Cyber Policy in the News
News and Comment: Macy’s Ecommerce Data Breached Via Third Party
Macy’s Ecommerce Data Breached Via Third Party, Company Says
Macy’s Ecommerce Data Breached Via Third Party, Company Says
NEWS: The company has advised online customers that the exposure occurred from April 26 to June 12, according to Detroit Free Press. It blamed an unnamed third party who accessed the data from an outside source, using valid passwords and user names. Read more…
COMMENT:
Macy’s declaration that they have added additional security measures as a precaution is like saying you have added fire extinguishers after the building has burnt to the ground. Private citizens have no way of knowing if the firms that they have trusted are implementing proper security measures and the frequency with which breaches continue to occur would indicate that this is not the case. Most firms implement necessary security, such as multifactor authentication, but additional regulation is needed to ensure that all of them do.”
John Gunn, CMO, OneSpan:
Fitness app Polar exposed locations of spies and military personnel
Fitness app Polar exposed locations of spies and military personnel
Fitness app Polar exposed locations of spies and military personnel
Location data revealed the home addresses of intelligence officers — even when their profiles were set to private.
Fitness app Polar exposed locations of spies and military personnel
Workout Data From Fitness App Used to Identify Government Spies and Military Personnel
Workout Data From Fitness App Used to Identify Government Spies and Military Personnel
Workout Data From Fitness App Used to Identify Government Spies and Military Personnel
In the latest incident of seemingly innocuous data sharing leading to potentially dangerous exposure, the popular fitness app and activity trackers Polar Flow has been revealing the location of military and government personnel working at sensitive locations, according to ZDNet.
Workout Data From Fitness App Used to Identify Government Spies and Military Personnel
Why 100 Northrop Grumman B-21 Raider Stealth Bombers Might Not Be Enough
Why 100 Northrop Grumman B-21 Raider Stealth Bombers Might Not Be Enough
Why 100 Northrop Grumman B-21 Raider Stealth Bombers Might Not Be Enough
“Unlike most other major defense programs, the B-21 is not only being developed mostly in secret, it is also being managed outside the normal acquisition process at the Air Force’s Rapid Capabilities Office. The reason for that is fairly simple, the Air Force hopes that the secrecy will prevent adversaries such as Russia and China from gaining too much insight into the new bomber and its capabilities before it is even fielded.
“There are adversaries out there that want to know what we’re doing, and are probably going to great lengths to try to get to that level of insight,” Walden said.
“We’re doing everything we can to prevent that.”
Why 100 Northrop Grumman B-21 Raider Stealth Bombers Might Not Be Enough
Utah is fending off one billion hacking attempts per day
Utah is fending off one billion hacking attempts per day
Utah is fending off one billion hacking attempts per day
Lt. Gov. Spencer Cox says election security is becoming more critical for Utah, because they’ve seen a dramatic uptick in the number of attempts to hack the state’s systems over the last few weeks, increasing to an incredible one billion attempts per day.
California Goes Beyond GDPR With New Data Privacy Law
California Goes Beyond GDPR With New Data Privacy Law – ISACA Now
California Goes Beyond GDPR With New Data Privacy Law – ISACA Now
Bill Bonney, CISA, author of “CISO Desk Reference Guide” and Programs Directors for the ISACA San Diego Chapter, today writes:
Bill Bonney, CISM
“This week, in my home state of California, the state legislature passed, and the governor signed, AB 375, officially known as the California Consumer Privacy Act of 2018. The legislation will take effect January 1, 2020. The good news for privacy professionals is that this bill resembles in many ways the European Union’s General Data Protection Regulation (GDPR). Much of the same data classification, business logic, and tracking of consent and preferences developed to comply with the GDPR should translate to this California law.”
How ransomware democratized cyber weapons, warfare
From my colleague, Morgan Wright:
How ransomware democratized cyber weapons, warfare
BY MORGAN WRIGHT, OPINION CONTRIBUTOR — 07/02/18 07:30 AM EDT 1
At any given moment, there are between 190-200 countries in the world. For now, nine countries have nuclear capabilities (although Israel will neither confirm nor deny). According to the Arms Control Association, there are about 14,500 nuclear warheads. Russia and the United States have 90 percent of the total arsenal. MAD — mutually assured destruction — has kept Russia and the U.S. from obliterating each other. Unfortunately, there’s a new kind of arms race that is threatening to upset the balance of power — in cyberspace.
Real Full Story on TheHill.com
California lawmakers just made it harder for companies to sell your data
California lawmakers just made it harder for companies to sell your data
California lawmakers just made it harder for companies to sell your data
The ruling is in: The Golden State will adopt the California Consumer Privacy
California lawmakers just made it harder for companies to sell your data
Another Equifax Employee Faces Charge of Insider Trading After Big Breach
Another Equifax Employee Faces Charge of Insider Trading After Big Breach
Another Equifax Employee Faces Charge of Insider Trading After Big Breach
Regulators charged a second former worker, accusing him of buying stock options before the breach of 140 million consumers’ data became public.
Another Equifax Employee Faces Charge of Insider Trading After Big Breach
New iOS 12 Feature Risks Exposing Users to Online Banking Fraud – OneSpan Blog
New iOS 12 Feature Risks Exposing Users to Online Banking Fraud – OneSpan Blog
New iOS 12 Feature Risks Exposing Users to Online Banking Fraud – OneSpan Blog
Security Code AutoFill could expose users to online banking fraud by removing the human validation aspect of the transaction signing/authentication process.
Andreas Gutmann is a researcher at OneSpan’s Cambridge Innovation Centre, working at the intersection of FinTech with usability, security, and privacy. He is a Marie Skłodowska-Curie Actions Fellow of the European Commission and is currently pursuing a PhD at University College London.