British regulators ruled that Amex sent 4 million nuisance emails to opted-out customers.
Read More
The post American Express Fined for Sending Millions of Spam Messages appeared first on Malware Devil.
The post SecTor appeared first on Malware Devil.
The post SecTor appeared first on Malware Devil.
Most people focus on the patch, check that box but they forget the other side of the coin. How do they make sure a bad actor isn’t still in their network?
Segment Resources:
https://site.tanium.com/rs/790-QFJ-925/images/Tanium_SolutionPaper_DistributedWorkforce_FINAL.pdf
https://site.tanium.com/rs/790-QFJ-925/images/PB-Patch.pdf
This segment is sponsored by Tanium.
Visit https://securityweekly.com/tanium to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw218
The post Simplify & Accelerate Patch Management – Chris Hallenbeck – BSW #218 appeared first on Malware Devil.
Apple has released several updates for iPhones, iPads, Apple Watches, and Macs earlier today (May 24). More details are available on the Apple Security Updates website.
Security Update 2021-003 (macOS Catalina)
Security Update 2021-004 (macOS Mojave)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More
The post Apple May 2021 Security Updates, (Mon, May 24th) appeared first on Malware Devil.
The post User Label Leakage from Gradients in Federated Learning appeared first on Malware Devil.
Digital data is everywhere, you only have to look at how much data is transmitted over the internet on a weekly, daily, hourly, or even second-by-second basis to understand just how much data is being shared. In fact, at the start of 2020, the amount of data in the world was estimated to be 44 zettabytes. Given how much data is created every day, pundits predict that this will likely increase to 175 zettabytes by 2025.
As employees and businesses, we are constantly sharing information. Likewise, the number and variety of entities and individuals we share that information with has grown exponentially. No longer is this simply restricted to the perimeter of our own businesses, but it now extends to partners, suppliers, customers, prospects, and influencers around the globe.
Consequently, the challenge for most organizations now is: how do we share data safely and securely?
The good news is that there is more regulation to govern data, requiring organizations to protect it from unauthorized access. However, the bad news is that there are also more data breaches occurring. And if your data is vulnerable to cybercriminals or even to human error, unfortunately you need to be prepared to pay. According to a study by IBM, the average cost of a data breach is now estimated at $3.92 million.
Layer on top of this the fact that remote working has become a permanent reality for many organizations, with employees needing to securely collaborate from anywhere, and you can quickly appreciate how the risk is escalating with this extended attack surface.
However, it is challenging to find a solution that is capable of handling file sharing or the secure sharing of confidential information on a regular basis. Often it can be hard to trace what happens to that information after it has been shared, or to identify whether the information should be shared in the first place.
Organizations must therefore implement the appropriate measures to prevent unauthorized access to sensitive, and confidential information, and to prevent accidental loss, or the deletion of any confidential data. This is where UK public sector organizations make it easier for employees to understand what constitutes confidential information which needs to be protected, as most have some form of Protective Marking System in place which highlights the sensitivity of the information and what action employees need to take.
However, private sector organizations don’t typically have such policies in place and often this can leave employees unsure about what constitutes sensitive or confidential information. It is therefore important that organizations look to establish a culture of security whereby employees are educated and trained on how to appropriately classify, handle, transfer, and delete any such data. And of course, that they have the right tools and technology to enable them to do this, efficiently, proactively, and securely.
In deciding the most appropriate way to do this and the level of security required, organizations should take a risk-based approach in determining appropriate measures. For example, when sharing confidential information, the employee must ensure the recipient of the information understands the purpose for which the information is being shared and the circumstances under which it may or may not be shared with others. They also need to ensure that any further handling of the information is secure. This applies whether it is being shared with someone inside or outside the organization.
When dealing with external parties, businesses need to understand what data partners will need access to and why, and ultimately what level of risk this poses. Likewise, they need to understand what controls such parties have in place to safeguard data and protect against incoming and outgoing cyber threats. This needs to be monitored, logged, and regularly reviewed, and a baseline of normal activities between the organization and the external party should be established.
Here at HelpSystems we advocate taking a layered approach to data security that starts with understanding and classifying your data and identifying what information needs to be protected. Here Data classification tools are critical to ensure that sensitive data is appropriately treated, stored, and disposed of during its lifetime in accordance with its importance to the organization. Through appropriate classification this protects the organization from the risk of sensitive data being exposed.
But inevitably, employees will accidentally send sensitive data to the wrong person, or transfer an otherwise “safe” document that contains hidden metadata that could compromise the organization. Any number of scenarios can put an organization at risk unless they have a solution in place to detect and sanitize data in real time, before a breach occurs. Therefore, organizations need to detect and prevent data leaks and this means ensuring that documents uploaded and downloaded from the web are thoroughly analyzed. To do this effectively, they need an integrated Data Loss Prevention (DLP) solution that can remove risks from email, web, and endpoints, yet still allows the transfer of information to occur.
After you’ve ensured your data is identified and classified, scrubbed of potentially sensitive data, and approved for sending by authorized users, it needs to be sent or transferred securely. This can be achieved by email encryption or, where there are large volumes of data through a managed file transfer (MFT) solution.
And finally, to secure confidential data whenever and wherever it travels, Digital Rights Management software provides organizations with the ability to track, audit, and revoke access at any time by encrypting the data with a unique key that is secured via a cloud platform.
Layering data security solutions is a proactive approach to protecting your confidential and sensitive information. Data security is only as robust as the various elements that support it. Tiering proven solutions to ensure your sensitive data remains secure from start to finish will help you to avoid any data compromise – and the financial and reputational costs that go with it.
If you are interested in finding out more about specific use cases around best practice for sharing sensitive data, please download our guide.
On-Demand Webinar: How to Protect Confidential Information in Transit
Solution: Data Loss Prevention
The post Best Practice Steps for Safe Data Sharing appeared first on Security Boulevard.
The post Best Practice Steps for Safe Data Sharing appeared first on Malware Devil.
A WordPress reservation plugin has a vulnerability that allows unauthenticated hackers to access reservation data stored by site owners.
Read More
The post Restaurant Reservation System Patches Easy-to-Exploit XSS Bug appeared first on Malware Devil.
And the winner of The Edge’s May cartoon caption contest is …
The post Cartoon Caption Winner: Magic May appeared first on Malware Devil.
And the winner of The Edge’s May cartoon caption contest is …
The post Cartoon Caption Winner: Magic May appeared first on Malware Devil.
Our May cartoon caption contest has come to a close. Congratulations goes to The Edge reader “RamonSouza” for his winning caption, below. A $25 Amazon gift card is on the way.
Second place, and a $10 Amazon card, goes to “iParanoid” for the caption: “He keeps saying the magic words are “deep packet inspection.”
Congratulations to our winners! Our June contest goes up next week.
John Klossner has been drawing technology cartoons for more than 15 years. His work regularly appears in Computerworld and Federal Computer Week. His illustrations and cartoons have also been published in The New Yorker, Barron’s, and The Wall Street Journal.
Web site: … View Full Bio
Recommended Reading:
Comment |
Print |
More Insights
The post Cartoon Caption Winner: Magic May appeared first on Malware Devil.
This week in the AppSec News segment, Mike and John talk: HTTP bug bothers IIS, Android platform security, supply chain security (new and old), brief (very brief) history of browser security, & more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw152
The post IIS Bug, Browsers & Androids & Supply Chains Oh My! – ASW #152 appeared first on Malware Devil.
The long-time intelligence analyst was accused of inappropriately handling documents related to national security.
The post Former FBI Employee Indicted for Taking Documents Home appeared first on Malware Devil.
The long-time intelligence analyst was accused of inappropriately handling documents related to national security.
The post Former FBI Employee Indicted for Taking Documents Home appeared first on Malware Devil.
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Bug Report
Keystone 5 is an open source CMS platform to build Node.js applications. This security advisory relates to a newly discovered capability in our query infrastructure to directly or indirectly expose the values of private fields, bypassing the configured access control. This is an access control relat…
CVE-2021-29300
PUBLISHED: 2021-05-24
The @ronomon/opened library before 1.5.2 is vulnerable to a command injection vulnerability which would allow a remote attacker to execute commands on the system if the library was used with untrusted input.
CVE-2021-32629
PUBLISHED: 2021-05-24
Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-independent intermediate representation into executable machine code. There is a bug in 0.73 of the Cranelift x64 backend that can create a scenario that could result in a potential sandbox escape in a…
CVE-2021-33502
PUBLISHED: 2021-05-24
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.
CVE-2019-12348
PUBLISHED: 2021-05-24
An issue was discovered in zzcms 2019. SQL Injection exists in user/ztconfig.php via the daohang or img POST parameter.
The post Former FBI Employee Indicted for Taking Documents Home appeared first on Malware Devil.
Affected data includes names, birthdates, contact information, passport details, and credit card data, the airline reports.
The post Air India Confirms Data of 4.5M Travelers Compromised appeared first on Malware Devil.
Affected data includes names, birthdates, contact information, passport details, and credit card data, the airline reports.
The post Air India Confirms Data of 4.5M Travelers Compromised appeared first on Malware Devil.
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Bug Report
Keystone 5 is an open source CMS platform to build Node.js applications. This security advisory relates to a newly discovered capability in our query infrastructure to directly or indirectly expose the values of private fields, bypassing the configured access control. This is an access control relat…
CVE-2021-29300
PUBLISHED: 2021-05-24
The @ronomon/opened library before 1.5.2 is vulnerable to a command injection vulnerability which would allow a remote attacker to execute commands on the system if the library was used with untrusted input.
CVE-2021-32629
PUBLISHED: 2021-05-24
Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-independent intermediate representation into executable machine code. There is a bug in 0.73 of the Cranelift x64 backend that can create a scenario that could result in a potential sandbox escape in a…
CVE-2021-33502
PUBLISHED: 2021-05-24
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.
CVE-2019-12348
PUBLISHED: 2021-05-24
An issue was discovered in zzcms 2019. SQL Injection exists in user/ztconfig.php via the daohang or img POST parameter.
The post Air India Confirms Data of 4.5M Travelers Compromised appeared first on Malware Devil.
Industrial control systems (ICS) have been the target of countless cyberattacks in recent years. Some of these attacks have an extortion goal in mind, while others seem to be nothing more than a test to see if the attacker is able to access and disrupt systems. As malicious actors become more clever in their tactics,..
The post Is There Hope for ICS and Supply Chain Security? appeared first on Security Boulevard.
The post Is There Hope for ICS and Supply Chain Security? appeared first on Malware Devil.
The FBI reported complaints concerning online scams and investment fraud have now reached a record-breaking level. The FBI’s Internet Crime Complaint Center (IC3) received its six millionth complaint on May 15, 2021. It took nearly seven years for the IC3 to log its first million complaints, but only 14 months to add the most recent..
The post FBI Logs Rapid Increase in Email Scams, Investment Fraud appeared first on Security Boulevard.
The post FBI Logs Rapid Increase in Email Scams, Investment Fraud appeared first on Malware Devil.
In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...
