ISMS.online News Roundup – 21st November 2019

Welcome

Millions of android phones vulnerable to camera spying, thousands of hacked Disney+ accounts are already for sale on forums and more in this weeks edition of our information and cybersecurity news roundup!

Would you give your medical data to Google?

Ascension, a St Louis, Missouri-based non-profit healthcare organisation is transferring the data of tens of millions of patients to Google. Information such as lab results, diagnosis and other records is said to be among what is being transferred and with no anonymisation. To find out why, Will Goodbody of RTE has reported on the story in some detail.

Read the full article here.

4 Key Benefits of ISO 27001 Implementation

ISO 27001:2013 is one of the most popular information security standards in the world. More and more companies are achieving ISO 27001 certification to underline the robustness of their information security management. We explore the benefits around gaining a competitive edge, winning and retaining customer contracts, improving processes, compliance and avoiding data breach fines.

 

Read the full article here.

Office 365 phishing attack targets admin accounts

Anthony Spadafora returns with another story for Tech Radar, concerning the safety around admin accounts on Office 365. Hackers impersonated Microsoft and the Office 365 brand, while using validated domains to lure users to a login screen where credentials could be harvested.

Read the full article here.

Country of Origin is unrelated to cybersecurity: Huawei

While the UK and Germany are assessing whether to let their 5G network enter their countries, Huawei have released a document saying the concern should focus more on its products instead of the counry of origin. Wei Sheng for Technode looks at the statements made by the tech giant.

Read the full article here.

Ransomware bites 400 vetenary hospitals

The National Vetenary Associates (NVA) which owns more than 700 animal care facilities around the world, faced a ransomware attack at the end of October. Still in phase of recovery from the incident, Krebs on Security reports on the incident and brings further details forward in his story.

Read the full article here.

How British Red Cross’s IT security chief is demysifying cyber for staff

“Being a conduit between the business and the technical side” is the key skill for Lee Cramp, Head of Information Security at the British Red Cross. In this great interview, Sooraj Shah for the New Statesman covers the details of what it takes for an individual who is ensuring that the charity is taking care of cyber threats.

Read the full article here.

2020 Cybersecurity – Putting the house in order

Cybersecurity, data breaches and laws have been big news in 2019. As this year nears its conclusion, Nik Whitfield for Techradar looks at what has made this year so significant and what changes may come in the new year.

Read the full article here.

Ransomware attack foiled by state’s cybersecurity protocols

A ransomware attack took place on state offices in Louisiana on Monday. To their credit, Sam Karlin reports on the outcome was only a loss of convenience as systems and sites were promptly shut down, leading to a successful defence.

Read the full article here.

Millions of android phones may be vulnerable to camera spying vulnerability

Vulnerabilities have been found in android smartphones which enable hackers to access the camera and secretly take photos and record videos. Graham Cluley reports for Hot For Security, adding that this trick can also be exploited when the devices are locked and the screens are turned off.

Read the full article here.

Securing your data in the cloud: All you need to know

There is a common misconception that cloud storage cannot be trusted and poses risks. This is only strengthened with news of breaches, but while the threats do exist, there is a strong case for best practices proving that cloud technology does work. Open Access Government speaks with David Blevosky, CEO of Cloudhelix to talk about how securing data in the cloud is straightforward and how it can protect your business.

Read the full article here.

A brief history of machine learning in cybersecurity

The topic of machine learning is quite common in todays world and its relevance to cybersecurity is very much a daily conversation. What you may not realise though is that machine learning for the purpose of security goes back as far as the late 80’s. In this article, David Barton and Dr Albert Zhichun Li for Security Info Watch gives a little history lesson that paints a picture of how far machine learning has truly come along.

Read the full article here.

Ransomware sees huge rise in 2019

In this article from IT Pro Portal, Sead Fadilpasic writes about findings by Bitefinder who have spotted a significant rise in ransomware this year. In the last 12 months the increase has has been by 74.23 percent.

Read the full article here.

Samsung and LG phones at risk from Qualcomm security flaw

Following issues with Intel and their processors in last weeks roundup, security flaws have now been discovered in mobile processors by Qualcomm. This poses a threat to models made by Samsung, LG and Motorola. Anthony Spadafora shares findings presented by cybersecurity firm Check Point.

Read the full article here.

Three security lessons for the intelligent enterprise

In this short piece for cso.com, Susan Galer speaks with Robyn Westervelt from IDC about digital transformation for businesses and the challenges faced. Comprising of three pieces of advice while adding the continuous need to evolve with changes in security management.

Read the full article here.

Thousands of hacked Disney+ accounts are already for sale on hacking forums

Following a haul of more than 10 million subscribers in a first 24 hours for new streaming platform Disney+, duplicate accounts of paying users were turning up on hacking forums or sold for nominal fees elsewhere. This was in addition to a handful of launch problems for the service too. Catalin Cimpanu reports for Zdnet in this interesting story.

Read the full article here.

Microsoft Buckles Under EU pressure: Changes cloud contracts to refelct “Data Controller” Role

To meet the needs of GDPR, Microsoft has now updated its Online Services Terms (OST) for commercial cloud contracts. Ed Targett for Computer Business Review writes about how this now means Microsoft acknowledges itself as a data controller.

Read the full article here.

Germany force Apple to allow non apple pay transfers on ios

It looks like Apple will no longer have exclusivity on its own device when it comes to making payments via NFC technology. Hannah Davies for Trusted Reviews explains how German Parlaiment are voting in favour for new legislation which will allow rival payment services to be installed Apple devices.

Read the full article here.

How to put together an effective information security policy

The American department store chain learned of a data breach in mid-October following a suspicious connection to another website. The third party site had gained access to the stores checkout and wallet pages. David Bisson for Security Boulevard reports on the potential exposure of customer data and how the situation was handled.

Read the full article here.

A security strategy that centers on humans, not bugs

Digital literacy is the theme of this piece by Andrea Little Limbargo for Dark Reading. While we have digital technologies such as multifactor authenticationm (MFA) and rules for passwords, implementing best practices among a workforce can often be the bigger challenge and the easiest solution to reducing risks.

Read the full article here.

Senators ask Bezos for answers on how Amazon’s smart doorbells retain videos and personal data

Lauren Feiner of CNBC covers the request of five US senators for Amazon CEO Jeff Bezos to answer questions of the company’s new home security system, Ring. The technology has the ability to secure customer data, as well as record videos. Naturally, this has raised concerns over data protection.
 

Read the full article here.

What does the ICO’s recent guidance mean for the future of cookies?

Did you know that cookies are governed by both GDPR and PECR? Guidence has recently been issued by the ICO on the use of cookies and other digital technologies. This guidance will clarify how cookies will be used under GDPR, as well as how they are used for storing information and accessing data on user equipment under PECR. Charles Russell Speechlys goes into the details for Mondaq.

Read the full article here.

Spain tracking mobile phones on massive scale for statistical survey

Euronews reports on a controversial survey being conducted in Spain this week which involves the tracking of mobile phones. Conducted on a massive scale, this has been implemented without the consent of users and has raised concerns over consumer privacy and data protection.
 

Read the full article here.

Sustaining trust in a changing data landscape

One of the largest insurance companies in the world, AIG, has secured the Data Protection Trustmark (DPTM) in Singapore but for President and Chief, Christian Sandric, the job is not done and their journey with data protection is an ongoing process. The Straits Times reports on their engaging interview.

Read the full article here.

Facial recognition technology: Ed Bridges appeals human rights ruling

Nick Dermoday shares this story on the BBC, concerning the appeal against the use of facial recognition technology byt the South Wales Police Force who have been trialling it at public events since 2017. The report also looks at how often the technology has been used as well as the results of the process.
 

Read the full article here.

Share This