Posted by Trevan Marden on May 25, 2018

GDPR (the General Data Protection Regulation) goes into effect today, May 25.  You’ve probably been receiving a stream of notifications from numerous companies announcing updated privacy policies or asking you to re-confirm your subscriptions to their email lists in light of the new regulations.  The regulation, adopted in 2016 in the EU and now going into effect, is intended to protect private party’s data and give EU citizens increased control over how their data is collected, used and stored. It’s important to recognize that the regulation does not apply only to businesses in EU member states, but to any organization who processes the personal data of EU citizens.

Posted by Trevan Marden on May 25, 2018

Grab your coffee and read up on today's top information security stories and articles from around the web:

• IP theft doesn’t always come from overseas - CSO
• More Than Half of Users Reuse Passwords - Dark Reading
• Macs Infected With New Monero-Mining Malware - Security Week
• Amazon confirms that Echo device secretly shared user’s private audio [Updated] - Ars Technica

Posted by Trevan Marden on May 24, 2018

Grab your coffee and read up on today's top information security stories and articles from around the web:

• Hackers infect 500,000 consumer routers all over the world with malware - Ars Technica
• FBI seizes domain Russia allegedly used to infect 500,000 consumer routers - Ars Technica
• Malware Attacks: A Tale of Two Healthcare Incidents - Healthcare Info Security
• Facebook is Beefing up Two-factor Authentication - Wired

Posted by Trevan Marden on May 23, 2018

Grab your coffee and read up on today's top information security stories and articles from around the web:

• New Spectre Variants Add to Vulnerability Worries - DarkReading
• Another Spectre-Like CPU Vulnerability - Schneier on Security
• Hackers steal PII and payment info of thousands of California residents in company breach - CyberScoop
• Sharing HIPAA Fines With Victims: Will It Ever Happen? - Healthcare Info Security

Posted by Trevan Marden on May 22, 2018

Grab your coffee and read up on today's top information security stories and articles from around the web:

• Greenwich University fined £120,000 for data breach - BBC
• Tech giants reveal new variant of Meltdown and Spectre vuln - CyberScoop
• Comcast is leaking the names and passwords of customers’ wireless routers - TechCrunch
• 'Roaming Mantis' Android Malware Evolves, Expands Targets - DarkReading

Posted by Miguel De Los Santos on May 21, 2018

Software patches provide a critical role beyond providing reminders to end users. Their purpose is to fix bugs and vulnerabilities that are present and to create a safer, more secure computing environment. Applying these patches is critical for organizations to reduce the risk of data breaches or compromise; however, due to the sheer number of patches or vulnerabilities that are found, it is often difficult for organizations with even moderately complex environments to perform this function.

Posted by Trevan Marden on May 21, 2018

Grab your coffee and read up on today's top information security stories and articles from around the web:

• The Chrome Browser's Website Security Warnings Are Changing - Forbes
• New Research Seeks to Shorten Attack Dwell Time - DarkReading
• A Location-sharing Disaster Shows How Exposed You Really Are - Wired
• T-Mobile Employee Made Unauthorized ‘SIM Swap’ to Steal Instagram Account - Krebs on Security

Posted by Trevan Marden on May 18, 2018

The Federal Financial Institutions Examination Council (FFIEC) provides cybersecurity standards and auditing for financial institutions and regulatory bodies including: The Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Consumer Financial Protection Bureau (CFPB).

Posted by Trevan Marden on May 18, 2018

Grab your coffee and read up on today's top information security stories and articles from around the web:

• Tracking Firm LocationSmart Leaked Location Data for Customers of All Major U.S. Mobile Carriers Without Consent in Real Time Via Its Web Site - Krebs on Security
• Noose Tightens Around Dark Overlord Hacking Group - Bank Info Security
• Get Ready for 'WannaCry 2.0' - DarkReading
• Cracking 2FA: How It's Done and How to Stay Safe - DarkReading

Posted by Trevan Marden on May 17, 2018

Grab your coffee and read up on today's top information security stories and articles from around the web:

• Oh, great, now there's a SECOND remote Rowhammer exploit - The Register
• Serbia Arrests FBI-sought Cybercrime Suspect - Security Week
• 25% of Businesses Targeted with Cryptojacking in the Cloud - DarkReading
• A software vulnerability could have been used to siphon over $15 million from Mexican banks - CyberScoop