A week in security (May 28 – June 3)

Last week on Labs, we talked about the significance of SEO poisoning in the world of search marketing, blackmail attempts against financial institutions in Canada, voice command flaws in smart assistants, survey and potential phishing scams on Instagram, and the latest changes in Office 365. We...

Leveraging Imperva Solutions for GDPR Compliance Part II: Pseudonymization

Down to the wire- the GDPR compliance deadline is here. It’s May 25 and the EU’s General Data Protection Regulation GDPR is live. As you know by now, the risk and potential costs associated with a failure to comply with the EU’s General Data Protection Regulation GDPR are substantial. GDPR...

GDPR Is Here:  Assess the Security Configurations of Your IT Systems

In prior installments of this GDPR compliance blog series, we’ve discussed the importance of key security practices such as IT asset inventory and vulnerability management. Today, we’ll focus on another core component for GDPR: policy compliance. As we’ve stated before, to comply with the EU’s...

GDPR Is Here: Assess Risk from Vendors and from Internal Teams

Organizations must manage risk from third parties such as contractors and suppliers, and from internal staffers and teams, as part of their compliance program for the EU’s General Data Protection Regulation GDPR. The need to manage vendor risk in particular is stressed repeatedly throughout the...

QSC 2018 Mumbai Finds Qualys at the Forefront of Digital Transformation Security

Qualys Security Conference 2018, held in Mumbai on May 10, fortified Qualys’ stand as the leader in securing Digital Transformation in the current global IT landscape. In his keynote, “Our Journey into the Cloud: The Qualys Platform and Architecture”, Qualys Vice President of Product Management...

Akamai CEO Leighton Calls Cybersecurity 'Fantastic Growth Engine'

Akamai CEO and co-founder Tom Leighton discusses the company's cybersecurity and data protection business. He speaks with Caroline Hyde from the Boston Institute of Contemporary Art on Bloomberg Technology. Source: Bloomberg...

CVE-2018-1135

An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL...

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 21, 2018

Not that I needed to the reminder, but the influx of emails with the subject line “Updates to our Privacy Policy” from companies that I deal with and some that I’ve never heard of! means that TODAY is the day! The General Data Protection Regulation GDPR has officially taken effect. Originally...

GDPR Compliance: Manage Procedural Risk Assessments with New GDPR Templates

The EU’s General Data Protection Regulation GDPR goes into effect today, imposing strict security requirements on any company worldwide that handles the personal data of EU residents. Qualys Security Assessment Questionnaire SAQ – a Qualys app that helps you with this type of procedural risk...

The vulnerability of Qualcomm Memory Protection in the Android operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of Qualcomm Memory Protection is related to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

See If You’re GDPR-Ready With Our Last-Minute Checklist

Time’s just about run out to get all your ducks in a row for the EU’s General Data Protection Regulation GDPR going into effect on May 25, and we’ve put together a little refresher toolkit to help you dot your Is and cross your Ts. Whether you’re planning on sticking to the new GDPR guidelines or...

What Will GDPR’s Impact Be On U.S. Consumer Privacy?

Will General Data Protection Regulation rules that go in effect on Friday impact the privacy of U.S. citizens? It depends who you ask, but the odds-on-favorite answer is “not by much.” The Facebook Cambridge Analytica scandal in March led to a firehose of rebuke against social media platforms,...

GDPR Is Here: Manage Vulnerabilities and Prioritize Threat Remediation

To provide the level of data protection required by the EU’s General Data Protection Regulation GDPR, your organization must continuously detect vulnerabilities, and prioritize their remediation. Why? An InfoSec team that’s chronically overwhelmed by its IT environment’s vulnerabilities and unabl...

Here's How to Download All the Data Apple Collects About You

Apple is making it easier for its users to download their data the company has collected about them so far. On Wednesday, Apple just launched a new Data and Privacy website that allows you to download everything that the company knows about you, from Apple ID info, device info, App Store activity...

Data classification and protection now available for structured data in SQL

This post is authored by Gilad Mittelman, Senior Program Manager, SQL Data Security. Data privacy and data security have become one of the most prominent topics in organizations in almost every industry across the globe. New regulations that formalize requirements are emerging around these topics...

GDPR Is Here: Achieve Superior Data Breach Prevention and Detection with Qualys

Turned into law in 2016, the EU’s General Data Protection Regulation GDPR finally goes into effect this week, slapping strict requirements on millions of businesses and subjecting violators to severe penalties. The complex regulation applies to any organization worldwide -- not just in Europe --...

Facebook, GDPR and the Right to Privacy: Three’s a Crowd?

Back in 2016 the European Union voted to pass the mother of all security laws, aimed at further extending the rights of its citizens to control how their data is used. The General Data Protection Regulation GDPR guards users against having their information shared without their explicit consent,...

Penetration Testing Requirements for GDPR

We get lots of people asking us what it is they need to have tested as a requirement for GDPR Compliance, so I've put this together to provide some clarity. This post is NOT a definitive guide to the General Data Protection Regulations. It is however, helpful, real world advice about what you...

72 Hours: Understanding the GDPR Data Breach Reporting Timeline

We're down to the wire with respect to the General Data Protection Regulation GDPR compliance deadline of May 25, 2018. Organizations that fail to comply could face fines of up to €20M roughly $22M or 4 percent of their annual global turnover from the prior year and we’ll soon see just how EU...

Use Windows Information Protection (WIP) to help make accidental data leakage a thing of the past

Have you always wished you could have mobile application management MAM on Windows? Now you can! Windows Information Protection WIP is an out-of-the box data leakage prevention feature for Windows 10 that can automatically apply protection for work files and data to prevent accidental data leakag...