GDPR Phishing Scam Targets Apple Accounts, Financial Data

A phishing campaign targeting Apple users is attempting to trick victims into updating their profiles under the guise it’s a part of proactive security hardening prepping for the introduction of General Data Protection Regulation GDPR policies set to go into effect on May 25. The phishing...

The final compliance countdown: Are you ready for GDPR?

On May 25, the General Data Protection Regulation GDPR will replace the Data Protection Directive as the new standard on data privacy for all organizations that do business with European Union EU citizens.1When GDPR goes into effect, government agencies and organizations that control, maintain, o...

The Role of Sales & Channel in GDPR Compliance

As a part of our journey to General Data Protection Regulation GDPR compliance, we have looked across our business to ensure that all the different departments, employees and products are aligned with our compliance goals and have a solid understanding of the GDPR. Sales people and channel partne...

This Week in Security News: Zippy’s and Flynn

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, Hawaii-based restaurant Zippy’s suffered a POS data breach. In addition, Uber executive John Flynn argued that user expectations on data...

What HIPAA and Other Compliance Teaches Us About the Reality of GDPR

with contributing author, William J. Malik, CISA | VP, Infrastructure Strategies The date for General Data Protection Regulation GDPR compliance is just weeks away, yet many organizations, especially those outside Europe, remain unprepared. It turns out that the experiences from other privacy...

State-of-the-art Security: The role of technology in the journey to GDPR compliance

As we’ve discussed over the last 7 weeks in our video case study series, the General Data Protection Regulation GDPR impacts many different areas of our company, including our employees, customers, and partners. The GDPR also mandates the use of state-of-the-art security, which, as a leader in...

PROTECTING YOUR PRIVACY – Part 1: The Privacy Risks of Social Networks and Online Browsing

Most Americans today spend many of their waking hours online. In fact, we’re up to spending an average of five hours per day just on our mobiles. Much of this time is spent browsing the web or checking in, updating and sharing via our favorite social networks. There’s just one problem: unless you...

Don’t just add the Security “S” to your Managed Services

Expanding and putting more focus on your current security offerings is a great way to find new business opportunities. Adding the “S” is the easy part; just ask any managed service provider that views security as just a “checkbox” and offers one of the cheaper or RMM-integrated security offerings...

RSA 2018 recap: GDPR, Increasing Visibility and Transparency of Cloud Security

RSA 2018 is in the books! The event welcomed 42,000 attendees to San Francisco, including cybersecurity professionals, vendors, media, and analysts. The themes of visibility and transparency repeatedly came up in discussions and presentations as organizations grapple with ever-increasing data flo...

Security Trade-Offs in the New EU Privacy Law

On two occasions this past year I've published stories here warning about the prospect that new European privacy regulations could result in more spams and scams ending up in your inbox. This post explains in a question and answer format some of the reasoning that went into that prediction, and...

Microsoft Issues More Spectre Updates For Intel CPUs

Microsoft has released additional Windows 10 mitigations for the Spectre side-channel flaw revealed in January, with an expanded lineup of firmware microcode updates for Intel CPUs that include the Broadwell and Haswell chipsets. The company released two Windows Update packages addressing Spectre...

SA165: NTP Vulnerabilities February 2018

SUMMARY Symantec Network Protection products using affected versions of the NTP reference implementation from ntp.org are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to execute arbitrary code, modify the target's system time, prevent the target fro...

When Preparing for GDPR, Don’t Neglect Public Cloud Security

With organizations aggressively moving workloads to public cloud platforms, such as Amazon’s AWS, Google Cloud, and Microsoft’s Azure, protecting these environments is critical for compliance with the EU's General Data Protection Regulation GDPR. These public cloud platforms are being used to pow...

Customer data & marketing operations: Keeping your data safe on the journey to GDPR compliance

Emails. Web forms. Events. Oh my! These marketing tactics are all designed to gather, store, and evolve relationships with your prospects, customers, and partners. Often times, they are the first point of contact for your organization from the outside world—and they all feed into your marketing...

CVE-2018-2824

Affected product/component: Oracle Hospitality Simphony, Enterprise Management Console (EMC). Vulnerability details: A vulnerability exists in Simphony with affected versions 2.8, 2.9 and 2.10. It is exploitable by a low-privilege attacker who can access the system over HTTP, potentially compromi...

Oblivious DNS

Interesting idea: ...we present Oblivious DNS ODNS, which is a new design of the DNS ecosystem that allows current DNS servers to remain unchanged and increases privacy for data in motion and at rest. In the ODNS system, both the client is modified with a local resolver, and there is a new...

Indication of Compromise: Another Key Practice for GDPR Compliance

In this ongoing blog series on preparing for complying with the EU’s General Data Protection Regulation GDPR, we’ve explained the importance of having solid, foundational security practices like asset management and threat prioritization. Today, we’ll discuss how another such practice can help...

AMD Rolls Out Spectre Fixes

AMD said that CPU firmware and Windows 10 patches are now available to safeguard its products against the Spectre security flaw. Mark Papermaster, senior vice president and chief technology officer at AMD, said in a Tuesday post that Spectre fixes are available for AMD customers, who can download...

Sharing the Journey to GDPR Compliance

Customer data is everything at Trend Micro. As a global cybersecurity leader, protecting customer data is what we do for a living, which is why it’s important for us to put into practice what we talk to our customers about. As a demonstration of our commitment to protecting our millions of...

Dell EMC Avamar And Integrated Data Protection Appliance Invalid Access Control

Exploit Title: Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager Missing Access Control Vulnerability DSA-2018-025 Date: 24/11/2017 Exploit Author: SlidingWindow Vendor Homepage: https://store.Dell EMC.com/en-us/AVAMAR-PRODUCTS/Dell-DELL...