoT Device Identification & Data Integrity Is No Joke

Critical Success Factors to Widespread Deployment of IoT

New Jersey Privacy Act: What to Expect

How to prepare for the California Consumer Privacy Act

Alleged FruitFly malware creator ruled incompetent to stand trial

Building a foundation of trust for the Internet of Things

What To Know About Privacy Data

New NYC Biometric Law Takes Effect In Two Weeks – Is Your Organization Ready?

A Full Guide to Achieving SOC 2 Certification for Startups

Russia-linked Sofacy APT developed a new ‘Go’ variant of Zebrocy tool

Data Privacy in the United States: A Recap of 2023 Developments

The Ultimate Guide to Excelling in Your External Audit: 5 Proven Strategies

More SRE Lessons for SOC: Simplicity Helps Security

GDPR for WooCommerce Sites

Understanding the Different Types of Audit Evidence

A Pandora's Box: Unpacking 5 Risks in Generative AI

A Pandora’s Box: Unpacking 5 Risks in Generative AI

Cyber CEO: Data Privacy Day – How to Enhance Your Data Privacy

Education Sector has Seen a 44% Rise in Cyber Attacks Since 2021

Spam and phishing in 2022

Privacy predictions 2023

The 11 Best GRC Tools for 2024

Threat Report Portugal: Q2 2020

Regulations roundup part 1: how the new EU data directives affect you

Threat Report Portugal: Q4 2020

Consumer privacy reaches the U.S. with the California Consumer Privacy Act

Cyber Playbook: Information Technology vs Operational Technology – How to Leverage IT to Secure Your OT Systems

Anton and The Great XDR Debate, Part 1

‘A lot of late nights’: Zoom’s compliance chief reflects on the year that was the pandemic

Threat Report Portugal Q1 2020

SOC Technology Failures?—?Do They Matter?

Stay Connected