CPO Magazine News, insights and resources for data protection, privacy and cyber security leaders
- Ransomware Attacks Evade Strong Cyber Defenses While Phishing Remains an Easy Initial Entry Point Despite Employee Trainingby Alicia Hope on July 23, 2021 at 10:00 pm
Report found that most organizations that suffered successful ransomware attacks since 2019 had perimeter defenses in place and had trained their employees on phishing.
- US & Intelligence Allies Formally Accuse Chinese State-Backed Hackers of the Microsoft Exchange Cyber Attacks, but Stop Short of Sanctionsby Scott Ikeda on July 23, 2021 at 4:00 pm
The breach of the Microsoft Exchange email server software is estimated to have hit tens of thousands of victims. The Biden administration has formally declared that Chinese state-backed APT groups were behind the original cyber attacks.
- Why Detection-As-Code Is the Future of Threat Detectionby Jack Naglieri on July 23, 2021 at 11:00 am
Detection engineering with detection-as-code (DaC) can advance security operations just as DevOps improved the app development world. Here are compelling benefits of this trending approach to threat detection.
- Hackers Access Personal and Call Information and Port Numbers in Mint Mobile Data Breachby Alicia Hope on July 22, 2021 at 10:00 pm
Hackers accessed subscribers’ information and ported their mobile numbers in the Mint data breach after potentially compromising a subscriber management software or a user account.
- Data Leak Reveals Pegasus Spyware Found In Use Unlawfully in 20 Countries, With Capability to Break Current iPhone Securityby Scott Ikeda on July 22, 2021 at 4:00 pm
The Pegasus spyware sold by NSO Group, supposed to only be available to law enforcement and intelligence agencies for legitimate and legal uses, appears to be widely available to repressive governments with little oversight.
- Bulletproof Your Enterprise Cybersecurity Against State-Sponsored Attacksby Rakesh Soni on July 22, 2021 at 11:00 am
Here’s what needs to be done at the enterprise level to ensure bulletproof cybersecurity against state-sponsored cyber attacks in the most uncertain times of COVID-19 and beyond.
- Is China Looking to Stockpile Zero-Days? New Vulnerability Disclosure Rules Could Create Closed Pipeline From Security Researchers to CCPby Scott Ikeda on July 21, 2021 at 10:00 pm
New vulnerability disclosure rules announced by the Chinese government have raised the prospect of “zero-day hoarding,” as anything discovered in the country must now be reported to the CCP and to no one else (in most cases).
- Biden Administration Tries New Tack in Battle Against Ransomware Attacks: Bounties Offered on Identification of Major Playersby Scott Ikeda on July 21, 2021 at 4:00 pm
As ransomware attacks surge and hackers become increasingly bold, the Biden administration is forging ahead with a package of new measures that includes up to $10 million for information that leads to the identification of attackers that hit critical infrastructure.
- Don’t Let False Positives Sink Your Cybersecurity Strategyby Christopher Muffat on July 21, 2021 at 11:00 am
With cybersecurity professionals spending as much as 30% of their time chasing down groundless reports of risky behavior or unauthorized data access, false positives are becoming a big problem for many organizations.
- Almost All Organisations Suffered At Least One Data Breach in Past 18 Months, The State of Cloud Security Report Foundby Alicia Hope on July 20, 2021 at 10:00 pm
Nearly 100% of companies suffered at least one data breach in past 18 months. Most cited inadequate identity management and the lack of visibility as the major cloud security threat.
- Citing “National Security Risks,” China Government Puts New Cybersecurity Approval Requirements on Chinese Tech Companiesby Scott Ikeda on July 20, 2021 at 4:00 pm
Proposed new set of rules would force Chinese tech companies with over one million users to apply for special cybersecurity approval before listing, citing the national security risks associated with that data falling into the hands of foreign governments.
- What To Do When Your Organization Become the Victim of a Phishing Attackby Perry Carpenter on July 20, 2021 at 11:00 am
Knowing the common manipulative tactics – exploiting every emotional hot button (anxiety, uncertainty, urgency) – used in phishing is the first step to understanding how to identify and deflect them; and it requires a repetitive process.
- Coalition of Privacy-Focused Tech Companies Calls for Ban on Surveillance Advertising Technologiesby Scott Ikeda on July 19, 2021 at 10:00 pm
A coalition of some of the biggest names in privacy-focused tech companies is seeking a ban on advertising technologies that use surveillance techniques to track people across the internet.
- Biden Warns Putin The U.S. Will Take Any Necessary Action Against Russia For Ransomware Attacksby Alicia Hope on July 19, 2021 at 4:00 pm
President Joe Biden warned Vladimir Putin that there would be consequences for ransomware attacks launched from Russia even if they were not sanctioned by the Kremlin.
- Chinese Data Laws and Ambitions Pose Strategic Risksby Emily de La Bruyère on July 19, 2021 at 11:00 am
China’s new data laws formalizes a legal architecture for Chinese government control over domestic data; a basis for the CCP to claim – and claim oversight over – information, including that of private companies.
- Revil Ransomware Group Missing From Dark Web; Temporary Vacation, or Permanently Out of Business?by Scott Ikeda on July 16, 2021 at 4:00 pm
REvil ransomware gang, implicated in the high-profile attacks on JBS and Kaseya, seems to have very suddenly disappeared from the internet. The group has even closed up pages advertising its services on the dark web.
- Privacy Is No Longer a “Nice to Have.” It’s a Business Imperative.by John O’Rourke on July 16, 2021 at 11:00 am
Privacy is no longer a “nice to have.” And today’s focus on the ethics around privacy is much more than a cultural moment, it’s a moment for businesses to grasp and use to lead.
- Morgan Stanley’s Third-Party Data Breach Leaks Customers’ Sensitive Information via an Accellion Hackby Alicia Hope on July 15, 2021 at 10:00 pm
A third-party data breach on Morgan Stanley’s account maintenance contractor Guidehouse leaked customers’ data via an Accellion hack in Jan 2021 and reported half a year later.
- Is It Possible To Make IoT Devices Private? Amazon Echo Dot Does Not Wipe Personal Content After Factory Resetby Scott Ikeda on July 15, 2021 at 4:00 pm
IoT devices that record copious details of the daily lives of users raise natural privacy concerns. A history-clearing factory reset on the Echo Dot does not appear to clear that data.
- Unlocking Value With Privacy-Preserving Machine Learningby Ellison Anne Williams on July 15, 2021 at 11:00 am
When leveraged for machine learning applications, Privacy Enhancing Technologies (PETs) manifest as Preserving Machine Learning (PPML) to ensure that privacy is both protected and prioritized when building and utilizing models.
- Biden Administration Addresses Big Tech’s Anti-Competitive Practices With Sweeping Executive Orderby Scott Ikeda on July 14, 2021 at 4:00 pm
New executive order from the Biden administration, containing a broad package of measures from “right to repair” to renewed scrutiny of major mergers, aims to curtail anti-competitive practices among the Big Tech players.
- Your Right to Be Forgotten. Can it Be Achieved?by Adam Laub on July 14, 2021 at 11:00 am
To not only comply with privacy regulations but honor customer requests for their right to be forgotten in the required time, your data storage, indexing and discovery needs to be well organized and maintained.
- Chinese Apps Subject to Apple’s New App Tracking Rules, At Least for Now; Controversial CAID Workaround Falls Apart After Bansby Scott Ikeda on July 13, 2021 at 10:00 pm
An attempt by major Chinese tech firms to circumvent Apple’s new app tracking rules appears to have been shuttered. Apple sent a clear message to developers in the Chinese apps market that there would be no exemptions from its global rules.
- Big Tech Lobby Makes Noise About Pulling Out of Hong Kong Over “Doxxing” Privacy Lawby Scott Ikeda on July 13, 2021 at 4:00 pm
Some of the biggest names in Big Tech may be considering pulling out of Hong Kong. The reason is a recently-implemented “doxxing” privacy law developed in the wake of the 2019 pro-democracy protests.
- Identifying Third Party Risk Is Only Half the Challenge; Building Secure Ecosystems and Monitoring Risk Are the Real Taskby Justin Offen on July 13, 2021 at 11:00 am
To prevent compromises in supply chains, companies need to solidify the importance of managing third party risk, institute continuous monitoring solutions and improve the resilience of their suppliers and systems.
- Didi Ride-Sharing App Suspended by China Over Violation of Data Protection Rulesby Scott Ikeda on July 12, 2021 at 10:00 pm
Popular ride-sharing app Didi is the latest Big Tech target of the CCP, suspended from app stores for violating the country’s data protection rules until it makes changes to its user data collection processes.
- Over 170 Fake Android Apps Defrauded More Than 93,000 Users Through Crypto Mining Scamsby Alicia Hope on July 12, 2021 at 4:00 pm
Lookout security researchers discovered over 170 Android apps, 25 on Google Play, that have defrauded more than 93,000 users about $350,000 through crypto mining scams.
- Vendor Risk Management Is No Longer Optional: You Have COVID To Thankby Ishan Girdhar on July 12, 2021 at 11:00 am
COVID-19 did a lot to reveal weaknesses in systems across the board. Regardless of what type of Vendor Risk Management program you have or do not have – the time has come to start planning for a future in which more and more data breaches from remote work will occur.
- CISA Releases Ransomware Readiness Assessment Tool for Assessing Organizations’ Cybersecurity Postureby Alicia Hope on July 9, 2021 at 10:00 pm
CISA added the Ransomware Readiness Assessment module to the CSET toolset to assist organizations of varying maturity levels to assess their cybersecurity posture against attacks.
- Low-Tech Cyber Attacks on Industrial Networks Are Up After a String of Successesby Scott Ikeda on July 9, 2021 at 7:00 pm
When one thinks of cyber attacks on industrial networks, one often pictures advanced nation-state threat actors using sophisticated techniques. A new report indicates that the modern trend may be in the other direction.