Friday, 29 April 2016

Cyber Security Roundup for April 2016

The European General Data Protection Regulation (GDPR) was finally approved by the European Parliament this month. Coming into force in 2018, the GDPR has serious teeth with an up to 4% global turnover fine for non-compliance, and 72 hour mandatory data breach reporting amongst ground breaking data protection changes geared at improving EU citizen's privacy rights. The new data protection regulation will have significant impact all businesses in UK, even if the UK votes to leave the EU. 

An updated version of PCI DSS was also released; there are a number of minor changes to requirements within V3.2 which PCI DSS compliant businesses need to be aware of in order to avoid being caught out during compliance assessments. 

There were several huge data breaches from around world, with entire country populations personal data being compromised.  There was what could be a very defining UK lawsuit by 6,000 Morrisons staff against their company, after an employee stole and posted their personal details online.

News

Friday, 1 April 2016

Cyber Security Roundup for March 2016

Ransomware attacks continue soar across all UK industry sectors, Trustwave SpiderLabs provided a excellent overview of how one of the most prolific ransomware strains works in How the Locky Ransomware Works

March saw media headlines dominated by Apple refusal to co-operate with the FBI in breaking the iPhone’s security, which concluded with the FBI successfully hacking iPhone via an anonymous third party, sparking the old but much needed Privacy V Security debate. 

There were also notable hacks of Law Firms and a major ‘Cyber Heist’ at the Federal Reserve Bank of New York by hackers. Another major TLS vulnerability named ‘DROWN’, highlights the importance of patching OpenSSL and not using weak crypto.

News
Reports