Data Privacy News

Zerodium now offers up to $500,000 for messaging app zero days

Latest topics for ZDNet in Security Aug 24, 2017 | 09:16 am

Facebook, iMessage, Telegram, and WhatsApp are among the apps the seller is keen to acquire vulnerabilities for.

Telstra launches Sydney cybersecurity centre

Latest topics for ZDNet in Security Aug 24, 2017 | 06:52 am

Telstra now has security operations centres live in Sydney, Melbourne, and Canberra, and is also launching its learning initiative to help businesses educate staff members on cybersecurity.

Suspect in Yahoo Breach Pleads Not Guilty

Dark Reading: Attacks/Breaches Aug 23, 2017 | 22:35 pm

Karim Baratov enters his plea in US Courts today, after waiving his extradition hearing in Canada last week.

Are federal agencies ready to bail on data centers?

FCW: The business of federal technology Aug 23, 2017 | 21:14 pm

High-level IT officials across several agencies are ready to say goodbye to on-premise infrastructure.

Unfilled DHS slots no barrier to border wall effort

FCW: The business of federal technology Aug 23, 2017 | 20:57 pm

Can the Department of Homeland Security focus on the border wall project without permanent leaders in key spots?

McCain slams slow pace of cyber policy

FCW: The business of federal technology Aug 23, 2017 | 20:36 pm

The chairman of the Senate Armed Services Committee wants to see the Trump administration move faster on implementing cybersecurity policy.

Phish Bait: DMARC Adoption Failures Leave Companies Exposed

Dark Reading: Attacks/Breaches Aug 23, 2017 | 19:24 pm

More than 90% of Fortune 500 companies leave customers and brand names vulnerable to domain name spoofing as a result of not fully implementing DMARC.

You deserve what you tolerate: Why companies must enforce security standards

Latest topics for ZDNet in Security Aug 23, 2017 | 18:55 pm

Companies that fail to enforce security policies must be prepared to handle the consequences.

72% of Government Agencies Hit with Security Incidents

Dark Reading: Attacks/Breaches Aug 23, 2017 | 18:30 pm

The cause of the incidents large fell on human error and employee misuse.

The Changing Face & Reach of Bug Bounties

Dark Reading: Attacks/Breaches Aug 23, 2017 | 18:00 pm

HackerOne CEO Marten Mickos reflects on the impact of vulnerability disclosure on today's security landscape and leadership.

The Changing Face & Reach of Bug Bounties

Dark Reading: Vulnerability Management Aug 23, 2017 | 18:00 pm

HackerOne CEO Marten Mickos reflects on the impact of vulnerability disclosure on today's security landscape and leadership.

Three vendors win SSA's $7.8 billion IT services contract

FCW: The business of federal technology Aug 23, 2017 | 14:40 pm

The Social Security Administration has selected CGI Federal, Leidos and Northrop Grumman for a potential 10-year, $7.8 billion contract for IT services.

Why You Need to Study Nation-State Attacks

Dark Reading: Attacks/Breaches Aug 23, 2017 | 14:30 pm

Want to know what attacks against businesses will look like soon? Examine nation-state attacks now.

Windows 10 tip: Keep your Microsoft account secure and private

Latest topics for ZDNet in Security Aug 23, 2017 | 14:00 pm

If you're signing in to Windows 10 with a Microsoft account, you can access important settings from an online dashboard. Here are direct shortcuts to options for security and privacy, as well as a page that logs attempts to hack[…]

Ransomware: The Tripflare in the Modern Cyberwar

Dark Reading: Attacks/Breaches Aug 23, 2017 | 13:00 pm

With the frequency and scale of breaches on the rise, and our legacy security failing to protect us, is ransomware the catalyst we need to trigger improvement in our security postures?

Google Removes 500 Android Apps Following Spyware Scare

Dark Reading: Attacks/Breaches Aug 23, 2017 | 12:50 pm

Android apps embedded with an advertising software development kit removed after researchers discover its potential for stealing users' caller data.

Android Oreo: Google has just made app installs from unknown sources a lot safer

Latest topics for ZDNet in Security Aug 23, 2017 | 12:09 pm

Android Oreo ditches 'Allow unknown sources' installs and instead introduces per-app permissions.

Stabbing fruits to breaking your skull: robot bugs make hacking too easy

Latest topics for ZDNet in Security Aug 23, 2017 | 09:41 am

Researchers say that vendors are not doing enough to protect robots used in both our homes and manufacturing.

Data leak vulnerabilities patched in Fuze TPN portal

Latest topics for ZDNet in Security Aug 23, 2017 | 07:39 am

The bugs allowed sensitive user information and credentials to be stolen, as well as network traffic capture.

DOJ amends request for data from anti-Trump site

Latest topics for ZDNet in Security Aug 23, 2017 | 00:37 am

The Justice Department attempts to allay first and fourth amendment concerns but continues to seek data on visitors to an anti-Trump website.

The enterprise must secure against the IoT: Fortinet

Latest topics for ZDNet in Security Aug 22, 2017 | 23:38 pm

Securing against the Internet of Things is not just the responsibility of manufacturer, Fortinet has said.

ROPEMAKER Attack Turns Benign Emails Hostile Post-Delivery

Dark Reading: Attacks/Breaches Aug 22, 2017 | 23:30 pm

The intersection of email and Web technologies has given attackers a way to mess with your email after it has been delivered to your inbox, Mimecast says.

White House details 2019 R&D priorities

FCW: The business of federal technology Aug 22, 2017 | 21:05 pm

The administration is directing agencies to lean more on the private sector and to tilt their future research and development priorities -- and dollars -- toward defense technologies, border security, economic growth, efficient health care and low-cost energy sources.

Oversight chairs probe political activities of feds

FCW: The business of federal technology Aug 22, 2017 | 20:49 pm

The chairs of two congressional oversight committees want answers about agencies' policies on granting unpaid leave requests to employees for campaign activity.

Senate bill bans joint cyber initiative with Russia

FCW: The business of federal technology Aug 22, 2017 | 20:27 pm

The intelligence authorization bill also mandates a governmentwide plan to combat election hacking and makes changes to personnel policy for cyber professionals.

White House advisory group warns of '9/11-level cyber attack'

FCW: The business of federal technology Aug 22, 2017 | 18:01 pm

A private-sector cybersecurity advisory committee wants the U.S. to pivot to a higher state of readiness when it comes to preventing catastrophic cyberattacks.

Battle of the AIs: Don't Build a Better Box, Put Your Box in a Better Loop

Dark Reading: Attacks/Breaches Aug 22, 2017 | 18:00 pm

Powered by big data and machine learning, next-gen attacks will include perpetual waves of malware, phishes, and false websites nearly indistinguishable from the real things. Here's how to prepare.

The Benefits of Exploiting Attackers' Favorite Tools

Dark Reading: Attacks/Breaches Aug 22, 2017 | 15:15 pm

Symantec senior threat researcher Waylon Grange explains that attackers write vulnerable code, too.

Over 500 Android apps with a combined 100 million downloads found to secretly contain spyware

Latest topics for ZDNet in Security Aug 22, 2017 | 14:14 pm

Unbeknown to the app developers, an advertising software development kit contained code for stealing data from their products' users.

Mobile threat defense helps fill EMM's gaps

SearchSecurity: Security Wire Daily News Aug 22, 2017 | 12:36 pm

Enterprise mobility management is crucial security technology, but it can't do everything. Mobile threat defense software helps IT stay ahead of the curve.

Managing the risks of data sprawl

FCW: The business of federal technology Aug 21, 2017 | 21:29 pm

A formalized risk framework can help agencies gain control of their entire information lifecycle.

Should robots kill?

FCW: The business of federal technology Aug 21, 2017 | 20:07 pm

Over 100 robotics and artificial intelligence experts worldwide warned the United Nations about a future of war that includes autonomous killing machines.

iPhone Secure Enclave firmware encryption key leaked

SearchSecurity: Security Wire Daily News Aug 21, 2017 | 18:19 pm

Experts and Apple say despite the leak of the iPhone Secure Enclave Processor encryption key that can be used to decrypt firmware code, user data and biometric information are still safe.

Offensive cyberweapons from enemies may be re-engineered

SearchSecurity: Security Wire Daily News Aug 18, 2017 | 17:21 pm

The U.S. Defense Intelligence Agency wants to isolate, study, customize and re-engineer malware from adversaries to be used as its own offensive cyberweapons.

Hijacked Chrome extensions infect millions of users

SearchSecurity: Security Wire Daily News Aug 18, 2017 | 17:15 pm

News roundup: Hackers leveraged eight hijacked Chrome extensions to attack 4.8 million browser users. Plus, Cloudflare stopped protecting a neo-Nazi website from DDoS attacks, and more.

How Bad Teachers Ruin Good Machine Learning

Dark Reading: Vulnerability Management Aug 18, 2017 | 12:00 pm

Sophos data scientist Hillary Sanders explains how security suffers when good machine learning models are trained on bad testing data.

NotPetya ransomware impact costs Maersk hundreds of millions

SearchSecurity: Security Wire Daily News Aug 17, 2017 | 20:33 pm

Danish shipping giant A.P. Moller-Maersk said the NotPetya ransomware attacks severely damaged business processes and the impact has been estimated at as much as $300 million in lost revenue.

Authorities can't force smartphone access in iOS 11

SearchSecurity: Security Wire Daily News Aug 17, 2017 | 20:08 pm

IOS 11 will allow users to avoid authorities attempting to force smartphone access by temporarily disabling biometric unlocking of mobile devices.

[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem

Dark Reading: Vulnerability Management Aug 17, 2017 | 04:00 am

Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.

Mobile data theft a risk from shared app libraries

SearchSecurity: Security Wire Daily News Aug 15, 2017 | 14:42 pm

Researchers claim malicious actors could commit mobile data theft by using shared third-party libraries and abusing elevated privileges that the permissions granted.

Microsoft antivirus policy changes under Kaspersky pressure

SearchSecurity: Security Wire Daily News Aug 11, 2017 | 19:40 pm

Microsoft antivirus policy changes for Windows 10 Fall Creators Update in order to avoid further action in an antitrust case brought by Kaspersky.

FBI's Next Generation Identification system exempt from Privacy Act

SearchSecurity: Security Wire Daily News Aug 11, 2017 | 16:08 pm

News roundup: The FBI Next Generation Identification biometrics database is exempt from the Privacy Act. Plus, Salesforce fired two top staffers after DEFCON, and more.

How threat actors weaponized Mia Ash for a social media attack

SearchSecurity: Security Wire Daily News Aug 11, 2017 | 14:54 pm

Dell SecureWorks researchers detected suspicious activity on social media accounts of Mia Ash. When they dug deeper, they discovered a new, complex social engineering attack.

Risky Business: Why Enterprises Can't Abdicate Cloud Security

Dark Reading: Privacy Aug 7, 2017 | 14:30 pm

It's imperative for public and private sector organizations to recognize the essential truth that governance of data entrusted to them cannot be relinquished, regardless of where the data is maintained.

Are Third-Party Services Ready for the GDPR?

Dark Reading: Privacy Aug 4, 2017 | 14:00 pm

Third-party scripts are likely to be a major stumbling block forcompanies seeking to be in compliance with the EU's new privacy rules. Here's a possible work-around.

DoJ Launches Framework for Vulnerability Disclosure Programs

Dark Reading: Vulnerability Management Aug 3, 2017 | 15:00 pm

The Department of Justice releases a set of guidelines to help businesses create programs for releasing vulnerabilities.

Dark Reading News Desk Live at Black Hat USA 2017

Dark Reading: Privacy Jul 27, 2017 | 17:30 pm

Over 40 interviews streaming live right from Black Hat USA, July 26-27, from 2 p.m. - 7 p.m. Eastern Time (11 - 4 P.T.).

The Right to Be Forgotten & the New Era of Personal Data Rights

Dark Reading: Privacy Jul 27, 2017 | 14:30 pm

Because of the European Union's GDPR and other pending legislation, companies must become more transparent in how they protect their customers' data.

Facebook Offers $1 Million for New Security Defenses

Dark Reading: Vulnerability Management Jul 26, 2017 | 16:00 pm

The social media giant has increased the size of its Internet Defense Prize program in order to spur more research into ways to defend users against the more prevalent and common methods of attack.

Using DevOps to Move Faster than Attackers

Dark Reading: Vulnerability Management Jul 20, 2017 | 23:04 pm

Black Hat USA talk will discuss the practicalities of adjusting appsec tooling and practices in the age of DevOps.

Cloud AV Can Serve as an Avenue for Exfiltration

Dark Reading: Vulnerability Management Jul 14, 2017 | 18:19 pm

Black Hat USA researchers show how bad guys can use cloud AV connections to bypass air-gaps and extremely segmented networks to keep stolen data flowing.

New SQL Injection Tool Makes Attacks Possible from a Smartphone

Dark Reading: Vulnerability Management Jul 12, 2017 | 12:57 pm

Recorded Future finds new hacking tool that's cheap and convenient to carry out that old standby attack, SQL injection.

Microsoft Patches Critical Zero-Day Flaw in Windows Security Protocol

Dark Reading: Vulnerability Management Jul 11, 2017 | 21:30 pm

Researchers at Preempt uncovered two critical vulnerabilities in the Windows NTLM security protocols, one of which Microsoft patched today.

The High Costs of GDPR Compliance

Dark Reading: Privacy Jul 11, 2017 | 14:30 pm

Looming, increasingly strict EU privacy regulations are pushing privacy spending to the top of IT priorities and budgets.

How Code Vulnerabilities Can Lead to Bad Accidents

Dark Reading: Vulnerability Management Jul 10, 2017 | 17:30 pm

The software supply chain is broken. To prevent hackers from exploiting vulnerabilities, organizations need to know where their applications are, and whether they are built using trustworthy components.