3 Million Pennsylvanians Impacted By Facebook Privacy Breach: AG*:
- Nearly 3 million Pennsylvania residents had their personal Facebook data compromised as part of a privacy breach.
- The data of 2,960,311 Pennsylvania residents was shared with Cambridge Analytica and other third parties.
- Facebook estimates it shared a total of 70.4 million American users' data with third-party developers.
- Nearly a quarter of the Commonwealth's residents 22 percent had their personal data compromised by Facebook's privacy breach.
- Businesses like Facebook must take significant steps to better protect their users' privacy and personal data.
- To determine if your data was shared, visit this Facebook support page and log into your account.
*Source: Patch, May 03, 2018
Twitter urges all users to change passwords after glitch*:
- Twitter Inc urged its more than 330 million users to change their passwords after a glitch caused some to be stored in readable text on its internal computer system rather than disguised by a process known as "hashing".
- The social network disclosed the issue in a blog post and series of Tweets had resolved the problem and an internal investigation had found no indication passwords were stolen or misused by insiders.
- The disclosure comes as lawmakers and regulators around the world scrutinize the way that companies store and secure consumer data.
- Twitter discovered the bug a few weeks ago and has reported it to some regulators, said the person, who was not authorized to discuss the matter publicly.
- The U.S. Federal Trade Commission, which investigates companies accused of deceptive practices related to data security, declined comment on the password glitch.
- The glitch was related to Twitter's use of "hashing" and caused passwords to be written on an internal computer log before the scrambling process was completed.
- The company advised users to take precautions to ensure that their accounts are safe, including changing passwords and enabling Twitter's two-factor authentication service to help prevent accounts from being hijacked.
*Source: Reuters, May 03, 2018
How to Use GDPR to Your Business Advantage?*:
- Companies based in Europe are expected to spend an average of €1.3 million ($1.4 million) on ensuring compliance.
- Breach of GDPR's requirements could cost organizations dearly in fines for non-compliance, as well as increased legal fees and damage to brand reputation.
- Protect the business brand: The massive cyberattacks on Equifax, Yahoo and other major enterprises over recent years have severely dented those companies' brands and reputations.
- Update business-wide operations: GDPR creates an opportunity for security teams to develop and enforce robust processes to detect, investigate, respond and report on threats, and to roll these out across the business as whole.
- Saying yes to innovation – securely: As GDPR compliance will improve the handling of data and detection of threats, enterprises can accelerate innovation and collaboration both within the business and with external partners.
- Getting visibility of what you need to see: GDPR is fundamentally about the types of data that can be collected and recorded, and how that data is handled and stored, an effective visibility architecture is needed to monitor and protect data within the EU while offering a comprehensive perspective across the organization's networks globally.
- Data masking, originally developed to secure Personally Identifiable Information (PII) data, is ideal for GDPR compliance, and is a feature in some advanced network packet processing engines.
- Encryption matters: The trend toward a totally encrypted Internet continues, and under GDPR, data encryption is explicitly mentioned as a legitimate way to address security of personal data and offers some protection from prosecution in the event of a data breach.
- Ensuring integrity, availability, and resilience: A comprehensive visibility architecture doesn't just monitor data: it's also critical in defending an enterprise against increasingly advanced cybersecurity attacks.
- Security resilience is also key to GDPR, and visibility helps to ensure this by enabling anomalies or developing attacks to be quickly identified and addressed.
- GDPR is one of the most far-reaching and complex compliance regimes, and effecting the necessary changes within organizations to meet its demands will not always be easy.
*Source: BWCIO, May 01, 2018
Provident Fund Portal Hacked, 2.7 Crore People Face Data Theft *:
- The personal and professional details of about 2.7 crore members registered with the retirement fund body EPFO have been exposed to data theft.
- In a letter to the Ministry of Electronics and Information Technology, the Central Provident Fund Commissioner has written that hackers have stolen data from the Aadhaar seeding portal of EPFO.
- Details of the scale of the breach are not known but the website contains information like the names and addresses of EPF subscribers besides their employment history.
- A total of 114 government websites were hacked between April 2017 and January 2018, the Ministry of Electronics and IT.
- Several websites including those of the ministries of defence, home and law had been hacked, the government had dismissed them as hardware problems.
- The body that governs Aadhaar, UIDAI, has clarified that it has nothing to do with the alleged data breach from aadhaar.epfoservices.com.
*Source: NDTV, May 02, 2018
Singapore firms struggling to keep up with security patches*:
- Singapore organisations are struggling to cope with the volume of security patches, with 78 percent saying they lack adequate resources to keep pace.
- The online study polled just under 3,000 respondents worldwide, including 165 respondents from Singapore, who were from organisations with at least 1,000 employees.
- Some 79 percent revealed that their company did not have sufficient personnel to deploy patches in a timely fashion to prevent a breach.
- This might be especially critical considering that 58 percent said human error was the root cause of data breaches in their organisation, compared to the global average of 53 percent.
- Explaining the patching paradox, the software vendor noted that hire more people did not necessarily mean better security.
- 45 percent of Singapore respondents experienced a data breach in the last couple of years, of which 57 percent confessed they were compromised due to a known vulnerability.
- In total, these organisations spent 315 hours a week trying to prevent, detect, and rectify vulnerabilities.
*Source: ZD net, May 03, 2018
12 big encryption trends that will keep data more secure*:
- As cybercriminals become more sophisticated, it becomes easier for them to circumvent security measures and access sensitive personal data.
- While businesses and consumers are ultimately responsible for protecting themselves and following best practices, developers are on the frontlines of the ever-evolving cyber security battle.
- What's your prediction for the next big idea in encryption technology?
- Here are the 12 best answers:
- Homomorphic encryption
- Hardware-based whole disk encryption
- Moving target defense
- Wearable two-factor authentication
- A resurgence of physical-based security
- Quantum cryptography
- Smart contracts for encrypted payments
- Honey encryption
- IoT product security
- Voice biometrics and facial recognition
*Source: The Next Web, April 27, 2018
GLitch: New 'Rowhammer' Attack Can Remotely Hijack Android Phones*:
- For the very first time, security researchers have discovered an effective way to exploit a four-year-old hacking technique called Rowhammer to hijack an Android phone remotely.
- The proof-of-concept technique is a new addition to the Rowhammer attack series which leverages embedded GPUs to carry out a Rowhammer attack against Android smartphones.
- The issue was first exploited by Google's Project Zero researchers in early 2015, when they pulled off remote Rowhammer attacks on computers running Windows and Linux.
- Since the malicious code runs only within the privileges of the web browser, it can spy on user's browsing pattern or steal their credentials.
- GLitch is the first remote Rowhammer technique that exploits the GPU, which is found in almost all mobile processors.
- GLitch targets smartphones running the Snapdragon 800 and 801 system on a chip that includes both CPU and GPU.
- Since Rowhammer exploits a computer hardware weakness, no software patch can completely fix the issue.
- Although there's no way to fully block an Android phone's GPU from tampering with the DRAM, the team has been working with Google on ways to solve the problem.
*Source: The Hacker News, May 03, 2018