New EU Privacy Law May Weaken Security

Companies around the globe are scrambling to comply with new European privacy regulations that take effect a little more than three months from now. But many security experts are worried that the changes being ushered in by the rush to adhere to the law may make it more difficult to track down cybercriminals and less likely that organizations will be willing to share data about new online threats. On May 25, 2018, the General Data Protection Regulation (GDPR) takes effect. The law, enacted by the European Parliament, requires technology companies to get affirmative consent for any information they collect on people within the European Union. Organizations that violate the GDPR could face fines of up to four percent of global annual revenues.
Read more

How a Bitcoin phishing gang made $50 million with the help of Google AdWords

A cybercrime gang based in Ukraine is estimated to have made as much as $50 million after tricking Bitcoin investors into handing over the login credentials for their online wallets. The post How a Bitcoin phishing gang made $50 million with the help of Google AdWords appeared first on The State of Security.
Read more

Overcoming the Blame Game – Improving Security without Destroying Careers

Today, I was sitting in an awesome class being held at @BSidesHSV, and it got me thinking. The class entitled “Fundamentals of Routing and Switching for Blue and Red Teams” put on by @paulcoggin was a deep dive into layer 2 and layer 3 configurations and possible means of compromise. The content was outstanding, and … Read More The post Overcoming the Blame Game – Improving Security without Destroying Careers appeared first on The State of Security.
Read more

Integrate Your Ticketing System into Database Security to Prevent DBA Privilege Abuse

Many of the recent high-profile data security breaches were made by trusted insiders. They are often database administrators (DBAs) who are highly privileged and trusted insiders with access to sensitive data. In this blog post, I will discuss the inherent risk introduced by highly privileged administrators who are required to support production databases, the challenge
Read more

Why Data Loss Prevention (DLP) Must Evolve for Modern Applications

The Economist effectively argues that “Data is the new Oil”. Most companies collect data that is important to their very survival and key to their competitive advantage. Losing this data has wide-ranging implications ranging from losing trust with customers, financial impact to the company, severe penalties by regulatory bodies, and losing competitive edge. Yet the technology solutions available are reactive and built for the pre-cloud era.Figure 1: A Modern EnterpriseThe above diagram illustrates the problem. A typical cloud application attracts thousands (maybe millions) of users, or connects to thousands (maybe millions) of IOT devices. Such an application may collect many different types of sensitive data, such as credit card numbers, social security numbers, blood pressure stats, heart rates, email addresses, passwords, account numbers, and more. The application likely has many outputs — other microservices, databases, logs, third party APIs, etc. Any number of individuals may have access to this data, including employees, contractors, and users — often because they need access to do their job or interact with the service, but sometimes because the organization doesn’t know that the data these individuals are given access to is sensitive or private.Traditional “Solutions” Are Not the AnswerTraditional technologies for protecting sensitive data — namely Data Loss...
Read more

Can Consumers’ Online Data Be Protected?

Everything online is hackable. This is true for Equifax's data and the federal Office of Personal Management's data, which was hacked in 2015. If information is on a computer connected to the Internet, it is vulnerable. But just because everything is hackable doesn't mean everything will be hacked. The difference between the two is complex, and filled with defensive technologies,...
Read more
Page 1 of 5812345...102030...Last »