Artwork

Вміст надано Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik. Весь вміст подкастів, включаючи епізоди, графіку та описи подкастів, завантажується та надається безпосередньо компанією Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik або його партнером по платформі подкастів. Якщо ви вважаєте, що хтось використовує ваш захищений авторським правом твір без вашого дозволу, ви можете виконати процедуру, описану тут https://uk.player.fm/legal.
Player FM - додаток Podcast
Переходьте в офлайн за допомогою програми Player FM !

Episode 192 - The Unedited Episode

49:24
 
Поширити
 

Manage episode 417170336 series 2706360
Вміст надано Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik. Весь вміст подкастів, включаючи епізоди, графіку та описи подкастів, завантажується та надається безпосередньо компанією Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik або його партнером по платформі подкастів. Якщо ви вважаєте, що хтось використовує ваш захищений авторським правом твір без вашого дозволу, ви можете виконати процедуру, описану тут https://uk.player.fm/legal.

This week in InfoSec

With content liberated from the “today in infosec” twitter account and further afield

27th April 2012: The Information Commissioner's Office (ICO) in the UK issued its first-ever data breach fine to an NHS (National Health Service) organisation, fining Aneurin Bevan Health Board in Wales £70,000.

https://www.digitalhealth.net/2012/04/first-nhs-fine-issued-by-ico/

Rant of the Week

Dropbox dropped the ball on security, haemorrhaging customer and third-party info

Dropbox has revealed a major attack on its systems that saw customers' personal information accessed by unknown and unauthorized entities.

The attack, detailed in a regulatory filing, impacted Dropbox Sign – a service it bills as an "eSignature solution [that] lets you send, sign, and store important documents in one seamless workflow, without ever leaving Dropbox." So basically a DocuSign clone.

The filing states that management became aware of the incident last week – on April 24 – and "immediately activated our cyber security incident response process to investigate, contain, and remediate the incident."

That effort led to the discovery that "the threat actor had accessed data related to all users of Dropbox Sign, such as emails and usernames, in addition to general account settings."

Billy Big Balls of the Week

Chinese government website security is often worryingly bad, say Chinese researchers

Five Chinese researchers examined the configurations of nearly 14,000 government websites across the country and found worrying lapses that could lead to malicious attacks, according to a not-yet-peer-reviewed study released last week.

The researchers concluded the investigation has uncovered "pressing security and dependency issues" that may not have a quick fix.

"Despite thorough analyses, practical solutions to bolster the security of these systems remain elusive," wrote the researchers. "Their susceptibility to cyber attacks, which could facilitate the spread of malicious content or malware, underscores the urgent need for real-time monitoring and malicious activity detection."

The study also highlights the need for "stringent vetting and regular updates" of third-party libraries and advocates "a diversified distribution of network nodes, which could substantially augment system resilience and performance."

The study will likely not go down well in Beijing, as China's government has urged improvements to government digital services and apps often issues edicts about improving cybersecurity.

Industry News

Google Blocks 2.3 Million Apps From Play Store Listing

Disinformation: EU Opens Probe Against Facebook and Instagram Ahead of Election

NCSC’s New Mobile Risk Model Aimed at “High-Threat” Firms

Lawsuits and Company Devaluations Await For Breached Firms

UnitedHealth CEO Confirms Breach Tied to Stolen Credentials, No MFA

REvil Ransomware Affiliate Sentenced to Over 13 Years in Prison

Security Breach Exposes Dropbox Sign Users

Indonesia is a Spyware Haven, Amnesty International Finds

North Korean Hackers Spoofing Journalist Emails to Spy on Policy Experts

Tweet of the Week

https://twitter.com/summer__heidi/status/1783829402574639187

Come on! Like and bloody well subscribe!

  continue reading

213 епізодів

Artwork
iconПоширити
 
Manage episode 417170336 series 2706360
Вміст надано Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik. Весь вміст подкастів, включаючи епізоди, графіку та описи подкастів, завантажується та надається безпосередньо компанією Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik або його партнером по платформі подкастів. Якщо ви вважаєте, що хтось використовує ваш захищений авторським правом твір без вашого дозволу, ви можете виконати процедуру, описану тут https://uk.player.fm/legal.

This week in InfoSec

With content liberated from the “today in infosec” twitter account and further afield

27th April 2012: The Information Commissioner's Office (ICO) in the UK issued its first-ever data breach fine to an NHS (National Health Service) organisation, fining Aneurin Bevan Health Board in Wales £70,000.

https://www.digitalhealth.net/2012/04/first-nhs-fine-issued-by-ico/

Rant of the Week

Dropbox dropped the ball on security, haemorrhaging customer and third-party info

Dropbox has revealed a major attack on its systems that saw customers' personal information accessed by unknown and unauthorized entities.

The attack, detailed in a regulatory filing, impacted Dropbox Sign – a service it bills as an "eSignature solution [that] lets you send, sign, and store important documents in one seamless workflow, without ever leaving Dropbox." So basically a DocuSign clone.

The filing states that management became aware of the incident last week – on April 24 – and "immediately activated our cyber security incident response process to investigate, contain, and remediate the incident."

That effort led to the discovery that "the threat actor had accessed data related to all users of Dropbox Sign, such as emails and usernames, in addition to general account settings."

Billy Big Balls of the Week

Chinese government website security is often worryingly bad, say Chinese researchers

Five Chinese researchers examined the configurations of nearly 14,000 government websites across the country and found worrying lapses that could lead to malicious attacks, according to a not-yet-peer-reviewed study released last week.

The researchers concluded the investigation has uncovered "pressing security and dependency issues" that may not have a quick fix.

"Despite thorough analyses, practical solutions to bolster the security of these systems remain elusive," wrote the researchers. "Their susceptibility to cyber attacks, which could facilitate the spread of malicious content or malware, underscores the urgent need for real-time monitoring and malicious activity detection."

The study also highlights the need for "stringent vetting and regular updates" of third-party libraries and advocates "a diversified distribution of network nodes, which could substantially augment system resilience and performance."

The study will likely not go down well in Beijing, as China's government has urged improvements to government digital services and apps often issues edicts about improving cybersecurity.

Industry News

Google Blocks 2.3 Million Apps From Play Store Listing

Disinformation: EU Opens Probe Against Facebook and Instagram Ahead of Election

NCSC’s New Mobile Risk Model Aimed at “High-Threat” Firms

Lawsuits and Company Devaluations Await For Breached Firms

UnitedHealth CEO Confirms Breach Tied to Stolen Credentials, No MFA

REvil Ransomware Affiliate Sentenced to Over 13 Years in Prison

Security Breach Exposes Dropbox Sign Users

Indonesia is a Spyware Haven, Amnesty International Finds

North Korean Hackers Spoofing Journalist Emails to Spy on Policy Experts

Tweet of the Week

https://twitter.com/summer__heidi/status/1783829402574639187

Come on! Like and bloody well subscribe!

  continue reading

213 епізодів

Усі епізоди

×
 
Loading …

Ласкаво просимо до Player FM!

Player FM сканує Інтернет для отримання високоякісних подкастів, щоб ви могли насолоджуватися ними зараз. Це найкращий додаток для подкастів, який працює на Android, iPhone і веб-сторінці. Реєстрація для синхронізації підписок між пристроями.

 

Короткий довідник