Governance, Risk, Compliance
The first 72 hours after you discover a data breach are critical. Why? The GDPR (General Data Protection Regulation) requires all organisations to report certain types of personal data breach to the relevant supervisory authority. More specifically, Article 33…
Under the GDPR (General Data Protection Regulation), organisations must be vigilant about how long they retain personal information. If you keep sensitive data for too long – even if it’s being held securely and not…
Remember Spectre and Meltdown? Back in early 2018, I wrote: Spectre and Meltdown are pretty catastrophic vulnerabilities, but they only affect the confidentiality of data. Now that they -- and the research into the Intel…
Researcher Bhavuk Jain discovered a vulnerability in the "Sign in with Apple" feature, and received a $100,000 bug bounty from Apple. Basically, forged tokens could gain access to pretty much any account. It is fixed.…
Long and nuanced story about Marcus Hutchins, the British hacker who wrote most of the Kronos malware and also stopped WannaCry in real time. Well worth reading.Read more: schneier.com
The attack requires physical access to the computer, but it's pretty devastating: On Thunderbolt-enabled Windows or Linux PCs manufactured before 2019, his technique can bypass the login screen of a sleeping or locked computer --…
Marriott announced another data breach, this one affecting 5.2 million people: At this point, we believe that the following information may have been involved, although not all of this information was present for every guest…
Instacart is taking legal action against bots that automatically place orders: Before it closed, to use Cartdash users first selected what items they want from Instacart as normal. Once that was done, they had to…
A federal court has ruled that violating a website's terms of service is not "hacking" under the Computer Fraud and Abuse Act. The plaintiffs wanted to investigate possible racial discrimination in online job markets by…
Three weeks ago (could it possibly be that long already?), I wrote about the increased risks of working remotely during the COVID-19 pandemic. One, employees are working from their home networks and sometimes from their…