SEC security measures, or cyber enforcement actions, are powerful incentives for financial institutions to protect investments and data from theft and fraud.
The Consumer Data Protection Act (as outlined in the CDPA draft circulated in early November by Sen. Ron Wyden) might not send CEOs to jail, but it will certainly help protect Americans’ data.
Posted in Security Standards and Compliance | Comments Off on Don’t expect jailed CEOs, but Wyden at least puts consumer privacy on the table
California is all done with weak passwords.
On July 25, on his blog Krebs on Security, Brian Krebs covered a flaw in how LifeLock processed “unsubscribe” information related to its marketing activities. For those unfamiliar with LifeLock, it is a subsidiary of Symantec offering identity monitoring and protection services in the U.S. market. Brian outlined an issue impacting recipients of LifeLock marketing material who wished to opt out of further email communications by clicking on a “please remove me from this list” style link within the marketing material. Unfortunately, there was a flaw in that process that allowed anyone to discover email addresses associated with other users. In Symantec’s response, they indicate the issue was limited to the use of a third-party marketing platform used to process marketing communications, not the core LifeLock service, and that with the exception of the security researchers’ efforts, there was no indication of other access attempts. The areas we can all learn from With this as background, we can see several activities occurring here:
Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. Watch the episode below:
Another week, another list of data breaches resulting from vulnerabilities in third-party contractors for high-profile companies.
The Timehop breach disclosed 21 million individuals’ account information. And now we know what public disclosure of a breach might look like under GDPR.
It’s been quite an interesting few weeks in the land of data breach disclosures. We started with Under Armour disclosing a breach in their MyFitnessPal application that impacted 150 million users. A few days later, Lord & Taylor and Saks Fifth Avenue disclosed a breach impacting millions of their in-store shoppers. Later the same day, we learned that Panera Bread had been leaking private user details for its millions of online users for eight months. Three days later we had yet another breach disclosure from Delta Airlines and Sears Holdings, who were using third-party chat services from 7.ai. The 7.ai breach then expanded to include Kmart and Best Buy a few days later.
The newly ratified Singapore Cybersecurity Bill is Singapore’s answer to securing critical information infrastructure (CII) providers, minimizing threats from malicious actors. But now that the bill has been signed into law, analysts and practitioners alike are raising concerns about the high costs and logistic challenges of enforcing it.
Posted in Security Standards and Compliance | Comments Off on What you need to know about the Singapore Cybersecurity Bill
Securing the Internet of Things (IoT) seems like an endless reality version of “Mission Impossible”—really impossible. Many have tried—with lists of best practices and standards, exhortations, and warnings—but none has succeeded.