Events | SC Media

Events

UK businesses far more confident re GDPR than their European counterparts

Researcher: GDPR’s Right of Access policy can be abused to steal others’ personal info

An Oxford University scholar says he was able to trick dozens of European companies into sending him sensitive data about his fiancée, simply by impersonating her while invoking GDPR’s “Right of Access” policy. Doctor of philosophy student James Pavur, who presented his research findings Thursday at the Black Hat conference in Las Vegas, exploited the policy…

Destructive malware attacks double as attackers pair ransomware with disk wipers

IBM Security’s X-Force Incident Response and Intelligence Services (IRIS) team reported this week that it witnessed a 200 percent increase in destructive malware attacks over the first half of 2019, compared to the second half of 2018. These malware attacks typically incorporated a disk wiper component to them. Wipers are historically associated with nation-state-sponsored attacks…

Selling zero-days to governments takes some business savvy, says former bug broker

Not all researchers are comfortable with the ethics of selling the zero-day vulnerabilities they’ve discovered to governments and offensive security companies. But those who do seek profit beyond that of a traditional bug bounty reward will require a fair share of business savvy to seal the deal, according to former vulnerability broker Maor Shwartz, in…

Black Hat withdraws Hurd as speaker one day after naming him keynoter

One day after announcing Rep. Will Hurd, R-Texas, as its keynoter, organizers of the 2019 Black Hat security conference promptly revoked the invitation. “Black Hat has chosen to remove U.S. Representative Will Hurd, as our 2019 Black Hat USA keynote,” conference leadership said in a statement posted on the event’s website. “We misjudged the separation of technology and politics. We…

Can event-based analytics spot IP developers stealing their own assets?

The most likely person to steal IP is not an external threat, but rather the person who developed it and uses it every day, according to Forcepoint Chief Scientist Dr. Richard Ford. And this insider threat actually may be more difficult to detect because typical event-based security analytics may not always be adequately equipped to…

Is PSD2 the next GDPR? Not quite, but…(video)

The finance, banking and payment services industries have until September 2019 to comply with PSD2, a revised set of European Union regulations that give consumers more options and safer ways to make payments online. At RSA 2019, Geoff Sanders, director of product at anti-fraud and MFA company iovation (and former co-founder and CEO of iovation…

United Airlines CISO: To soar, security teams must focus on business, not technology

Many corporate IT security organizations are starting to realign their strategies by taking less of a technology-focused approach and instead prioritizing what’s most important from a global business perspective according to Emily Heath, VP and CISO at United Airlines. This approach requires security teams to develop an understanding of the most critical functions that drive…

Next post in Security News