Exercises, Manufacturing and Security - Information Management Today

Security Affairs newsletter Round 421 by Pierluigi Paganini – International edition

Security Affairs

MAY 27, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Is the BlackByte ransomware gang behind the City of Augusta attack?

Security

Security Ransomware Manufacturing Cybersecurity

Australian Defense Department will replace surveillance cameras from Chinese firms Hikvision and Dahua

Security Affairs

FEBRUARY 12, 2023

An internal audit of surveillance equipment in Australian government and agency offices revealed the presence of more than 900 built systems manufactured by Chinese companies Hikvision and Dahua. The presence of cameras poses an unacceptable risk to national security. There is an issue here and we’re going to deal with it.”

Manufacturing

Manufacturing Government Risk Communications

New HiatusRAT campaign targets Taiwan and U.S. military procurement system

Security Affairs

AUGUST 21, 2023

Then they analyzed the connections made to this server to identify potential targets and discovered that over 91% of the inbound connections were from Taiwan, and there appeared to be a preference for Ruckus-manufactured edge devices. military procurement system appeared first on Security Affairs. .” 57 155.138.213[.]169

Military

Military Manufacturing Government Access

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Healthcare Info Security: Podcast Episode with Marianne Kolbasuk McGee

Adam Shostack

JANUARY 2, 2025

Adam on Healthcare Info Security podcast Adam is excited to share that he was live with Marianne Kolbasuk McGee of Healthcare Info Security! In this episode, Adam and Marianne emphasize the critical importance of integrating threat modeling early in the medical device development process. Check out the full episode here!

Security

Security Manufacturing Paper IT

Vladimir Putin ‘s computers still run Windows XP, Media reports

Security Affairs

DECEMBER 30, 2019

The news is curious and it probably has little real if not the fact that Vladimir Putin is not a super cyber security expert, although he knows its importance very well. Nowadays it is a suicide to use a computer running Windows XP because the OS doesn’t receive security updates and it is quite easy to find working exploits online.

Government

Government Communications Military Manufacturing

Username (and password) free login with security keys

Imperial Violet

AUGUST 9, 2019

Most readers of this blog will be familiar with the traditional security key user experience: you register a token with a site then, when logging in, you enter a username and password as normal but are also required to press a security key in order for it to sign a challenge from the website. But those Yubikeys certainly do.

Passwords

Passwords Security Encryption Authentication

The Week in Cyber Security and Data Privacy: 27 November – 3 December 2023

IT Governance

DECEMBER 5, 2023

The security researcher Bob Diachenko of SecurityDiscovery first identified the exposed information in mid-September. Source (New) Manufacturing USA Yes 1,212 Butte School District Source (New) Education USA Yes 900+ Fenway Community Health Center, Inc. Data breached: over 300 million records.

Data Privacy

Data Privacy Privacy Manufacturing Security

Vulnerabilities in Weapons Systems

Schneier on Security

JUNE 8, 2021

Increasing our offensive capabilities without being able to secure them is like having all the best guns in the world, and then storing them in an unlocked, unguarded armory. Military software is unlikely to be any more secure than commercial software. A 2018 GAO report expressed concern regarding the lack of secure and patchable U.S.

Military

Military Cybersecurity Communications Manufacturing

Weekly podcast: TSB, hotel locks and NATO exercise

IT Governance

APRIL 27, 2018

This week, we discuss TSB’s chaotic system upgrade, a security flaw in electronic hotel locks and a major NATO cyber security exercise. Security researchers have discovered that millions of electronic door locks used in hotel rooms around the world are vulnerable to hacking. Here are this week’s stories.

Military

Military Information Security Manufacturing Access

2022 Cyber Security Review of the Year

IT Governance

DECEMBER 20, 2022

Although there have still been a few surprises, with the death of Queen Elizabeth II and blazing heatwaves across the UK to name but two, it was a familiar year in the cyber security landscape. Google , Clearview AI , and Meta all receives hefty penalties in 2022, demonstrating the continued important of effective information security.

Security

Security Data breaches Ransomware Military

California Governor Signs into Law Bills Updating the CPRA and Bills Addressing the Privacy and Security of Genetic and Medical Data, Among Others

Hunton Privacy

OCTOBER 14, 2021

During the week of October 4, 2021, California Governor Gavin Newsom signed into law bills amending the California Privacy Rights Act of 2020 (“CPRA”), California’s data breach notification law and California’s data security law. Genetic Data: California Data Breach Notification and Data Security Law Amendment Bill.

Privacy

Privacy Insurance Security Data breaches

News Alert: Budget pressures drive prioritizing of OT cybersecurity projects, says Radiflow

The Last Watchdog

JUNE 20, 2023

focusing on illuminating the vulnerabilities of all network devices and mapping of the recommended security controls using a breach attack simulation (BAS) engine. In response, Radiflow recently released CIARA 4.0,

Cybersecurity

Cybersecurity Risk Manufacturing Analytics

MY TAKE: Michigan’s Cyber Range hubs provide career paths to high-schoolers, underutilized adults

The Last Watchdog

NOVEMBER 28, 2018

Both were well-equipped to teach, test and train individuals ranging from teen-agers and non-technical adults, to working system administrators and even seasoned tech security pros. Veterans have an inclination to continually defend their country, and many have security clearances, he says. “We My guess is that Gov.

Cybersecurity

Cybersecurity Systems administration Military Manufacturing

The Week in Cyber Security and Data Privacy: 29 January – 4 February 2024

IT Governance

FEBRUARY 6, 2024

Enforcement Uber fined €10 million for GDPR breaches The Dutch data protection authority, Autoriteit Persoonsgegevens, has fined Uber €10 million for failing to be transparent about its data retention practices and making it difficult for drivers to exercise their data privacy rights.

Data Privacy

Data Privacy Privacy Insurance Security

CrowdStrike: Lessons on the Importance of Contracts, Insurance and Business Continuity

IT Governance

JULY 30, 2024

But as a reminder, here are some key facts about the CrowdStrike incident: CrowdStrike is a publicly listed security company, which provides security software to – among many other large organisations – Microsoft. The outage was caused by a bad security update rolled out by CrowdStrike. Learn more about the CIA triad here.)

Insurance

Insurance Risk Encryption Manufacturing

How to Prepare for the Metaverse

AIIM

MARCH 29, 2022

As metaverse technology stacks expand and become more available, cheaper, and connected, the conception of use cases across all sectors becomes a contagious exercise. The impact of the metaverse on our businesses and lives will likely be greater than that of the internet. Of course, not every use case will materialize immediately.

Blockchain

Blockchain Manufacturing Retail Privacy

What is Employee Monitoring? Full Guide to Getting It Right

eSecurity Planet

OCTOBER 21, 2022

There are also security concerns, such as to protect trade secrets or to avoid legal liability in the event of a workplace injury or incident. Fitbit and similar technology can be used to track employees’ exercise routines, with some companies even offering rewards like extra days off for good behavior.

IT

IT Computer and Electronics Access Manufacturing

Weekly Vulnerability Recap – November 6, 2023 – Windows Drivers and Exchange Flaws

eSecurity Planet

NOVEMBER 6, 2023

The past week has been a busy one for cybersecurity vulnerabilities, with 34 vulnerable Windows drivers and four Microsoft Exchange flaws heading a long list of security concerns. The Problem: Three flaws discovered by the Kubernetes security community carry CVSS severity scores of 7.6 CVE-2022-4886 (Path Sanitization Bypass): This 8.8-level

Ransomware

Ransomware Authentication Cybersecurity Access

Europe Leads the Cybersecurity Regulation Dance

Thales Cloud Protection & Licensing

MARCH 1, 2023

Europe Leads the Cybersecurity Regulation Dance divya Thu, 03/02/2023 - 06:58 Europe has emerged as a hub for developing cyber policies, acting to improve software security, and quickly reporting severe breaches. But these regulations provide the incentive and the motivation to enable secure-by-design products and resiliency.

Cybersecurity

Cybersecurity Compliance GDPR Manufacturing

EUROPE: New privacy rules for connected vehicles in Europe?

DLA Piper Privacy Matters

MAY 5, 2020

To achieve these, local data processing or anonymization of data must be considered; The security and confidentiality of the personal data processed in the context of connected vehicles must be guaranteed, in particular by implementing measures such as the encryption of the communication channel. . geolocation data; biometric data; etc.)

Privacy

Privacy Personal data GDPR Insurance

Certificate pinning is great in stone soup

Adam Shostack

JANUARY 2, 2025

[no description provided] In his " ground rules " article, Mordaxus gives us the phrase "stone soup security," where everyone brings a little bit and throws it into the pot. The interplay of mitigations and bypasses that gets you there is a fine exercise if you've never worked through it.) The iPhone is more secure.

IoT

IoT Manufacturing Sales Communications

Vulnerabilities Equities Process and Threat Modeling

Adam Shostack

JANUARY 2, 2025

The Vulnerabilities Equities Process (VEP) is how the US Government decides if they'll disclose a vulnerability to the manufacturer for fixing. These are the "major factors" that senior government officials are supposed to consider in exercising their judgement. The second question relates to there being four equities to be considered.

Government

Government Manufacturing Security Cybersecurity

EU data governance regulation – a wave of digital, regulatory and antitrust reform begins – Part 1

Data Protection Report

DECEMBER 17, 2020

The Data Strategy proposed the establishment of nine common European data spaces for data sharing and pooling, including health, mobility, manufacturing, financial services, energy, and agriculture. The EC’s Data Strategy sets out a vision of common European data spaces, a Single Market for data. These are described in our second blog post.

Government

Government Personal data Marketing Agriculture

Private cloud use cases: 6 ways private cloud brings value to enterprise business

IBM Big Data Hub

MARCH 28, 2024

As cloud computing continues to transform the enterprise workplace, private cloud infrastructure is evolving in lockstep, helping organizations in industries like healthcare, government and finance customize control over their data to meet compliance, privacy, security and other business needs. billion by 2033, up from USD 92.64

Cloud

Cloud Energy and Utilities Compliance Privacy

France: the CNIL has released its annual dawn raid Program for 2023: four national priorities and one priority coming from the EDPB!

DLA Piper Privacy Matters

MARCH 20, 2023

The CNIL will also check the measures implemented to ensure the security of the data. The access to the electronic patient record in health care institutions The security of health data has already been under the CNIL’s scrutiny over the past years and subject to investigations in 2020 and 2021 in health care institutions.

Computer and Electronics

Computer and Electronics IT File names Access

German DSK Issues GDPR Fining Methodology Guidelines

Data Matters

DECEMBER 9, 2019

In particular, in the UK, the Information Commissioner’s Office (“ICO”) has issued two notices of intention to fine of €114m and €215m for failure to implement appropriate data security measures. fine against a furniture manufacturer in Denmark and a kr. The involvement of an entity is triggered when it exercises ‘decisive influence’.

GDPR

GDPR Personal data Privacy Manufacturing

German DSK Issues GDPR Fining Methodology Guidelines

Data Matters

DECEMBER 9, 2019

In particular, in the UK, the Information Commissioner’s Office (“ICO”) has issued two notices of intention to fine of €114m and €215m for failure to implement appropriate data security measures. fine against a furniture manufacturer in Denmark and a kr. The involvement of an entity is triggered when it exercises ‘decisive influence’.

GDPR

GDPR Personal data Privacy Manufacturing

Be a part of OpenText World Europe 2024 in Munich

OpenText Information Management

APRIL 1, 2024

Mark will be joined by OpenText customer Carsten Trapp, CIO of manufacturer Carl Zeiss, who will discuss his company’s partnership with OpenText to support their SAP S/4HANA transformation and compliance initiatives. Wondering what’s new in our products?

IoT

IoT Digital transformation Cloud Manufacturing

The Orion blockchain database: Empowering multi-party data governance

IBM Big Data Hub

AUGUST 7, 2023

For instance, in response to sustainability trends, product manufacturers may need to prove the carbon footprint of their products to regulators and clients. It provides a comprehensive solution for secure, transparent and trustworthy data management. Figure 2 illustrates the blockchain functionalities that Orion offers.

Blockchain

Blockchain Government Authentication Manufacturing

Treating cybersecurity like workplace safety

CGI

APRIL 19, 2018

When I worked with a major global chemical manufacturer, every meeting began with a PowerPoint presentation on safety, highlighting the importance of the topic. Today, agencies need to bring the same level of motivation to ensure that their data and devices are secure. has been estimated at more than $7 million.

Cybersecurity

Cybersecurity Digital transformation Manufacturing Government

Treating cybersecurity like workplace safety

CGI

JULY 5, 2018

When I worked with a major global chemical manufacturer, every meeting began with a PowerPoint presentation on safety, highlighting the importance of the topic. Today, agencies need to bring the same level of motivation to ensure that their data and devices are secure. has been estimated at more than $7 million.

Cybersecurity

Cybersecurity Digital transformation Manufacturing Government

Time and tide waits for no man – IoT in Insurance

CGI

MAY 27, 2016

Context aware - as above, but the context could be whether a building is secure and being occupied. Behavioural based health and wellness - For life insurance, the level of exercise completed could influence the premiums offered.

Insurance

Insurance IoT Marketing Manufacturing

Treating cybersecurity like workplace safety

CGI

MAY 15, 2018

When I worked with a major global chemical manufacturer, every meeting began with a PowerPoint presentation on safety, highlighting the importance of the topic. Today, agencies need to bring the same level of motivation to ensure that their data and devices are secure. has been estimated at more than $7 million.

Cybersecurity

Cybersecurity Digital transformation Government Manufacturing

Weekly podcast: 2018 end-of-year roundup

IT Governance

DECEMBER 13, 2018

This week, in our last podcast of the year, we revisit some of the biggest information security stories from the past 12 months. As is now traditional, I’ve installed myself in the porter’s chair next to the fire in the library, ready to recap some of the year’s more newsworthy information security events. caused problems of their own.

Data breaches

Data breaches Personal data Access GDPR

CISA issues proposed rules for cyber incident reporting in critical infrastructure

Data Protection Report

APRIL 9, 2024

On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (“CISA”) published a Notice of Proposed Rulemaking for the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”), which imposes new reporting requirements for entities operating in critical infrastructure sectors.

Ransomware

Ransomware Agriculture Cybersecurity Government

The Economy of Things: the next value lever for telcos

IBM Big Data Hub

JULY 11, 2023

For example, a fleet truck outfitted with an EoT-secure identity and wallet is able to pay for its own fuel at a similarly EoT-enabled fuel pump without the driver having to open an app or provide a credit card.

IoT

IoT Agriculture Artificial Intelligence Blockchain

The Results Are in: Modest Changes to CCPA Await the Governor’s Signature

HL Chronicle of Data Protection

SEPTEMBER 25, 2019

If a consumer does not have an account, the CCPA prohibits a business from requiring that consumer to create an account as a condition of exercising their rights. It excepts from the CCPA certain types of owner and vehicle information shared by a vehicle dealer and the manufacturer for vehicle repairs associated with warranties or recalls.

Sales

Sales Communications Data breaches Compliance

And then there were five: CCPA amendments pass legislature

Data Protection Report

SEPTEMBER 17, 2019

The amendments change and clarify a business’ obligation to permit consumers to submit requests to exercise their CCPA rights. Note that CCPA § 1798.150 – the consumer private right of action for certain security breaches and the requirement for reasonable security – continues to apply. – § 1798.130.

B2B

B2B Privacy Communications Encryption

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

It seems everything smart is hackable, with IoT startups sometimes repeating security mistakes first made decades ago. How then does one start securing it? Welcome to the hacker by original podcast from for all secure, it's about challenging our expectations about the people who hack for a living.

IoT

IoT Communications Security IT

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

It seems everything smart is hackable, with IoT startups sometimes repeating security mistakes first made decades ago. How then does one start securing it? Welcome to the hacker by original podcast from for all secure, it's about challenging our expectations about the people who hack for a living.

IoT

IoT Communications Security IT

Nevada, New York and other states follow California’s CCPA

Data Protection Report

JUNE 6, 2019

The new Nevada law also exempts motor vehicle manufacturers or repair services that retrieve information from the motor vehicle “in connection with a technology or service related to the motor vehicle” or provided by a consumer in connection with a subscription or registration for a technology or service related to the vehicle.

Privacy

Privacy Sales Insurance Manufacturing

Firmware Fuzzing 101

ForAllSecure

DECEMBER 16, 2020

Very few of these devices have security in mind when they were built. We can also find interesting binaries by getting another similar firmware (such as a similar model by another manufacturer) and comparing which binaries are unique to each system with a script. Also if you want more on embedded security, check out this project.

Libraries

Libraries IT Authentication Access

Firmware Fuzzing 101

ForAllSecure

DECEMBER 15, 2020

Very few of these devices have security in mind when they were built. We can also find interesting binaries by getting another similar firmware (such as a similar model by another manufacturer) and comparing which binaries are unique to each system with a script. Also if you want more on embedded security, check out this project.

Libraries

Libraries IT Authentication Access

Discovery of New Internet of Things (IoT) Based Malware Could Put a New Spin on DDoS Attacks

Data Protection Report

NOVEMBER 3, 2017

As we warned a year ago, we expect that these type of widespread outages may be more common in the future because of security weakness related to the Internet of Things, coupled with increased adoption of IoT devices in the United States and worldwide. Documenting Security and Preventative Measures. Before an Attack.

IoT

IoT Communications Risk Passwords

Security Affairs newsletter Round 421 by Pierluigi Paganini – International edition

Australian Defense Department will replace surveillance cameras from Chinese firms Hikvision and Dahua

Webinars

Trending Sources

New HiatusRAT campaign targets Taiwan and U.S. military procurement system

Webinars

Healthcare Info Security: Podcast Episode with Marianne Kolbasuk McGee

Vladimir Putin ‘s computers still run Windows XP, Media reports

Username (and password) free login with security keys

The Week in Cyber Security and Data Privacy: 27 November – 3 December 2023

Vulnerabilities in Weapons Systems

Weekly podcast: TSB, hotel locks and NATO exercise

2022 Cyber Security Review of the Year

California Governor Signs into Law Bills Updating the CPRA and Bills Addressing the Privacy and Security of Genetic and Medical Data, Among Others

News Alert: Budget pressures drive prioritizing of OT cybersecurity projects, says Radiflow

MY TAKE: Michigan’s Cyber Range hubs provide career paths to high-schoolers, underutilized adults

The Week in Cyber Security and Data Privacy: 29 January – 4 February 2024

CrowdStrike: Lessons on the Importance of Contracts, Insurance and Business Continuity

How to Prepare for the Metaverse

What is Employee Monitoring? Full Guide to Getting It Right

Weekly Vulnerability Recap – November 6, 2023 – Windows Drivers and Exchange Flaws

Europe Leads the Cybersecurity Regulation Dance

EUROPE: New privacy rules for connected vehicles in Europe?

Certificate pinning is great in stone soup

Vulnerabilities Equities Process and Threat Modeling

EU data governance regulation – a wave of digital, regulatory and antitrust reform begins – Part 1

Private cloud use cases: 6 ways private cloud brings value to enterprise business

France: the CNIL has released its annual dawn raid Program for 2023: four national priorities and one priority coming from the EDPB!

German DSK Issues GDPR Fining Methodology Guidelines

German DSK Issues GDPR Fining Methodology Guidelines

Be a part of OpenText World Europe 2024 in Munich

The Orion blockchain database: Empowering multi-party data governance

Treating cybersecurity like workplace safety

Treating cybersecurity like workplace safety

Time and tide waits for no man – IoT in Insurance

Treating cybersecurity like workplace safety

Weekly podcast: 2018 end-of-year roundup

CISA issues proposed rules for cyber incident reporting in critical infrastructure

The Economy of Things: the next value lever for telcos

The Results Are in: Modest Changes to CCPA Await the Governor’s Signature

And then there were five: CCPA amendments pass legislature

The Hacker Mind: Hacking IoT

The Hacker Mind: Hacking IoT

Nevada, New York and other states follow California’s CCPA

Firmware Fuzzing 101

Firmware Fuzzing 101

Discovery of New Internet of Things (IoT) Based Malware Could Put a New Spin on DDoS Attacks

Stay Connected