#DataProtection

Case Study: The Cookie Privacy Monster in Big Global Retail

by

January 16, 2024 at 06:51AM Reflectiz, a website security company, rescued a major retail client from non-compliance fines due to misconfigured cookie tracking. Despite being unintended, the client risked substantial penalties under GDPR. Reflectiz’s advanced exposure management solution detected 37 unauthorized cookie injections and facilitated timely corrective action, emphasizing the importance of continuous monitoring and … Read more

Ransomware protection deconstructed

by

January 15, 2024 at 03:55AM Rubrik has selected the top 12 must-see demos of their products, available on demand. The demos cover various aspects, such as reducing complexity, data protection, integrations, and handling data fragmentation. The increasing digital information creates risks, making Rubrik’s data protection management approach valuable. Access The 12 Days of Demos for … Read more

Build Cyber Resilience with Distributed Energy Systems

by

January 11, 2024 at 01:06PM The research by Trend Micro focuses on assessing the security vulnerabilities in Distributed Energy Generation (DEG) systems, particularly in solar devices. The study found significant concerns in communication modules and inverters, including issues with passwords, remote shutdown, firmware updates, and data sovereignty. These vulnerabilities pose risks to energy grid stability … Read more

Kenyan Issues New Guidance for Protecting Personal Data

by

January 11, 2024 at 10:36AM Kenya’s Office of the Data Protection Commissioner released new guidance notes for data protection in education, communications, and digital credit sectors, as well as a general guide for processing health data. The Data Protection Act, enacted in 2019, has led to significant enforcement, with fines issued for violations. Awareness efforts … Read more

Finland warns of Akira ransomware wiping NAS and tape backup devices

by

January 11, 2024 at 10:16AM NCSC-FI warns of increased Akira ransomware attacks in December, targeting Finnish companies and wiping backups. The attacks exploited a vulnerability in Cisco VPNs, allowing unauthorized access to networks. The agency advises switching to offline backups and updating Cisco ASA and FTD to prevent further attacks. They emphasize the need for … Read more

Adapting Security to Protect AI/ML Systems

by

January 10, 2024 at 01:09PM AI/ML libraries increase attack surfaces, requiring advanced security measures beyond traditional IT capabilities. Based on the meeting notes, the key takeaway is that AI/ML libraries create larger attack surfaces, and traditional IT security lacks some essential capabilities to protect them effectively. Full Article

Path Traversal Bug Besets Popular Kyocera Office Printers

by

January 9, 2024 at 04:27PM A printer bug in unsegmented IT networks has the potential to cause severe issues. Based on the meeting notes, it appears that there is a concern about the potential impact of a printer bug in IT networks that lack proper segmentation. This suggests the possibility of significant consequences stemming from … Read more

Executing Zero Trust in the Cloud Takes Strategy

by

January 9, 2024 at 12:38PM Zero-trust architecture is crucial for cloud cybersecurity, requiring specialized planning for proper implementation. Based on the meeting notes, the key takeaway is that zero-trust architecture is critical for cloud cybersecurity, but it requires specialized planning for proper implementation. Full Article

Continuity in Chaos: Applying Time-Tested Incident Response to Modern Cybersecurity

by

January 9, 2024 at 10:12AM At Blackhat 2004, the founder of Red Cliff Consulting presented on “The Evolution of Incident Response,” addressing challenges like increasing attack complexity, evolving response methodologies, and the need for pre-incident preparation. Despite technological advancements, core incident response principles remain the same. Issues like email, patching, and human error persist. Three … Read more

It’s Time to Close the Curtain on Security Theater

by

January 9, 2024 at 10:05AM The text discusses the concept of security theater in cybersecurity, criticizing the superficial measures and controls implemented by organizations. It highlights the detrimental effects of security theater and provides recommendations to shift focus towards proactive risk mitigation, including conducting risk assessments, prioritizing security enhancements, and implementing cyberattack prevention strategies. Key … Read more