Fragmentation and aggregation attacks (FragAttacks) are WLAN vulnerabilities discovered by Mathy Vanhoef, who created this webpage to provide more information about them. Three of these vulnerabilities are 802.11 specification design flaws, and they are probably as old as the 802.11 specification itself. Aggregation was added in 802.11n, which means this vulnerability has been in the design for over 10 years. Nine of these vulnerabilities are implementation flaws.

If Ben Franklin lived today, he would add cyber threats to his shortlist of life’s certainties. For decades, bad guys have inflicted malware, theft, espionage, and other forms of digital pain on citizens of the modern world. They seek money, celebrity, and political secrets, and often get them. In 2020, hackers halted trading on the New Zealand stock exchange with a distributed denial of service (DDoS) attack.

Cloud computing is an integral part of most businesses globally. Technology has transformed the way businesses operate and thrive in the industry. However, the cloud industry has been facing huge challenges when it comes to complying with various data protection and data privacy standards. With the enforcement of the General Data Protection Regulation (GDPR), a lot has changed for most businesses.

At its core, HIPAA compliance is simply about maintaining patient privacy by ensuring the appropriate access to and use of patient data by your users. Electronic Health Record (EHR) solutions provide detail around when patient data is accessed, but without visibility into what users do with sensitive patient data after they access it, the risk of data breaches, compliance violations, and the investigations, fines, and reputational damage that comes with them, is significantly increased.

In order to understand how to report a data breach, we first have to know what a data breach actually is. Under the GDPR, a personal data breach is “the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.” This covers a wide range of scenarios, some of which might be surprising. The following would all be considered as data breaches under the GDPR.

What is Data Safety, why is it important, and how do you go about designing into the foundations of your data environment? When you see the phrase "Data Safety", the chances are you think of Data Security. Most people do. What is far less likely is that you think of the other two pillars of Data Safety: Data Privacy and Data Governance. Clearly, all three pillars overlap.

Reduced costs, new revenue streams, greater customer trust and new markets The best data privacy programmes are granular. They assess the root of every data source, the nuances of every data use and the specifics of every way in which data is stored and shared. From that finite visibility, liabilities can be identified and appropriate remedies put in place that carefully balance the demands of the data subjects with the needs of the business.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. This first article makes a really good point of pointing out how ludicrous the apathy to tighten exposed service is. The cloud providers have done a lot to make it obvious vulnerable services are exposed, but no, people still can’t or ignore such advice. Is it lack of capability? Ignorance? Cost cutting? Maybe all of them.

Back in March, a hacking group known as DarkSide began a campaign on Colonial Pipeline’s IT network and billing systems. On May 7th, Colonial publicly announces the attack, shuts down servers and some pipelines and pays DarkSide $4.4M in ransom. On May 12th, Colonial restores operations and announces fuel delivery timelines amidst panic buying at gas stations.

COVID-19 contact tracing and personal cloud apps, what could possibly go wrong? A recent federal lawsuit, filed against the state of Pennsylvania and a vendor contracted by the state’s Department of Health, provides an interesting answer. The vendor in question was contracted “to provide contact tracing and other similar services” following the outbreak of COVID-19 in March 2020.