Data collection, Encryption and Government

China’s Olympics App Is Horribly Insecure

Schneier on Security

JANUARY 21, 2022

Key Findings: MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, has a simple but devastating flaw where encryption protecting users’ voice audio and file transfers can be trivially sidestepped. Citizen Lab examined the app and found it riddled with security holes.

Surveillance

Surveillance Encryption Wireless Government

Apple Mail stores parts of encrypted emails in plaintext DB

Security Affairs

NOVEMBER 10, 2019

The Apple Mail app available on macOS stores leave s a portion of users encrypted emails in plaintext in a database called snippets. The Apple expert Bob Gendler discovered that the Apple Mail app available on macOS stores leaves a portion of users encrypted emails in plaintext in a database called snippets. ” continues the post.

Encryption

Encryption Advertising Data collection Hacking

5G Security

Schneier on Security

JANUARY 14, 2020

Because the companies that make the equipment are subservient to the Chinese government, they could be forced to include backdoors in the hardware or software to give Beijing remote access. Both criminal attacks and government cyber-operations will become more common and more damaging. But the enhancements aren't enough.

Data collection

Data collection Software Marketing Government

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

GUEST ESSAY: Threat hunters adapt personas, leverage AI to gather intel in the Dark Web

The Last Watchdog

JUNE 20, 2022

It extends beyond the Deep & Dark Web to: unindexed Web forums, messaging boards, and marketplaces, encrypted messaging systems, and code repositories. Data collections released after ransomware attacks. There are many facets to what I’ll call “The Underground.” Databases with critical IP and/or PII.

Ransomware

Ransomware Marketing Data collection VPN

What’s in the NIST Privacy Framework 1.1?

Centraleyes

MARCH 14, 2024

Data Governance and Risk Management Recognizing the foundational role of data governance in privacy and cybersecurity, the updated Privacy Framework may emphasize data governance principles, practices, and controls. and the Profile for further feedback and refinement.

Government

Government Risk Artificial Intelligence Cybersecurity

Privacy predictions 2022

SecureList

NOVEMBER 23, 2021

Global connectivity underpins the most basic functions of our society, such as logistics, government services and banking. Governments in many countries push for easier identification of Internet users to fight cybercrime, as well as “traditional” crime coordinated online.

Government

Government Internet Internet Technology

Critical Success Factors to Widespread Deployment of IoT

Thales Cloud Protection & Licensing

FEBRUARY 16, 2021

There are three major threat vectors that harm IoT deployments: Devices are hijacked by malicious software; Data collected and processed in IoT ecosystems is tampered with and impacts the confidentiality, integrity and availability of the information; and, Weak user and device authentication. Encryption. Data security.

IoT

IoT Manufacturing Energy and Utilities Data collection

Should You Block ISP Tracking?

Identity IQ

JUNE 3, 2021

Some of the data that ISPs log as you browse the internet can include: Websites you visit while browsing. Email messages that are not properly encrypted. Geo-location data while browsing from a smartphone. The law states that ISPs need to store data related to the customer’s browsing data and history for a period of time.

VPN

VPN Internet Internet Encryption

TikTok Surreptitiously Collected Android User Data Using Google-Prohibited Tactic

Threatpost

AUGUST 12, 2020

App concealed the practice of gathering device unique identifiers using an added layer of encryption.

Encryption

Encryption Data collection Mobile Government

How to Manage IAM Compliance and Audits

Centraleyes

MAY 20, 2024

The assessment takes into account governance, security, and identity management challenges. This may include: Manage identities Offboarding accounts Checking administrative privileges Data governance involves quality assurance Review privileged user credentials Reduce the number of accounts with privileged access.

Data breaches

Data breaches Accountability Authentication Healthcare

Defining Good: A Strategic Approach to API Risk Reduction

Security Boulevard

JANUARY 18, 2024

A good API security strategy starts with a well thought out API security posture governance program that spans from design to deployment. API posture governance is foundational to behavioral threat protection. It takes lots of data and lots of cloud compute power to effectively and accurately identify anomalous behavior.

Risk

Risk Government Artificial Intelligence Threat Detection

Volt Typhoon Disrupts US Organizations, CISA Issues Alerts

eSecurity Planet

FEBRUARY 16, 2024

government and defense institutions for intelligence gathering. Attacks on telecom corporations, government institutions, and utilities then followed in a predictable pattern. Despite initial suspicions, encrypted communications with specific keys linked the attacks to the previous ones, indicating an organized effort.

Internet

Internet Internet Cybersecurity Network Security

Building a foundation of trust for the Internet of Things

Thales Cloud Protection & Licensing

DECEMBER 13, 2018

Finally, it looks like progress is being made in this regard, with the UK Government launching a “Code of Practice” to secure the ever-expanding ecosystem of connected devices. Finally, it is difficult to underemphasise the importance of encryption to protect sensitive data collected by IoT devices.

Internet

Internet Internet IoT Manufacturing

Knock, Knock; Who’s There? – IoT Device Identification & Data Integrity Is No Joke

Thales Cloud Protection & Licensing

JULY 12, 2018

They all must have unique identifiers and the ability to collect and transfer data over networks to enable monitoring, surveillance, and execution of decisions based on the collected data with little or no human intervention. But making the IoT work requires trust in the devices and the data they collect.

IoT

IoT Data collection Encryption eCommerce

Understanding the Different Types of Audit Evidence

Centraleyes

APRIL 18, 2024

This evidence serves multiple purposes, including: Verification of Controls : Auditors rely on evidence to verify the existence and effectiveness of cybersecurity controls, from access management to encryption mechanisms. The audit includes reviewing risk analysis, data access controls, encryption procedures, and physical security controls.

Risk

Risk Penetration Testing Encryption Cybersecurity

Supply Chain Security 101: An Expert’s View

Krebs on Security

OCTOBER 12, 2018

Tony Sager (TS): The federal government has been worrying about this kind of problem for decades. In the 70s and 80s, the government was more dominant in the technology industry and didn’t have this massive internationalization of the technology supply chain. It’s a hard problem category.

Computers and Electronics

Computers and Electronics Internet Internet Technology

Judging Facebook's Privacy Shift

Schneier on Security

MARCH 13, 2019

Better data security so Facebook sees less. On the other hand, WhatsApp -- purchased by Facebook in 2014 -- provides users with end-to-end encrypted messaging. It even collects what it calls " shadow profiles " -- data about you even if you're not a Facebook user. Better use of Facebook data to prevent violence.

Surveillance

Surveillance Advertising Engineering Encryption

Targeted attack on industrial enterprises and public institutions

SecureList

AUGUST 8, 2022

The attack targeted industrial plants, design bureaus and research institutes, government agencies, ministries and departments in several East European countries (Belarus, Russia, and Ukraine), as well as Afghanistan. The attackers compressed stolen files into encrypted and password-protected ZIP archives.

Malware

Malware Phishing Passwords Data collection

Quad9 to move offices to Switzerland, invites other privacy-focused firms to follow

SC Magazine

FEBRUARY 17, 2021

It offers additional privacy and security features, including screening for malicious domains and encryption. The company received a finding of law from the Swiss government that it will not be treated as a telecommunications provider, exempting it from laws that would mandate data collection. and Google Public DNS.

DNS

DNS Telecommunications Surveillance Data collection

How we can secure the future of healthcare and telemedicine

CyberSecurity Insiders

MAY 14, 2021

With many state and local governments issuing stay-at-home orders to help prevent the spread of the virus, patients were physically unable to attend certain clinics, especially given that healthcare centres were more likely to be prioritising patients with the coronavirus. How healthcare has transformed during the pandemic.

Healthcare

Healthcare IoT Technology Data collection

TOP 10 unattributed APT mysteries

SecureList

OCTOBER 7, 2022

It proved to be a part of a complex APT platform targeting government, telecommunication, scientific, military, and financial organizations in Russia, Iran, Rwanda, and possibly, Italian-speaking countries. The files were designed to be executed in a pre-defined order, and some of them were AES128-encrypted.

Malware

Malware Computers and Electronics Telecommunications Encryption

How to prepare for the California Consumer Privacy Act

Thales Cloud Protection & Licensing

AUGUST 15, 2019

For example, data collected by an entity may not be associated with an individual but could identify a household. Under the CCPA publicly available information is defined as “lawfully made available from federal, state, or local government records, if any conditions associated with such information.”.

Digital transformation

Digital transformation Data collection Data privacy CISO

Cybersecurity Outlook 2022: Third-party, Ransomware and AI Attacks Will Get Worse

eSecurity Planet

JANUARY 6, 2022

Expect to see increasingly sophisticated AI and machine learning -based attacks – and a growing regulatory response from governments around the world. ” Also read: Homomorphic Encryption Makes Real-World Gains, Pushed by Google, IBM, Microsoft. . See also: Best Backup Solutions for Ransomware Protection.

Ransomware

Ransomware Cybersecurity Artificial Intelligence CISO

The Ultimate Guide to Excelling in Your External Audit: 5 Proven Strategies

Centraleyes

APRIL 25, 2024

Ensuring Compliance: Compliance with regulatory requirements and industry standards is critical, ensuring adherence to specific security policies and procedures to protect sensitive data and maintain stakeholder trust. Both play integral roles in maintaining a robust governance and risk management framework.

Risk

Risk Accountability Technology Software

What happened in privacy in 2022

Malwarebytes

JANUARY 20, 2023

The Supreme Court’s decision was also an event that has few modern equivalents, changing the behaviors of three, core parts of society—government, corporate, and public. In the wake of a leaked draft of the decision, Federal legislators introduced a new, targeted data privacy bill to protect reproductive health data.

Data privacy

Data privacy Engineering Encryption Internet

Indicators of compromise (IOCs): how we collect and use them

SecureList

DECEMBER 2, 2022

This is the most precious source of intelligence as it provides unique and reliable data from trusted systems and technologies. Kaspersky’s private Threat Intelligence Portal (TIP), which is available to customers as a service, offers limited access to such in-house technical data.

Cyber threats

Cyber threats DNS Technology Engineering

Education Sector has Seen a 44% Rise in Cyber Attacks Since 2021

CyberSecurity Insiders

OCTOBER 24, 2022

From December 2021 through January the following year, Bernalillo County was slammed by a ransomware attack that targeted government services. From banking to personal data collection, schools must ensure that their systems come with security features and that their employees comply with those security features.

Education

Education Cyber Attacks Cyber Insurance Insurance

Happy 13th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2022

Internal Revenue Service website for months: Anyone seeking to create an account to view their tax records online would soon be required to provide biometric data to a private company in Virginia — ID.me. Super Bowl Sunday watchers are treated to no fewer than a half-dozen commercials for cryptocurrency investing. ” SEPTEMBER.

Cryptocurrency

Cryptocurrency Cybercrime Computers and Electronics Scams

A Pandora's Box: Unpacking 5 Risks in Generative AI

Thales Cloud Protection & Licensing

APRIL 17, 2024

Enterprises must prioritize responsible AI governance to mitigate threats and uphold ethical standards. Employ encryption, access controls, and secure development practices to safeguard models against unauthorized access or tampering. Investments in Training: Security staff must be trained in AI systems and Generative AI.

Risk

Risk Data collection Artificial Intelligence Accountability

A Pandora’s Box: Unpacking 5 Risks in Generative AI

Security Boulevard

APRIL 17, 2024

Enterprises must prioritize responsible AI governance to mitigate threats and uphold ethical standards. Employ encryption, access controls, and secure development practices to safeguard models against unauthorized access or tampering. Investments in Training: Security staff must be trained in AI systems and Generative AI.

Risk

Risk Data collection Artificial Intelligence Accountability

34 Most Common Types of Network Security Protections

eSecurity Planet

MARCH 17, 2023

Managed Detection and Response Product Guide Top MDR Services and Solutions Encryption Full disk encryption, sometimes called whole disk encryption, is a data encryption approach for both hardware and software that involves encrypting all disk data, including system files and programs.

Network Security

Network Security Penetration Testing Firewall Antivirus

The Role of Data Protection Officer (DPO) in GDPR Compliance

Spinone

JULY 23, 2020

Here are some of the places where they can be trained: IAPP Certifications TÜV in Germany IT Governance in the UK ISACA Certifications As for other skills and qualifications necessary for the DPO job, here are some to look for: Experience in managing people. Data loss protection with encrypted 3x a day backup.

Education

Education Data privacy Risk Data collection

Sipping from the Coronavirus Domain Firehose

Krebs on Security

APRIL 16, 2020

“Looking at the data collected, the pattern of visits are highest on Monday and Friday, and the lowest visit count is on the weekend. Our data shows that there were virtually no customer hits on COVID-related domains prior to February 23.” “It’s either that or the government gets involved.

Cyber threats

Cyber threats Phishing Data collection Government

What Is Hybrid Cloud Security? How it Works & Best Practices

eSecurity Planet

OCTOBER 20, 2023

Encryption protects data both in transit and at rest. Data loss prevention ( DLP ) prevents unwanted data transfers. Data Loss Prevention (DLP): DLP tools monitor and manage data flows in order to avoid illegal sharing or leaking of sensitive data.

Backups

Backups Firewall Encryption Architecture

Common TTPs of attacks against industrial organizations

SecureList

AUGUST 10, 2023

For most implants, the threat actor(s) use(s) similar implementations of DLL hijacking (often associated with Shadowpad malware) and memory injection techniques, along with using RC4 encryption to hide the payload and to evade detectionlibssl.dll or libcurl.dll was statically linked to implants to implement encrypted C2 communications.

Malware

Malware Encryption Media Data collection

Mystic Stealer

Security Boulevard

JUNE 15, 2023

Enter Mystic Stealer, a fresh stealer lurking in the cyber sphere, noted for its data theft capabilities, obfuscation, and an encrypted binary protocol to enable it to stay under the radar and evade defenses. Example Mystic Stealer constant obfuscation technique Encrypted binary custom protocol. All data is encrypted with RC4.

Cryptocurrency

Cryptocurrency Password Management Malware DNS

Data collection cheat sheet: how Parler, Twitter, Facebook, MeWe’s data policies compare

Security Affairs

JANUARY 13, 2021

While these alt platforms largely position themselves as “free speech” alternatives, we at CyberNews were also interested in how these alt social platforms compare in terms of data collection. Users would need to read both Triller’s and Quickblox’ privacy policies to get a good idea of how their data is being collected and processed.

Data collection

Data collection Accountability Media Advertising

The Hacker Mind Podcast: Crimeware As A Service

ForAllSecure

OCTOBER 25, 2022

With ransomware, attackers encrypt an organization's data and hold it hostage until a ransom is paid. Once attackers receive payment, they are supposed to share a decryption key, enabling victims to recover their data. In early 2022, the Russian government cracked down on several ransomware organizations, including Re-Evil.

Ransomware

Ransomware Encryption Cybercrime Government

IoT Devices a Huge Risk to Enterprises

eSecurity Planet

JULY 22, 2021

It’s gained more momentum in recent weeks with the Department of Defense and the Biden Administration , in reaction to such high-profile attacks as those on SolarWinds , Colonial Pipeline and Kaseya , urging government agencies and private companies to adopt a zero-trust architecture. ” Most Devices Communicate in Plaintext.

IoT

IoT Risk Architecture Manufacturing

‘A lot of late nights’: Zoom’s compliance chief reflects on the year that was the pandemic

SC Magazine

MARCH 19, 2021

Among them, the discovery that the app was not end-to-end encrypted as advertised, and that between 2018 and 2019, a “ZoomOpener” webserver module was installed on Macs that bypassed Apple’s security. How were differing demands across industries (government versus business versus consumer) managed all within a pretty short window?

Advertising

Advertising Education Media Encryption

The first anniversary of the GDPR: How a risk-based approach can help you achieve GDPR compliance

Thales Cloud Protection & Licensing

JULY 11, 2019

The GDPR applies to businesses that collect and use personal information from citizens of the EU, regardless of where the business itself is located. The GDPR’s four main areas of focus are: Privacy rights, Data security, Data control and Governance. Encryption and pseudonymization. What does the GDPR require?

Risk

Risk Encryption Accountability Government

APT trends report Q2 2023

SecureList

JULY 27, 2023

Chinese-speaking activity ToddyCat, a sophisticated threat actor, continues to operate in Asia, targeting government entities in Malaysia, Thailand and Pakistan. We now have better visibility into the group’s tactics, particularly in the areas of lateral movement, data collection and exfiltration.

Malware

Malware Government Phishing Social Engineering

Best DevSecOps Tools

eSecurity Planet

MARCH 17, 2022

The Veracode Application Analysis Platform includes a dual focus on developer enablement and AppSec governance to help clients secure software through each stage of the software development lifecycle. Kibana is a free GUI for organizations working with Elastic’s ELK stack for analyzing and visualizing data from nearly any source.

Penetration Testing

Penetration Testing Software Risk Firewall

‘Unpacking’ technical attribution and challenges for ensuring stability in cyberspace

SecureList

JUNE 20, 2022

within network activity logs collected by the Internet Service Provider (ISP), etc.). Below are some examples of the type of data collected and strategies of collection and analysis during the technical attribution process. On the other hand, new capabilities are offered to defenders in response.

Energy and Utilities

Energy and Utilities Data collection Malware Cybersecurity

China’s Olympics App Is Horribly Insecure

Apple Mail stores parts of encrypted emails in plaintext DB

Webinars

Trending Sources

5G Security

Webinars

GUEST ESSAY: Threat hunters adapt personas, leverage AI to gather intel in the Dark Web

What’s in the NIST Privacy Framework 1.1?

Privacy predictions 2022

Critical Success Factors to Widespread Deployment of IoT

Should You Block ISP Tracking?

TikTok Surreptitiously Collected Android User Data Using Google-Prohibited Tactic

How to Manage IAM Compliance and Audits

Defining Good: A Strategic Approach to API Risk Reduction

Volt Typhoon Disrupts US Organizations, CISA Issues Alerts

Building a foundation of trust for the Internet of Things

Knock, Knock; Who’s There? – IoT Device Identification & Data Integrity Is No Joke

Understanding the Different Types of Audit Evidence

Supply Chain Security 101: An Expert’s View

Judging Facebook's Privacy Shift

Targeted attack on industrial enterprises and public institutions

Quad9 to move offices to Switzerland, invites other privacy-focused firms to follow

How we can secure the future of healthcare and telemedicine

TOP 10 unattributed APT mysteries

How to prepare for the California Consumer Privacy Act

Cybersecurity Outlook 2022: Third-party, Ransomware and AI Attacks Will Get Worse

The Ultimate Guide to Excelling in Your External Audit: 5 Proven Strategies

What happened in privacy in 2022

Indicators of compromise (IOCs): how we collect and use them

Education Sector has Seen a 44% Rise in Cyber Attacks Since 2021

Happy 13th Birthday, KrebsOnSecurity!

A Pandora's Box: Unpacking 5 Risks in Generative AI

A Pandora’s Box: Unpacking 5 Risks in Generative AI

34 Most Common Types of Network Security Protections

The Role of Data Protection Officer (DPO) in GDPR Compliance

Sipping from the Coronavirus Domain Firehose

What Is Hybrid Cloud Security? How it Works & Best Practices

Common TTPs of attacks against industrial organizations

Mystic Stealer

Data collection cheat sheet: how Parler, Twitter, Facebook, MeWe’s data policies compare

The Hacker Mind Podcast: Crimeware As A Service

IoT Devices a Huge Risk to Enterprises

‘A lot of late nights’: Zoom’s compliance chief reflects on the year that was the pandemic

The first anniversary of the GDPR: How a risk-based approach can help you achieve GDPR compliance

APT trends report Q2 2023

Best DevSecOps Tools

‘Unpacking’ technical attribution and challenges for ensuring stability in cyberspace

Stay Connected