You have likely heard of the General Data Protection Regulation (GDPR), and you probably refer to this standard whenever the topic of privacy and data processing arises. But what about outside of the EU? The Office of the Privacy Commissioner of Canada (Commissariat à la protection de la vie privée du Canada) has a twitter account that shares information regarding privacy and an individual’s rights in Canada.
In recent years, various attacks have been performed to highlight security concerns about evolving smart cars. In particular, remote hacks took a lot of attention in 2015 when two security researchers hijacked the car’s infotainment system and demonstrated how to manipulate smart car functions. Such attacks elevate the risks associated with the smart car systems and indicate that there have to be diligent measures taken before rolling out these vehicles on the road.
Digital attackers are sending around love-themed malicious emails in an attempt to infect recipients with the Nemty ransomware. If you’ve been kicking around in the world of IT security for more years than you’d like to admit, then you’ll surely remember the ILOVEYOU virus (also known as the “Love Bug” or “Loveletter”).
What is red teaming? How is it different from conventional penetration testing? Why do we need blue, red, and white teams? How are cyber-drills carried out, and what results should be expected? In this article, we will answer these and other questions related to red teaming.
The United States’ National Security Agency (NSA) has put together a short guidance document on mitigating vulnerabilities for cloud computing. At only eight pages, it is an accessible primer for cloud security and a great place to start before taking on something like the comprehensive NIST 800-53 security controls.
During the past year, we have witnessed significant data breaches that have impacted industries ranging from hospitality to legal to social media. We have seen a continuation of financially motivated threats, such as business email compromise (BEC), which continue to plague corporate bank accounts. Ransomware has brought multiple cities, schools and universities to their knees, earning threat actors significant funds.
The climb is getting steeper, but thanks to hard work, vision and insight are much keener. At ML:4, all assets are scanned by a combination of agent and remote scans on a normal cadence. This will generate a lot of data dictated by threat and patch priority. Thousands of new vulnerabilities are released each year, and no company or product can detect all of them. Organizations must prioritize their coverage of vulnerabilities that they determine will have the biggest impact.
If you want to become a digital forensic expert, be aware that when entering the field, you will be presented with an abundance of information that you will not know. It is a wonderfully challenging career path. Some believe that having the title of a cybersecurity professional (e.g. digital forensics expert, cybersecurity analyst, incident response commander, etc.) means that this is an area where the field of knowledge is intimidating because it’s so expansive.
One thing I have noticed is that each industry comes up with their own terms and acronyms. Unfortunately, these inventions often vary depending on the person you speak to due to a lack of a governing body that decides on an exact definition. At times, acronyms can even overlap, causing further confusion. Therefore, when it comes to definitions, I always look to ask a variety of persons from across industries on how they would define certain terms.
Over 10 million people who have stayed at MGM Resorts hotels – including Twitter boss Jack Dorsey and pop idol Justin Bieber – have had their personal details posted online by hackers. The security breach, publicised by ZDNet and security researcher Under the Breach, saw the records of 10,683,188 former guests – including names, postal addresses, phone numbers, dates of birth, and email addresses – made available in an online data dump.
