Note that this dies not seem to be a problem with
either Oracle or SAP. It’s a management problem.
Study warns
of rising hacker threats to SAP, Oracle business software
At least a dozen companies and government agencies
have been targeted and thousands more are exposed to data breaches by
hackers exploiting old security flaws in management software, two
cyber security firms said in a study published on Wednesday.
The Department of Homeland Security issued an
alert [
https://www.us-cert.gov/ncas/current-activity/2018/07/25/Malicious-Cyber-Activity-Targeting-ERP-Applications
] citing the study by security firms Digital Shadows and Onapsis that
highlights the risks posed to thousands of unpatched business systems
from software makers Oracle and SAP.
Systems at two government agencies and at firms in
the media, energy and finance sectors were
hit after failing to install patches or take other security measures
advised by Oracle or SAP, security firms Onapsis and
Digital Shadows said in the newly published report. (goo.gl/pWbz3Q)
When the “protectors” compromise your data…
Think of ‘unsubscribe’ as a GDPR ‘opt-out.’
LifeLock ID
theft protection leak could have aided identity thieves
LifeLock's identity theft protection service
suffered
from a security flaw that put users' identities in jeopardy. The
event forced its parent company, Symantec,
to pull its website down to fix the issue after it was notified by
KrebsOnSecurity. According to Krebs, Atlanta-based security
researcher Nathan Reese discovered the vulnerability through a
newsletter email he received from the service. Upon
clicking "unsubscribe," a page that clearly showed his
subscriber key popped up. That allowed Reese to write a
script that sequences numbers, which was able to pull keys and their
corresponding email addresses from the service.
Non-reporting was even worse than I thought.
Under GDPR,
Data Breach Reports in UK Have Quadrupled
… GDPR imposes a number of new requirements on
organizations that handle personal information. But one of the
biggest changes is that organizations must track all breaches, as
well as report certain types of breaches to authorities "within
72 hours of becoming aware of the breach, where feasible,"
according to the Information
Commissioner's Office, which is the U.K.'s data privacy watchdog
and GDPR enforcer
… But the data does not reveal whether
organizations are suffering more - or fewer - breaches than before.
"It's important to note that while the number of reported
breaches has increased, it does not necessarily mean the number of
breaches has increased – just that more are being reported,"
says Brian Honan, who heads cybersecurity consultancy BH Consulting
in Dublin, an who moderated a panel focused on complying with GDPR at
the June Infosecurity Europe conference in London
(Related) A good summary for my students.
Nine
Aspects Of GDPR Customer Data Management You Need To Know
1. The Right To Be Forgotten
The biggest impact GDPR will have on organizations
is the right to be forgotten. Organizations are required to allow EU
residents to revoke their consent at any point. This means that all
that data must be removed from every system within the organization.
Unless all their databases are integrated, this could get tricky.
8. The IP Address As Personal Data
One of the key tenets of cybersecurity operations
is tracking indicators of compromise: Pieces of identifying
information that tip off whether user or network activity is
malicious. With GDPR in effect, IOCs such as a user's IP address are
considered personal data, impacting the defenders' ability to fully
use that data to identify, detect and respond to threats.
9. Third-Party Data Policy
All third-party scripts like social media
plug-ins, advertising and analytics scripts are your responsibility.
How they handle your users' data can be a liability. You cannot
assume these third-party companies are GDPR compliant just yet.
Review your third-party service providers’ security, and consider
removing most external third-party scripts until you can ensure they
are GDPR compliant.
I immediately thought this meant that the
remaining 507 members of congress were correctly matched to mugshots.
Perhaps they didn’t gather enough mugshots?
Amazon’s
Rekognition messes up, matches 28 lawmakers to mugshots
The American
Civil Liberties Union of Northern California said Thursday that
in its new test of Amazon’s facial recognition system known as
Rekognition,
the software erroneously identified 28 members of Congress as people
who have been arrested for a crime.
According to Jake
Snow, an ACLU attorney, the organization downloaded 25,000
mugshots from what he described as a "public source."
The ACLU then ran the official photos of all 535
members of Congress through Rekognition, asking it to match them up
with any of the mugshots—and it ended up matching 28.
No comments:
Post a Comment