Consent to gather data is a "misguided" solution, study reveals

When researchers from the University of Pennsylvania's Annenberg School for Communication conducted a survey to see if "informed consent" practices are working online with regard to user data gathering, the results revealed weaknesses in a framework that, for decades, has served as the basis for...

Cyber Security Managed Services 101

MSP partnerships are growing in line with rapid cloud migration and the evolving threat landscape. Discover how an MSP can help your business and tips for making an informed partner decision...

Center for Threat-Informed Defense, Microsoft, and industry partners streamline MITRE ATT&CK® matrix evaluation for defenders

The MITRE Center for Threat-Informed Defense, Microsoft, and other industry partners collaborated on a project that created a repeatable methodology for developing a top MITRE ATT&CK® techniques list. The method aims to facilitate navigation of the ATT&CK framework, which could help new defenders...

Privacy Violating COVID Tests

A good lesson in reading the fine print: Cignpost Diagnostics, which trades as ExpressTest and offers £35 tests for holidaymakers, said it holds the right to analyse samples from seals to "learn more about human health" -- and sell information on to third parties. Individuals are required to give...

MITRE ATT&CK® mappings released for built-in Azure security controls

The Security Stack Mappings for Azure research project was published today, introducing a library of mappings that link built-in Azure security controls to the MITRE ATT&CK® techniques they mitigate against. Microsoft once again worked with the Center for Threat-Informed Defense and other Center...

MITRE ATT&CK® mappings released for built-in Azure security controls

The Security Stack Mappings for Azure research project was published today, introducing a library of mappings that link built-in Azure security controls to the MITRE ATT&CK® techniques they mitigate against. Microsoft once again worked with the Center for Threat-Informed Defense and other Center...

Center for Threat-Informed Defense teams up with Microsoft, partners to build the ATT&CK® for Containers matrix

The MITRE ATT&CK® for Containers matrix was published today, establishing an industry knowledge base of attack techniques associated with containerization and related technologies that are increasingly more ubiquitous in the current computing landscape. Microsoft is happy to have contributed and...

Changes to Cisco Talos’ Content and Threat Category lists

Cisco Talos is happy to announce the upcoming changes to our Content and Threat Category lists. Our goal is to provide you with sufficient intelligence details to allow you to make informed decisions to protect your network without disrupting your organization’s productivity. These changes will...

onelogistics.pl Improper Access Control vulnerability OBB-1362894

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

zeep.kr Cross Site Scripting vulnerability OBB-1352325

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Industry-wide partnership on threat-informed defense improves security for all

MITRE Engenuity’s Center for Threat-Informed Defense has published a library of detailed plans for emulating the threat actor FIN6 which Microsoft tracks as TAAL, a collection of threat intelligence, MITRE ATT&CK data, supporting scripts, and utilities designed to enable red teams to emulate the...

Experian South Africa Suffers Data Breach Affecting Millions; Attacker Identified

The South African arm of one of the world's largest credit check companies Experian yesterday announced a data breach incident that exposed personal information of millions of its customers. While Experian itself didn't mention the number of affect customers, in a report, the South African Bankin...

diamero.no Cross Site Scripting vulnerability OBB-1256006

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Cybersecurity labeling scheme introduced to help users choose safe IoT devices

The Internet of Things IoT is a term used to describe a wide variety of devices that are connected to the Internet to improve user experience. For example, a doorbell becomes part of the IoT when it connects to the Internet and allows users to see visitors outside their door. But the way in which...

Threat hunting: Part 1—Why your SOC needs a proactive hunting team

Cybersecurity can often feel like a game of whack-a-mole. As our tools get better at stopping one type of attack, our adversaries innovate new tactics. Sophisticated cybercriminals burrow their way into network caverns, avoiding detection for weeks or even months, as they gather information and...

The Concept of "Return on Data"

This law review article by Noam Kolt, titled "Return on Data," proposes an interesting new way of thinking of privacy law. Abstract: Consumers routinely supply personal data to technology companies in exchange for services. Yet, the relationship between the utility U consumers gain and the data D...

Facial Recognition is Here: But Are We Ready?

When MacKenzie Fegan was boarding her morning flight to Mexico City last Wednesday, she noticed something odd at her gate at the JFK International Airport. Instead of a JetBlue employee scanning her boarding pass or taking a look at her passport, she – and other passengers at the gate – was...

Is Privacy Really iPhone? Researchers Weigh in on Apple's Targeted Ad Tracking

Apple has a consistent track record of implementing privacy controls, which it has been touting via a series of saturating “Privacy? That’s iPhone” television ads. Yet, though it may be deservedly capitalizing on the increasing privacy-consciousness of consumers out there and the negative headlin...

RSAC 2019: An Antidote for Tech Gone Wrong

SAN FRANCISCO – Tech innovation can move faster than its own good might dictate, often leaving the public interest as an afterthought. Take, for example, hot-button topics such as artificial intelligence, network neutrality and social network user privacy – and consider the ensuing debates. The...

US Postal Service Left 60 Million Users Data Exposed For Over a Year

The United States Postal Service has patched a critical security vulnerability that exposed the data of more than 60 million customers to anyone who has an account at the USPS.com website. The U.S.P.S. is an independent agency of the American federal government responsible for providing postal...