May 02 2021

How to Become a Data Protection Officer

Category: data security,Information SecurityDISC @ 12:05 pm
data protection officer CCO

How to Become a Data Protection Officer

The role of a Data Protection Officer (DPO) is a fairly new one in many companies. What’s more, the need to hire a DPO often comes as a response to the General Data Protection Regulations (GDPR) which were implemented back in 2018.
As such, the responsibilities, reporting and structure of the role are primarily defined by GDPR guidelines.

But though it might be a fairly new role, it can be a very exciting and rewarding one. So if you’re considering a career as a data protection officer, this guide is for you. Below, we’ll take a look at what the role entails and what you need to do to get a job as a DPO.

What is a Data Protection Officer and What Do They Do?

In a nutshell, a data protection officer is a steward for data protection and privacy within a business. They must implement effective data protection strategies and facilitate a culture of data protection throughout the company. This is to ensure companywide compliance with GDPR. The appointment of a DPO is mandatory in some businesses, particularly those in the public sector or those that process a large amount of personal data. That being said, some businesses choose to appoint a DPO even though they are not legally required to as it pays to have someone in charge of compliance and data privacy.

In the general data protection regulations, it is stated that the DPO should report directly to the highest management level. As a DPO, some of the key responsibilities include:

  • Ensuring that a business applies the laws of data protection appropriately and effectively, as
    well as following these regulations and legislations.
  • Educating and training management and all other employees about GDPR and other data protection statutes as well as about compliance and demonstrating effective measures and strategies for data handling and processing.
  • Conducting regular security audits.
  • Acting as the point of contact between the company and any supervisory authorities (SAs). For example, if there is a data breach, it is the job of the DPO to report this to the relevant authorities.

With this in mind, here’s how you can tailor your career path to lead to the role of a data protection officer.

In order to become a DPO, What skills you may need…

Becoming a Data Protection Officer

Certified Data Protection Officer

Data Protection and the Cloud 

Data Protection and the Cloud – Are you really managing the risks?

Tags: data protection officer

May 01 2021

Identifying People Through Lack of Cell Phone Use

Category: Cybercrime,Smart PhoneDISC @ 11:46 am
Identifying People Through Lack of Cell Phone Use

But Faïd’s true mentors were the criminals he’d grown up idolizing onscreen. “He had a phenomenal memory,” his brother Abdeslam tells me. “And he was completely immersed in movies.” Abdeslam recalls an eight-year-old Rédoine returning home from a matinee of the 1975 French crime film Peur Sur la Ville (released in the U.S. as The Night Caller), starring Jean-Paul Belmondo, and enchanting their mother and his siblings with a scene-by-scene reenactment. “I’d seen the film,” Abdeslam says, “and his version was just as I remembered it.”

his former lawyer, Raphael Chiche, explained on French television in a documentary about Faïd. “He had to create his own methodology. What better way than movies to get inspired and learn the operational modes of criminality?”

The foresight with which Faïd planned these robberies led his associates to give him a nickname—Doc, after Doc McCoy, Steve McQueen’s character in 1972’s The Getaway, a bank robber on the run who, like Faïd, has a preternatural ability to visualize how jobs will play out. McCoy also made a habit of carrying out “thoughtful hits,” Faïd explains to me. “He had to rob in a precise and neat way.” Faïd likewise stresses the neatness of his own robberies. As he puts it, he executed his hits “as gentlemanly as possible.” He wants to be known as a master thief who took careful precautions to avoid acts of violence.

In this entertaining story of French serial criminal Rédoine Faïd and his jailbreaking ways, there’s this bit about cell phone surveillance:

A police notice issued after Fad's July 2018 escape from Rau which launched the largest manhunt in French history.

Tags: cell phones, crime, France, prison escapes, prisons

Apr 30 2021

The realities of working in and pursuing a career in cybersecurity

Category: CISSP,cyber security,Information SecurityDISC @ 5:50 am
The realities of working in and pursuing a career in cybersecurity

“One of the biggest challenges we have in cybersecurity is an acute lack of market awareness about what cybersecurity jobs entail,” said Clar Rosso, CEO of (ISC)². “There are wide variations in the kinds of tasks entry-level and junior staff can expect. Hiring organizations and their cybersecurity leadership need to adopt more mature strategies for building teams.

“Many organizations still default to job descriptions that rely on cybersecurity ‘all stars’ who can do it all. The reality is that there are not enough of those individuals to go around, and the smart bet is to hire and invest in people with an ability to learn, who fit your culture and who can be a catalyst for robust, resilient teams for years to come.”

cybersecurity career realities

Apr 29 2021

US and allies to take steps to fight a surge in ransomware attacks

Category: Information Security,RansomwareDISC @ 9:54 pm

A task force of 60+ experts from industry, government, nonprofits, and academia calls on the US and allies to take steps to fight a surge in ransomware attacks 

A task force of more than 60 experts from industry, government, nonprofits and academia is urging the U.S. government and global allies to take immediate steps to stem a growing global crisis of cyberattacks in which hackers seize computer systems and data in exchange for a ransom. 

The group, which issued a report today, says swift, coordinated action can disrupt and deter the growing threat of cyberattacks that use ransomware, a malicious software that locks up computer systems so that criminals can demand ransom in exchange for access.

“We’re seeing critical parts of the economy being hit by ransomware, including, for example, health care in particular,” says task force co-chair Megan Stifel, executive director of Americas at the Global Cyber Alliance. “When you start to see a broad scale of victims across multiple elements of the economy being hit there can ultimately, if not abated, be catastrophic consequences.” 

Apr 29 2021

ATT&CK® for Containers now available!

Category: Attack MatrixDISC @ 10:26 am

We’re excited to announce the official release of ATT&CK for Containers! This release marks the culmination of a Center for Threat-Informed Defense (Center) research project sponsored by Citigroup, JPMorgan Chase, and Microsoft that investigated the viability of adding container-related techniques into ATT&CK. This investigation led to developing a draft of an ATT&CK for Containers matrix, which we contributed to ATT&CK. Our contribution was accepted and is now live in ATT&CK version 9.0! We want to give a special thank you to the community for all of your feedback and help in developing this content. Creating ATT&CK for Containers has been a fun journey for us, with a lot of new faces and names along the way. You’ll notice a lot of new contributors in ATT&CK with this release, which is in part a testament to how many folks helped us scope and create this new platform in ATT&CK!

For more on: Why did container-related techniques get added to ATT&CK?

Apr 29 2021

Jailbreak or Jail – Is Hacking for the Government A Crime?

Category: Jail breakDISC @ 7:45 am
Jailbreak or Jail – Is Hacking for the Government A Crime?

After the horrific shooting in San Bernardino, California, federal law enforcement officers seized the now-dead suspect’s iPhone, and sought to examine it. However, the phone was “locked” using proprietary hardware and software from Apple. The government sought a court order (under the All Writs Act — an 18th century statute) compelling Apple to develop and implement a process to break their own security, and to provide to the FBI the unlocked and unencrypted contents of the iPhone.

After much legal wrangling, the FBI backed down. A recent report in the Washington Post indicates that the reason the FBI backed down is that they were able to turn to a “white hat” hacking company in Australia, Azimuth, to “jailbreak,” or unlock, the phone for them. Cool, cool. In fact, for the most part, that’s what is supposed to happen. Companies attempt to design and implement secure software, hardware, networks and applications, and governments (oh yeah, and hackers, too) attempt to find and exploit weaknesses in them. They put it on the bill, I tear up the bill. It’s very convenient.

It is certainly a more desirable outcome than requiring companies to deliberately crack or, even worse, weaken their security so that a government agency can bypass that security, or compelling the manufacturer or software developer to spend considerable development time and effort to undo its own security.

And that’s the problem with good security – when it works, it’s good. So, was it legal for Azimuth to jailbreak Apple’s devices, and then sell the jailbreak to a government agency? Magic 8 ball says, “Situation hazy; ask again later.” There are several statutes involved here. First and foremost is the Computer Fraud and Abuse Act (CFAA). The statute has many parts, but it makes it a federal crime to exceed authorization to access a computer and obtain information. Generally, to access a computer means to use it; to obtain information was supposed to mean to steal data, but it could also mean just to learn something. And, while a modern cell phone is certainly a “computer,” it is not clear that phone software, apart from the phone (or running on a virtual machine), is a “computer.”

But, assuming that the phone is somehow “accessed” and “information” (like a vulnerability) is “obtained,” we are left with trying to parse what it means to “exceed authorization.” That’s where we get into Apple’s terms of service and terms of use. You know, the hundreds of pages of license agreements you find if you go to Settings -> General -> About -> Legal and Regulatory -> Legal Notices -> License. You know, the stuff you always do when you use the phone, amirite?

You see, you don’t actually own your phone. Well, you kinda own part of it, but the software that makes it work is licensed to you by Apple and others subject to the software license agreement (SLA). Violate the SLA, and you are using (accessing) your own phone “in excess of authorization.”

government HackerOne IBM data security

Ten Commandments To Secure Your iphone!

Ten Commandments To Secure Your Iphone! (gavrielhani) by [Gavriel Hani]

Tags: Jail Break

Apr 28 2021

The next big thing in cloud computing?

Category: Cloud computing,Information SecurityDISC @ 9:33 pm
The next big thing in cloud computing? Shh… It’s confidential

For some time, the public cloud has actually been able to offer more protection than traditional on-site environments. Dedicated expert teams ensure that cloud servers, for example, maintain an optimal security posture against external threats.

But that level of security comes at a price. Those same extended teams increase insider exposure to private data—which leads to a higher risk of an insider data breach and can complicate compliance efforts.

Recent developments in data security technology—in chips, software, and the cloud infrastructure—are changing that. New security capabilities transform the public cloud into a trusted data-secure environment by effectively locking data access to insiders or external attackers

This eliminates the last security roadblock to full cloud migration for even the most sensitive data and applications. Leveraging this confidential cloud, organizations for the first time can now exclusively own their data, workloads, and applications—wherever they work.

Even some of the most security-conscious organizations in the world are now seeing the confidential cloud as the safest option for the storage, processing, and management of their data. The attraction to the confidential cloud is based on the promise of exclusive data control and hardware-grade minimization of data risk.

What is the confidential cloud?

Over the last year, there’s been a great deal of talk about confidential computing—including secure enclaves or TEEs (Trusted Execution Environments). These are now available in servers built on chips from Amazon Nitro Enclaves, Intel SGX (Software Guard Extensions), and AMD SEV (Secure Encrypted Virtualization).

Tags: Trusted Execution Environments

Apr 28 2021

Microsoft Defender uses Intel TDT technology against crypto-mining malware

Category: Crypto,Information SecurityDISC @ 2:08 pm
Microsoft Defender uses Intel TDT technology against crypto-mining malware

Microsoft announced that Microsoft Defender for Endpoint, its commercial version of Windows 10 Defender antivirus, implements a new mechanism that leverages Intel’s Threat Detection Technology (TDT) to block cryptojacking malware using

Cryptojacking malware allows threat actors to secretly mine for cryptocurrency abusing computational resources of the infected devices.

The Intel TDT technology allows sharing heuristics and telemetry with security software that could use this data to detect the activity associated with a malicious code. Intel TDT leverages machine learning to analyze low-level hardware telemetry produced by the CPU performance monitoring unit (PMU) and uses it to detect the malware code execution “fingerprint” at runtime. TDT is currently implemented in Intel Core processors and any Intel CPU series that supports Intel vPro technologies, 6th Generation or later.

“Today, we are announcing the integration of Intel Threat Detection Technology (TDT) into Microsoft Defender for Endpoint, an addition that enhances the detection capability and protection against cryptojacking malware.” reads the announcement published by Microsoft. “TDT leverages a rich set of performance profiling events available in Intel SoCs (system-on-a-chip) to monitor and detect malware at their final execution point (the CPU). This happens irrespective of obfuscation techniques, including when malware hides within virtualized guests, without needing intrusive techniques like code injection or performing complex hypervisor introspection. TDT can further offload machine learning inference to the integrated graphics processing unit (GPU), enabling continuous monitoring with negligible overhead.”

Microsoft Defender uses Intel TDT technology against crypto-mining malware

Tags: crypto-mining malware

Apr 28 2021

Ransomware: don’t expect a full recovery, however much you pay

Category: Information Security,RansomwareDISC @ 1:37 pm
Ransomware: don’t expect a full recovery, however much you pay

When it comes to all the various types of malware out there, none has ever dominated the headlines quite as much as ransomware.

Sure, several individual malware outbreaks have turned into truly global stories over the years.

The LoveBug mass-mailing virus of 2000 springs to mind, which blasted itself into hundreds of millions of mailboxes within a few days; so does CodeRed in 2001, the truly fileless network worm that squeezed itself into a single network packet and spread worldwide literally within minutes.

There was Conficker, a globally widespread botnet attack from 2008 that was programmed to deliver an unknown warhead on April Fool’s Day, but never did. (Conficker remains a sort-of unsolved mystery: no one ever figured out what it was really for.)

And, there was Stuxnet, discovered in 2010 but probably secretively active for years before that, carefully orchestrated to spread via hand-carried USB drives in the hope of making it across security airgaps and into undislosed industrial plantrooms (allegedly Iran’s uranium enrichment facility at Natanz).

But none of these stories, as dramatic and as alarming as they were at the time, ever held the public’s attention as durably or as dramatically as ransomware has done since the early 2010s.

Ransomware: don’t expect a full recovery, however much you pay

Apr 27 2021

The hybrid office will create great opportunities—for companies and cybercriminals

Category: Information Security,Open Network,Zero trustDISC @ 10:22 pm

Spring is always a time of renewal, but never more so than this year. After our long winter of forced isolation, the increased accessibility of safe and effective vaccines has many looking forward to shutting off Zoom, putting on some real pants, and emerging to see friends and colleagues in person for the first time in more than a year. Normality, it seems, is just around the corner.

Yet the world has been irrevocably changed by the past year, and the businesses, schools, and other workplaces that we enter back into won’t be the same as the ones we left last March. 

The pandemic accelerated long-standing trends in workplaces across sectors as companies quickly embraced remote work and stood up infrastructure to enable their employees to remain productive while working from home. 

Today we are finding that many of these developments are pretty good—enabling employees to work and be productive from anywhere without the headaches of a commute or a noisy office. And so, as the economy begins to reopen, many are looking for ways to make these temporary solutions more permanent and merge them with more “traditional” forms of working to create a sort of hybrid work environment. 

These new hybrid workplaces will create new opportunities for businesses and will allow us to create organizations that are more flexible, productive, and accessible than ever before. But they can also open up new avenues of uncertainty that could threaten every organization. And make no mistake—cybercriminals know this and are finding ways to take advantage of these vulnerabilities. 

Visit Fortune for the full post.

Tags: Remote Working Policy

Apr 27 2021

When AIs Start Hacking

Category: AI,IoT SecurityDISC @ 5:00 pm
When AIs Start Hacking

If you don’t have enough to worry about already, consider a world where AIs are hackers.

Hacking is as old as humanity. We are creative problem solvers. We exploit loopholes, manipulate systems, and strive for more influence, power, and wealth. To date, hacking has exclusively been a human activity. Not for long.

As I lay out in a report I just published, artificial intelligence will eventually find vulnerabilities in all sorts of social, economic, and political systems, and then exploit them at unprecedented speed, scale, and scope. After hacking humanity, AI systems will then hack other AI systems, and humans will be little more than collateral damage.

Okay, maybe this is a bit of hyperbole, but it requires no far-future science fiction technology. I’m not postulating an AI “singularity,” where the AI-learning feedback loop becomes so fast that it outstrips human understanding. I’m not assuming intelligent androids. I’m not assuming evil intent. Most of these hacks don’t even require major research breakthroughs in AI. They’re already happening. As AI gets more sophisticated, though, we often won’t even know it’s happening.

AIs don’t solve problems like humans do. They look at more types of solutions than us. They’ll go down complex paths that we haven’t considered. This can be an issue because of something called the explainability problem. Modern AI systems are essentially black boxes. Data goes in one end, and an answer comes out the other. It can be impossible to understand how the system reached its conclusion, even if you’re a programmer looking at the code.

In 2015, a research group fed an AI system called Deep Patient health and medical data from some 700,000 people, and tested whether it could predict diseases. It could, but Deep Patient provides no explanation for the basis of a diagnosis, and the researchers have no idea how it comes to its conclusions. A doctor either can either trust or ignore the computer, but that trust will remain blind.

When AIs Start Hacking

Apr 27 2021

Organizations can no longer afford to overlook encrypted traffic

Category: CryptograghyDISC @ 1:37 pm
Organizations can no longer afford to overlook encrypted traffic

Whether you’re a small business operating out of a single office or a global enterprise with a huge and distributed corporate network, not inspecting the encrypted traffic entering and leaving can be a costly mistake, as cybercriminals are increasingly using TLS (Transport Layer Security) in their attacks.

Case in point: in Q1 2020, 23 percent of malware detected by Sophos used TLS to disguise malicious communications. Only a year later, that percentage has nearly doubled (45%)!

TLS encryption: For better and for worse

The widespread use of TLS encryption prevents criminals to steal or tamper with sensitive data and to impersonate legitimate organizations online. Unfortunately, it can also allow malware to fly under the radar and hide from enterprise IT security teams and the tools they use.

“A large portion of the growth in overall TLS use by malware can be linked in part to the increased use of legitimate web and cloud services protected by TLS—such as Discord, Pastebin, Github and Google’s cloud services—as repositories for malware components, as destinations for stolen data, and even to send commands to botnets and other malware,” noted Sean Gallagher, Senior Threat Researcher at Sophos.

“It is also linked to the increased use of Tor and other TLS-based network proxies to encapsulate malicious communications between malware and the actors deploying them.”

The company has also witnessed an increase in TLS use in manually deployed ransomware attacks, partly because the attackers use modular offensive tools (e.g., Metasploit, Cobalt Strike) that leverage HTTPS.

Tags: TLS encryption

Apr 26 2021

Bye Bye Emotet, law enforcement pushed the uninstall code via the botnet

Category: BotnetDISC @ 1:52 pm
Bye Bye Emotet, law enforcement pushed the uninstall code via the botnet

European law enforcement has conducted an operation aimed at performing a mass-sanitization of computers infected with the infamous Emotet Windows malware.

European law enforcement agencies automatically wiped the infamous Emotet malware from infected systems across the world as part of a mass sanitization operation.

Early this year, law enforcement and judicial authorities worldwide conducted a joint operation, named Operation Ladybird, which disrupted the EMOTET botnet. At the time the investigators have taken control of its infrastructure in an international coordinated action. 

This operation was the result of a joint effort between authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada and Ukraine, with international activity coordinated by Europol and Eurojust.

The law enforcement agency was able to take over at least 700 servers used as part of the Emotet botnet’s infrastructure.

The authorities started pushing out a 32-bit payload named “EmotetLoader.dll” to clean up the infected systems, the process was set to trigger itself automatically on April 25, 2021 as confirmed by researchers at Malwarebytes.

Bye Bye Emotet, law enforcement pushed the uninstall code via the botnet

Tags: Emotet

Apr 26 2021

Connected medical devices brought security loopholes mainstream

Category: hipaaDISC @ 1:34 pm
Connected medical devices brought security loopholes mainstream

Connected medical devices are proving essential amidst today’s new normal, but their mainstream adoption has also brought security loopholes to the fore. Fragmented systems have given rise to information silos and unencrypted devices, with hackers increasingly targeting health organizations and hospitals as a result.

It is worth considering what cybersecurity leaders can do as data security shapes up to be the health industry’s next battlefront.

The story so far: Coronavirus and healthtech

Medical connected devices have become a cornerstone defense for patients and healthcare workers over the past 12 months. The ability for devices to supply socially distanced medical information at a time when personal space and health insight are needed most has resulted in their astronomical rise.

From wearable IoT devices like smartwatches that provide a patient’s heart rate and blood oxygen level, to personal medical devices like hearing aids that can be calibrated remotely, these devices have proven vital for both patients and healthcare providers.

Smart devices have also played a key role in the fight against the pandemic. The integration of IoT devices with smart sensors and algorithms in the medical field, connected to an application via the cloud and other connected devices, have been very helpful in contact tracing.

Personal medical care and health data interoperability were already major hot topics in medicine before the pandemic, and now they are only growing with the expansion of medical connected devices. This is evident as a greater awareness and acceptance of newer technologies and higher spending on healthcare services is expected to see medical connected devices grow to $260 billion by 2027.

Connected medical devices brought security loopholes mainstream

Cybersecurity for Connected Medical Devices

Tags: Connected medical devices, medical devices

Apr 24 2021

UK spy chief says warns West faces ‘moment of reckoning’ over tech

Category: Cyber Espionage,Cyber surveillanceDISC @ 11:10 pm
UK spy chief says warns West faces ‘moment of reckoning’ over tech

LONDON — Western countries risk losing control of technologies that are key to internet security and economic prosperity to nations like China and Russia if they don’t act to deal with the threat, one of the UK’s top spy chiefs warned Friday.

“Significant technology leadership is moving east” and causing a conflict of interests and values, Jeremy Fleming, director of government electronic surveillance agency GCHQ, said in a speech.

Singling out China as a particular threat, he said the country’s “size and technological weight means that it has the potential to control the global operating system.”

China is an early adopter of emerging technologies but it also has a “competing vision for the future of cyberspace,” and it’s playing an influential role in the debate around international rules and standards, he said.

He raised the possibility of countries with “illiberal values” like China building them into technical standards that the world ends up relying on, and using their state power to control and dominate technology markets, turning them into arenas of geopolitical competition.

Russian hacking and other nefarious online activity, meanwhile, poses the most acute threat to the UK but, like a smartphone app vulnerability, could be avoided.

China’s Foreign Ministry blasted the remarks, saying they were “totally groundless and unreasonable.”

“Western countries, such as the UK and US, are actually the true empires of hacking and tapping,” ministry spokesman Zhao Lijian said at a briefing in Beijing.

Left unchecked, foreign adversaries could threaten the design and freedom of the internet, Fleming said. He citied as examples the security for emerging technologies like “smart city” sensors used to manage services more efficiently or digital currencies, saying they could be hardwired for data collection or other intrusive capabilities that go against open and democratic societies.

Britain and other Western countries face “a moment of reckoning,” Fleming said.

“The rules are changing in ways not always controlled by government,” Fleming said in his speech at Imperial College London. “And without action it is increasingly clear that the key technologies on which we will rely for our future prosperity and security won’t be shaped and controlled by the West.”

Britain should not take its status as a cyber power for granted, and it should work on developing “sovereign technologies” such as high-speed quantum computing and cryptographic technology to protect sensitive information, Fleming said.

China’s focus on establishing information dominance as a key component of its military efforts.

Apr 23 2021

Privacy and security in the software designing

Category: App Security,Information PrivacyDISC @ 9:49 pm
Privacy and security in the software designing

The importance of carrying out a careful risk and impact assessment in order to safeguard the security of the information and the data privacy.

In order to reduce as much as possible the vulnerabilities and programming errors that can affect not only the quality of the product itself but can also be exploited to launch increasingly sophisticated and growing computer attacks, it’s necessary to guarantee the protection parameters of computer security in terms of integrity, confidentiality and authentication both for the code of an application and for data management. Therefore, it’s essential to carry out a careful risk and impact assessment in order to safeguard the security of the information and the data privacy.

The project must be planned, following a common denominator for the whole software life cycle, to ensure the security requirements for the data, functions and programming language.

The reference model used in this discussion is, for simplicity’s sake, sequential, in which only after completing one phase does one move on to the next. However, it could be envisaged, for greater efficiency and flexibility, to revise and correct the various phases:

  • requirements study and analysis;
  • designing;
  • implementation and system check;
  • distribution and maintenance.

Apr 23 2021

TikTok sued over its use of children’s personal data

Category: data security,MetadataDISC @ 10:31 am
TikTok sued over its use of children’s personal data

TikTok is again being accused of illegally processing children’s personal data.

The latest claim has been brought by Anne Longfield, the former children’s commissioner for England, who is suing the video-sharing app on behalf of 3.5 million children in the UK.

She alleges that TikTok is violating the GDPR (General Data Protection Regulation) by collecting excessive data and failing to explain what it’s used for.

Children’s data is subject to special protections under the GDPR, including the requirement that privacy policies must be written in a way that’s understandable to the service’s target audience.

Tags: children’s personal data

Apr 23 2021

Outpost24 report finds Top 10 US Credit Unions all have web application issues

Category: App Security,Web SecurityDISC @ 9:12 am
Outpost24 report finds Top 10 US Credit Unions all have web application issues

Apr 22 2021

Giving Out Your E-mail Increases Your Chances Of Getting Hacked

Category: Email SecurityDISC @ 2:37 pm
Giving Out Your E-mail Increases Your Chances Of Getting Hacked

Does it seem as if nearly every time you install an app, it wants you to register with your email or phone number? To add to that, these apps usually want loads of other sensitive information that they don’t need. This is because of desperate data collection attempts, as your personal information is like gold to the companies selling it (and those using it to manipulate you). Users e-mail addresses are also sold to spammers (and scammers) that will bombard you with spam and phishing e-mails.

Your online activity across many apps is tied to your email address and phone number, and it is used to build a profile on you. This is one of the reasons that you should not use your email address to sign up for multiple apps or services. However, adhering to that policy is difficult. Many of the major e-mail providers require you to enter your phone number (another detail used to link your activity across multiple online services), and they sell your data too.

Protecting Your E-mail Enhances Your Online Security

First: Your e-mail is half of your login credentials, and is used as the login across many websites. Your password is the second half, and password cracking is not a difficult feat.

If your e-mail address is leaked by a popular app or service — something that happens frequently, you are at risk of hackers using that e-mail to log into other services you use online. If hackers don’t have your password, they can hack your e-mail account and use that to request a password reset. E-mail-related hacks are among the most catastrophic because your inbox reveals all the apps and services you use online (including financial services like banking, exchanges, and PayPal).

What You Can Do

There are multiple ways to approach this problem, but the first should be restraint. Don’t give any app or company your e-mail address if you aren’t required to. If a company asks for your e-mail when it isn’t needed, you can decline or say that you don’t have an e-mail. Also, if you don’t want an app that is demanding your e-mail badly enough, just uninstall it.

If you have an iPhone or iPad, you can use the ‘Sign in with Apple’ option to register and select the option to hide your e-mail address when prompted. Apple will generate a fake e-mail address and forward messages from it to the real e-mail on your Apple account. This goes a long way towards protecting your online accounts from hackers and data miners.

Sign up for ProtonMail and Tutanota to get secure, end-to-end encrypted e-mail. Each of those providers will provide you with one e-mail address for free. I would recommend getting a paid account so that you can create multiple e-mail addresses and use one exclusively for your bank, and another exclusively for your PayPal to protect those financial accounts from hackers.

If you don’t want a paid account, then sign up for each of them with a different alias to get one free account from each of them (ensure that you abide by their terms of use). If you want a third, there is also Disroot. If you do decide to pay, you can use Bitcoin to avoid providing billing details (which contain your name and address) on ProtonMail.

Giving Out Your E-mail Increases Your Chances Of Getting Hacked

Basic Email Security: Volume 14 in John R. Hines’ Computer Security for Mere Mortals, short documents that show how to have the most email security with the least effort by [John R. Hines]

Apr 22 2021

Backdoor Found in Codecov Bash Uploader

Category: BackdoorDISC @ 11:30 am
Backdoor Found in Codecov Bash Uploader

Developers have discovered a backdoor in the Codecov bash uploader. It’s been there for four months. We don’t know who put it there.

Codecov said the breach allowed the attackers to export information stored in its users’ continuous integration (CI) environments. This information was then sent to a third-party server outside of Codecov’s infrastructure,” the company warned.

Codecov’s Bash Uploader is also used in several uploaders — Codecov-actions uploader for Github, the Codecov CircleCl Orb, and the Codecov Bitrise Step — and the company says these uploaders were also impacted by the breach.

The Surveillance State: Big Data, Freedom, and You

« Previous PageNext Page »