How to Become a Data Protection Officer The role of a Data Protection Officer (DPO) is a fairly new one in many companies. What’s more, the need to hire a DPO often comes as a response to the General Data Protection Regulations (GDPR) which were implemented back in 2018.As such, the responsibilities, reporting and structure […]

TikTok is again being accused of illegally processing children’s personal data. The latest claim has been brought by Anne Longfield, the former children’s commissioner for England, who is suing the video-sharing app on behalf of 3.5 million children in the UK. She alleges that TikTok is violating the GDPR (General Data Protection Regulation) by collecting excessive data […]

Ata Hakcil led the team of white hat hackers from WizCase in identifying a major data leak on online trading broker FBS’ websites. The data from FBS.com and FBS.eu comprised millions of confidential records including names, passwords, email addresses, passport numbers, national IDs, credit cards, financial transactions and more. Were such detailed personally identifiable information (PII) to […]

Data hygiene consists of actions that organizations can, and should, take as a matter of following not only compliance requirements, but also as part of basic risk management program practices. Consistent, risk-specific data hygiene practices supports not only a very wide range and number of data protection compliance requirements, but performing data hygiene activities also […]

Choosing the right data security solution Jean Le Bouthillier, CEO of Canadian data security startup Q​ohash​, says that organizations have had many issues with solutions that generate large volumes of (often) not relevant and not actionable data. “My first piece of advice for organizations looking for the right data security solutions would be to consider whether […]

OVH, one of the largest hosting providers in the world, has suffered this week a terrible fire that destroyed its data centers located in Strasbourg. The French plant in Strasbourg includes 4 data centers, SBG1, SBG2, SBG3, and SBG4 that were shut down due to the incident, and the fire started in SBG2 one. The fire impacted the services […]

In this post, we are going to talk about MITRE ATT&CK® technique T1001 – Data Obfuscation. As the name indicates, this technique consists in making data, usually sent over Command and Control (C&C) communications, more difficult to detect and decode. There are countless ways to do that, but here we are going to focus on disguising […]

For the second time in as many years, Google is working to fix a weakness in its Widevine digital rights management (DRM) technology used by online streaming sites like Disney, Hulu and Netflix to prevent their content from being pirated. The latest cracks in Widevine concern the encryption technology’s protection for L3 streams, which is used for […]

Experts observed a new tactic adopted by Magecart groups, they used Telegram to exfiltrate stolen payment details from compromised websites Source: Hackers use e-skimmer that exfiltrates payment data via Telegram CISA Webinar: E-Skimming This Is How Easy It Is To Get Hacked | VICE on HBO Download a Security Risk Assessment Steps paper! Security Risk […]

Apple planned to release a fix for the Safari bug by Spring 2021, delaying it for one year. The bug allows stealing local data files. Source: Safari Bug That Allows Stealing Data Disclosed After Apple Delays A Patch Data Loss/Leak Prevention | Security Basics

  5 Common Accidental Sources of Data Leaks – Nightfall AI How do bad actors gain access to a company’s data? Most of the time, well-meaning everyday people are the real source of data insecurity. In cybersecurity and infosec, it’s common to assume that criminals are behind all data breaches and major security events. Bad […]

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. Source: 15 billion credentials available in the cybercrime marketplaces Exploring the Dark Web Explore the subject of Cyber Attack Download a Security Risk Assessment Steps paper! Subscribe to DISC InfoSec blog by Email Take […]

The proposed legislation is Congress’ latest attempt to weaken encryption from tech giants. Source: Republicans push bill requiring tech companies to help access encrypted data

Experts found tens of thousands of printers that are exposed online that are leaking device names, organization names, WiFi SSIDs, and other info. Source: A daily average of 80,000 printers exposed online via IPP Exploiting Network Printers How To Hack A Printer And See All Documents Printed Download a Security Risk Assessment steps paper! Download […]

The lawsuit alleges that a data scraper took login credentials from about 5,500 people and then harvested phone numbers of their friends. Source: Facebook sues developer over alleged data scraping abuse What Is Web/Data Scrapping ? How To Scrap Large Data From A Website Would like to know more on InfoSec Awareness… Download a Security […]

As hackers shift tactics, business owners can take steps to prevent attacks and minimize damage. Source: How hoteliers can mitigate data breaches The 5 Most Dangerous New Attack Techniques and How to Counter Them Data Breaches: Crisis and Opportunity Download a Security Risk Assessment Checklist paper! Subscribe to DISC InfoSec blog by Email

More than two dozen SQL databases stolen from online shops in various countries are being offered for sale on a public website. In total, the seller provides over 1.5 million rows of records but the damage is likely much larger. Source: Hacker extorts online shops, sells databases if ransom not paid More than two dozen […]