HackDig : Dig high-quality web security articles

Google Broke Australian Law Over Location Data Collection: Court

Google violated Australian law by misleading users of Android mobile devices about the use of their location data, a court ruled Friday in a landmark decision against the global digital giant.The US company faces potential fines of "many millions" of dollars over the case, which was brought by the Australian Competition and Consumer Commission (ACCC), the re
Publish At:2021-04-16 07:31 | Read:119 | Comments:0 | Tags:NEWS & INDUSTRY Privacy Compliance Privacy & Complia

Irish Watchdog Opens Another Facebook Probe, Over Data Dump

Ireland’s privacy regulator said Wednesday it has opened an investigation into Facebook after data on more than 500 million users was reportedly found dumped online, in a suspected violation of strict European Union privacy rules.The Data Protection Commission said it decided to start investigating following “multiple international media reports” about the d
Publish At:2021-04-15 00:10 | Read:202 | Comments:0 | Tags:NEWS & INDUSTRY Privacy Compliance Privacy & Complia

Don’t Stop At ‘Delete:’ How Privacy Needs Are Shaping Data Destruction

It’s just part of the job: at some point in a device’s lifecycle, data must be destroyed. While deleting files may mean users and apps can’t access them, simple deletion isn’t enough to truly destroy the data. To be most effective, secure data destruction has to be complete. This is especially true when your organization needs to sta
Publish At:2021-04-14 17:26 | Read:114 | Comments:0 | Tags:Data Protection Compliance Data Data Privacy Privacy

MS Patch Tuesday: NSA Reports New Critical Exchange Flaws

Just weeks after a wave of major in-the-wild zero-day attacks against Exchange Server installations globally, Microsoft is raising a fresh alarm for four new critical security flaws that expose businesses to remote code execution attacks.The four new Exchange Server vulnerabilities were fixed as part of this month’s Patch Tuesday bundle and because of the se
Publish At:2021-04-13 16:50 | Read:142 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Priva

Unearthing the 'Attackability' of Vulnerabilities that Attract Hackers

Vulnerability management is largely about patch management: finding, triaging and patching the most critical vulnerabilities in your environment. Each aspect of this process presents its own problems. In 2020, more than 17,000 vulnerabilities were reported to NIST, and more than 4,000 of these were high priority. Knowing which of these affect you, where
Publish At:2021-04-12 13:25 | Read:78 | Comments:0 | Tags:Disaster Recovery Endpoint Security Network Security NEWS &a

Microsoft Open-Sources 'CyberBattleSim' Enterprise Environment Simulator

Microsoft this week announced the open source availability of Python code for “CyberBattleSim,” a research toolkit that supports simulating complex computer systems. Designed to help advance artificial intelligence and machine learning, the experimental research project was designed to aid in the analysis of how “autonomous agents operate in a simulated ente
Publish At:2021-04-09 14:58 | Read:123 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

SecureDrop Workstation Gets Post-Audit Security Refresh

The open-source SecureDrop Workstation has undergone a security makeover after a third-party security audit flagged multiple problems, including a high-risk bug that could allow an attacker to plant files on target machines.The SecureDrop Workstation audit, conducted by Trail of Bits and financed by the New York Times, warned that the high-risk directory tra
Publish At:2021-04-02 15:13 | Read:301 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Privacy Application Se

Role of Encryption in GDPR Compliance

Encryption has been a hot topic of discussion during the implementation phase of most data privacy laws. In the age where organizations are dealing with large volumes of data each day, the protection of this sensitive data is critical. The data, which is seen as a business-critical asset for organizations, should be protected against malicious hackers lookin
Publish At:2021-03-31 05:36 | Read:191 | Comments:0 | Tags:IT Security and Data Protection compliance data encryption G

Achieving Automated TISAX Compliance

Digital attackers are increasingly targeting the automotive industry. In its 2020 Automotive Cybersecurity Report, for instance, Upstream found that the number of annual automotive cybersecurity incidents had increased by 605% since 2016, with the number of incidents has doubled in 2019 alone. More than half (57%) of those security incidents involved cybercr
Publish At:2021-03-30 02:18 | Read:227 | Comments:0 | Tags:Regulatory Compliance compliance SCM supply chain

Vulnerability in 'netmask' npm Package Affects 280,000 Projects

A vulnerability in the netmask npm package could expose private networks and lead to a variety of attacks, including malware delivery.The newly identified issue (which is tracked as CVE-2021-28918) resides in the fact that the package would incorrectly read octal encoding, essentially resulting in the misinterpretation of supplied IP addresses.Designed to pa
Publish At:2021-03-29 15:00 | Read:245 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Audits Email Securit

New Code Execution Flaws In Solarwinds Orion Platform

Solarwinds has shipped a major security update to fix at least four documented security vulnerabilities, including a pair of bugs that be exploited for remote code execution attacks.The patches were pushed out Thursday as part of a minor security makeover of the Orion Platform, the same compromised Solarwinds product that was exploited in recent nation-state
Publish At:2021-03-25 15:56 | Read:177 | Comments:0 | Tags:Disaster Recovery Endpoint Security Network Security NEWS &a

ID.me Snags $100M in Series C Funding

Digital identity network play ID.me, Inc. has joined the growing list of cybersecurity unicorns after banking a new $100 million funding round that values the company at $1.5 billion.The Series C round was led by Viking Global Investors and included Counterpoint Global (Morgan Stanley), PSP Growth, Lead Edge Capital, CapitalG, WndrCo, Willoughby Capital, Box
Publish At:2021-03-23 17:05 | Read:267 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Application Security E

Facebook Fails in Bid to Derail $15 Bn Privacy Suit

The US Supreme Court on Monday declined to consider an appeal by Facebook that would have derailed a $15 billion lawsuit over whether it illegally tracked users about a decade ago.The nation's top court issued an order denying a request by the leading social network to review a California federal court's decision to allow the litigation accusing Facebook of
Publish At:2021-03-23 09:17 | Read:195 | Comments:0 | Tags:NEWS & INDUSTRY Privacy Compliance Privacy & Complia

Healthcare IoT Security Firm Cylera Closes $10 Million Series A Round

Healthcare IoT cybersecurity and intelligence provider Cylera today announced that it has raised $10 million in Series A funding. To date, the company has secured $17 million in funding.Founded in 2017 and headquartered in New York City, Cylera seeks to protect both healthcare organizations and patients, providing a security and analytics platform that aims
Publish At:2021-03-18 12:17 | Read:200 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Email Security Complia

Security vs. Compliance: What’s the Difference?

Security and compliance – a phrase often uttered in the same breath as if they are two sides of the same coin, two members of the same team or two great tastes that go great together.As much as I would like to see auditors, developers, and security analysts living in harmony like a delicious Reese’s cup, a recent gap analysis that I was part of reminded me t
Publish At:2021-03-17 06:02 | Read:176 | Comments:0 | Tags:IT Security and Data Protection Regulatory Compliance Risk-B