Read more of this story at Slashdot.
Read more of this story at Slashdot.
Read more of this story at Slashdot.
Citrix is best-known for software that runs behind the scenes, but a massive data breach is putting the company front and center. The FBI has warned Citrix that it believes reports of foreign hackers compromising the company's internal network, swiping business documents in an apparent "password spraying" attack where the intruders guessed weak passwords and then used that early foothold to launch more extensive attacks. While Citrix didn't shed more light on the incident, researchers at Resecurity provided more detail of what likely happened in a conversation with NBC News.
The Belgian Data Protection Authority (the “Belgian DPA”) recently published (in French and in Dutch) the updated list of the types of processing activities which require a data protection impact assessment (“DPIA”). Article 35.4 of the EU General Data Protection Regulation (“GDPR”) obligates supervisory authorities (“SAs”) to establish a list of the processing operations that require a DPIA and transmit it to the European Data Protection Board (the “EDPB”).
The draft list was published in April 2018. In October, the EDPB adopted an Opinion on the draft DPIA lists established by the SAs, including the Belgian DPA. Following the EDPB’s Opinion, the Belgian DPA modified its list. The Belgian DPA asserts that this list is neither exhaustive nor final and could be modified in the future.
According to the Belgian DPA, the following data processing activities require companies to conduct a DPIA:
- Processing of biometric data for the purpose of uniquely identifying individuals in a public area or private area that is publicly accessible;
- Collecting personal data from third parties in order weigh that information in making a decision to refuse or end a contract with an individual;
- Collecting health-related data by automated means through an active implantable medical device;
- Processing of personal data collected on a large scale by third parties to analyze or predict the economic situation, health, preferences or personal interests, reliability or behavior, localization or movements of natural persons;
- Systematic sharing between several data controllers of special categories of personal data (“sensitive personal data”) or data of a very personal nature (such as data related to poverty, unemployment, youth support or social work, data related to domestic and private activities and location data) between different data controllers;
- Large-scale processing of data generated by devices with sensors that send data over the Internet or any another means (i.e., Internet of Things applications such as smart TV, smart household appliances, connected toys, smart cities, smart energy systems) for the purpose of analyzing or predicting individuals’ economic situation, health, preferences or personal interests, reliability or behavior, localization or movements;
- Large-scale and/or systematic processing of telephony data, Internet data or other communication data, metadata or localization data of individuals, or that can lead to specific individuals (e.g., Wi-Fi tracking or processing of individuals’ localization data in public transports), when such processing is not strictly necessary for the service requested by the individuals; and
- Large-scale processing of personal data where individuals’ behavior is observed, collected, established or influenced in a systematic manner and using automated means, including for advertising purposes.
Stolen user information from 16 popular apps and services including Dubsmash and MyFitnessPal is now being sold on the dark web, according to a report from The Register. A seller on the dark web marketplace Dream Market has come forward offering login details for more than 617 million accounts for just under $20,000, to be paid in Bitcoin.
Source: The Register
The US government plans to turn the tables on North Korea-linked hackers trying to compromise key infrastructure. The Justice Department has unveiled an initiative to map the Joanap botnet and "further disrupt" it by alerting victims. The FBI and the Air Force Office of Special Investigations are running servers imitating peers on the botnet, giving them a peek at both technical and "limited" identifying info for other infected PCs. From there, they can map the botnet and send notifications through internet providers and foreign governments -- they'll even send personal notifications to people who don't have a router or firewall protecting their systems.
Source: Department of Justice
- Are there surprises? Is new material produced?
- How do the results the writer arrived at tie back to the purpose of the paper?
- Is there a logical flow from the body of the paper to the conclusion?
- What are the implications for further study and practice?
- Are there limitations in the paper the reader might want to investigate? Are they pointed at sufficiently?
- Does the writing feel “finished” at the end of the conclusion?
- Is the reader engaged until the end?
- How does the writer prompt the reader to continue the creative process?
- Screen-shots showing web pages or application screens such as security configuration options;
- Graphs - pie-charts, bar-charts, line-charts, spider or radar diagrams etc. depending on the nature of the data;
- Mind-maps separating the topic into key areas, sometimes pointing out key aspects, conceptual links and common factors;
- Process flow charts;
- Informational and motivational messages with eye-catching photographic images;
- Conceptual diagrams, often mistakenly called 'models' [the models are what the diagrams attempt to portray: the diagrams are simply representational];
- Other diagrams and images, sometimes annotated and often presented carefully to emphasize certain aspects.
A number of German politicians have been the target of a massive data leak, one that contains extensive amounts of information. The data in question includes email addresses, private correspondence, passwords, phone numbers, work emails and photos, among other information, and those affected reportedly include journalists and celebrities as well as politicians. According to multiple reports, the data was leaked from the Twitter account @_0rbit -- which has since been suspended -- and the account began sharing the stolen information in December.
As much progress as Twitter has made kicking terrorists off its platform, it still has a long way to go. TechCrunch has learned that ISIS supporters are hijacking long-dormant Twitter accounts to promote their ideology. Security researcher WauchulaGhost found that the extremists were using a years-old trick to get in. Many of these idle accounts used email addresses that either expired or never existed, often with names identical to their Twitter handles -- the social site didn't confirm email addresses for roughly a decade, making it possible to use the service without a valid inbox. As Twitter only partly masks those addresses, it's easy to create those missing addresses and reset those passwords.
The hackers who stole Orange is the New Black are back, and they've hit a new low. The group known as TheDarkOverlord claims to have stolen 18,000 documents from Hiscox Syndicates, Lloyds of London and Silverstein Properties, and threatened to release files providing "answers" for 9/11 attack "conspiracies" unless it received a ransom. A Hiscox spokesperson confirmed the hack to Motherboard and indicated that this was likely insurance data tied to litigation involving the terrorist campaign.
Hackers just caused grief for North Korean defectors. South Korea's Unification Ministry has revealed that attackers stole the personal data of 997 defectors, including their names and addresses. The breach came after a staff member at the Hana Foundation, which helps settle northerners, unwittingly opened email with malware. The defectors' data is normally supposed to be isolated from the internet and encrypted, but the unnamed staffer didn't follow those rules, officials said.
Source: Wall Street Journal