Artwork

Nội dung được cung cấp bởi Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.
Player FM - Ứng dụng Podcast
Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !

Episode 192 - The Unedited Episode

49:24
 
Chia sẻ
 

Manage episode 417170336 series 2706360
Nội dung được cung cấp bởi Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.

This week in InfoSec

With content liberated from the “today in infosec” twitter account and further afield

27th April 2012: The Information Commissioner's Office (ICO) in the UK issued its first-ever data breach fine to an NHS (National Health Service) organisation, fining Aneurin Bevan Health Board in Wales £70,000.

https://www.digitalhealth.net/2012/04/first-nhs-fine-issued-by-ico/

Rant of the Week

Dropbox dropped the ball on security, haemorrhaging customer and third-party info

Dropbox has revealed a major attack on its systems that saw customers' personal information accessed by unknown and unauthorized entities.

The attack, detailed in a regulatory filing, impacted Dropbox Sign – a service it bills as an "eSignature solution [that] lets you send, sign, and store important documents in one seamless workflow, without ever leaving Dropbox." So basically a DocuSign clone.

The filing states that management became aware of the incident last week – on April 24 – and "immediately activated our cyber security incident response process to investigate, contain, and remediate the incident."

That effort led to the discovery that "the threat actor had accessed data related to all users of Dropbox Sign, such as emails and usernames, in addition to general account settings."

Billy Big Balls of the Week

Chinese government website security is often worryingly bad, say Chinese researchers

Five Chinese researchers examined the configurations of nearly 14,000 government websites across the country and found worrying lapses that could lead to malicious attacks, according to a not-yet-peer-reviewed study released last week.

The researchers concluded the investigation has uncovered "pressing security and dependency issues" that may not have a quick fix.

"Despite thorough analyses, practical solutions to bolster the security of these systems remain elusive," wrote the researchers. "Their susceptibility to cyber attacks, which could facilitate the spread of malicious content or malware, underscores the urgent need for real-time monitoring and malicious activity detection."

The study also highlights the need for "stringent vetting and regular updates" of third-party libraries and advocates "a diversified distribution of network nodes, which could substantially augment system resilience and performance."

The study will likely not go down well in Beijing, as China's government has urged improvements to government digital services and apps often issues edicts about improving cybersecurity.

Industry News

Google Blocks 2.3 Million Apps From Play Store Listing

Disinformation: EU Opens Probe Against Facebook and Instagram Ahead of Election

NCSC’s New Mobile Risk Model Aimed at “High-Threat” Firms

Lawsuits and Company Devaluations Await For Breached Firms

UnitedHealth CEO Confirms Breach Tied to Stolen Credentials, No MFA

REvil Ransomware Affiliate Sentenced to Over 13 Years in Prison

Security Breach Exposes Dropbox Sign Users

Indonesia is a Spyware Haven, Amnesty International Finds

North Korean Hackers Spoofing Journalist Emails to Spy on Policy Experts

Tweet of the Week

https://twitter.com/summer__heidi/status/1783829402574639187

Come on! Like and bloody well subscribe!

  continue reading

210 tập

Artwork
iconChia sẻ
 
Manage episode 417170336 series 2706360
Nội dung được cung cấp bởi Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.

This week in InfoSec

With content liberated from the “today in infosec” twitter account and further afield

27th April 2012: The Information Commissioner's Office (ICO) in the UK issued its first-ever data breach fine to an NHS (National Health Service) organisation, fining Aneurin Bevan Health Board in Wales £70,000.

https://www.digitalhealth.net/2012/04/first-nhs-fine-issued-by-ico/

Rant of the Week

Dropbox dropped the ball on security, haemorrhaging customer and third-party info

Dropbox has revealed a major attack on its systems that saw customers' personal information accessed by unknown and unauthorized entities.

The attack, detailed in a regulatory filing, impacted Dropbox Sign – a service it bills as an "eSignature solution [that] lets you send, sign, and store important documents in one seamless workflow, without ever leaving Dropbox." So basically a DocuSign clone.

The filing states that management became aware of the incident last week – on April 24 – and "immediately activated our cyber security incident response process to investigate, contain, and remediate the incident."

That effort led to the discovery that "the threat actor had accessed data related to all users of Dropbox Sign, such as emails and usernames, in addition to general account settings."

Billy Big Balls of the Week

Chinese government website security is often worryingly bad, say Chinese researchers

Five Chinese researchers examined the configurations of nearly 14,000 government websites across the country and found worrying lapses that could lead to malicious attacks, according to a not-yet-peer-reviewed study released last week.

The researchers concluded the investigation has uncovered "pressing security and dependency issues" that may not have a quick fix.

"Despite thorough analyses, practical solutions to bolster the security of these systems remain elusive," wrote the researchers. "Their susceptibility to cyber attacks, which could facilitate the spread of malicious content or malware, underscores the urgent need for real-time monitoring and malicious activity detection."

The study also highlights the need for "stringent vetting and regular updates" of third-party libraries and advocates "a diversified distribution of network nodes, which could substantially augment system resilience and performance."

The study will likely not go down well in Beijing, as China's government has urged improvements to government digital services and apps often issues edicts about improving cybersecurity.

Industry News

Google Blocks 2.3 Million Apps From Play Store Listing

Disinformation: EU Opens Probe Against Facebook and Instagram Ahead of Election

NCSC’s New Mobile Risk Model Aimed at “High-Threat” Firms

Lawsuits and Company Devaluations Await For Breached Firms

UnitedHealth CEO Confirms Breach Tied to Stolen Credentials, No MFA

REvil Ransomware Affiliate Sentenced to Over 13 Years in Prison

Security Breach Exposes Dropbox Sign Users

Indonesia is a Spyware Haven, Amnesty International Finds

North Korean Hackers Spoofing Journalist Emails to Spy on Policy Experts

Tweet of the Week

https://twitter.com/summer__heidi/status/1783829402574639187

Come on! Like and bloody well subscribe!

  continue reading

210 tập

Tất cả các tập

×
 
Loading …

Chào mừng bạn đến với Player FM!

Player FM đang quét trang web để tìm các podcast chất lượng cao cho bạn thưởng thức ngay bây giờ. Đây là ứng dụng podcast tốt nhất và hoạt động trên Android, iPhone và web. Đăng ký để đồng bộ các theo dõi trên tất cả thiết bị.

 

Hướng dẫn sử dụng nhanh