Monthly Archives: September 2016
Edward Snowden Says Don't Use Google Allo
US Cities Promise To Crack Down On Police Spy Tech
Yahoo Expected To Confirm Hack Of 200M Users, Report Says
BT Wifi Extenders 300 / 600 / 1200 Cross Site Scripting
BT Wifi Extenders models 300, 600, and 1200 suffer from a cross site scripting vulnerability.
Malware Evades Detection with Novel Technique
Document-based macro malware flies under the security radar by first detecting existing documents on PC.
Locky takes the wheel again
Ransomware returns to its earlier hands-on approach.
The post Locky takes the wheel again appeared first on Avira Blog.
Mr. Robot Review: eps2.9_pyth0n-pt2.p7z
This season finale had me sitting in front of the TV saying “what?” a couple of times – a sign that this was another great episode!
Book of Eli: African targeted attacks
ESET’s latest research analyzes a piece of malware active since 2012, but which has targeted one specific country – Libya.
The post Book of Eli: African targeted attacks appeared first on WeLiveSecurity.
Panda Security Protects Privacy in Public Administration
There have been thousands of top secret documents leaked, confidential information pertaining to individuals has been stolen, cyber espionage between powerful governments has occurred, and attacks have been performed by personnel with privileged access. These are all examples that confirm that propagandistic pursuit and economic gain drive cybercriminals, and they target those who are willing to pay for the retrieval of their valuable information, such as institutions in the public sector.
PandaLabs, Panda Security’s anti-malware laboratory, presents the “Privacy in Public Administration” whitepaper; detailing numerous cyber-attacks on countries that could almost have come from a science fiction story.
Legislative Developments in Cybersecurity
The technological revolution in the public sector, the digitalization and storage of information, and the boom in online services to simplify administration for the public have led to an exponential growth in the generation, storage and processing of confidential data; data which must be treated with the utmost care. Consequently, the public sector now faces a new series of demands in risk prevention, security and legal compliance.
Politically-motivated attacks
During the past decade, crimes including cyber-terrorism, cyber-espionage and hacktivism have been on the rise, threatening the privacy of Public Administrations, businesses and nations:
2010: Bradley Manning, a US soldier, copied 700,000 confidential documents and used WikiLeaks to publish the data. In total almost half a million records from the Iraq and Afghanistan conflicts, and more than 250,000 secret U.S. diplomatic cables.
2013: Ed
ward Snowden, a former employee of the CIA and NSA, published top secret documents through the Guardian and the Washington Post concerning various NSA programs, including the mass surveillance programs PRISM and xkeyscore.
2016: A total of 19,252 emails (including attachments) from 8,034 servers of the US Democratic National Committee sent between January 2015 and May 2016 were revealed on WikiLeaks this July. The security company contracted by the Democratic National Committee has claimed that the hack was the work of at least two different groups of hackers linked to a Russian government agency in an action designed to favor Republican candidate Donald Trump.
Now, three months before the US elections, the FBI has confirmed the hacking of at least two electoral databases by foreign hackers who have extracted voter information from at least one of them. There is an ongoing investigation and IPs have been traced back once again to Russian hacking forums. Coincidence?
The solution for adapting to the change.
The emergence of new players from different backgrounds and with varying motivations combined with their ability to act in any security dimension, hinders the identification of aggressors and decreases the ability of countries to adequately respond. Current legislation is not adapted to the new cyber-crime dynamic or to new technological or data management demands.
To prevent new attacks on public agencies, a common regulatory and legislative framework is needed, with responsibilities shared between states. One such example is the new regulatory framework passed in the EU in 2016.
For public institutions, success in ensuring cyber-security lies with meeting certain requirements:
- Having real-time information about incidents and security holes related to data security, such as the accidental or illegal destruction, loss, alteration, unauthorized disclosure or remote transference of data.
- Compliance with Article 35 of the “General Data Protection Regulation” on data protection with regular and systematic monitoring of data on a large scale.
- Reporting all possible transfers of data files to foreign countries.
- Improving individual rights, including the right to be forgotten, and data portability across all shared data files.
- Safeguarding delegation to other processors of data deletion, reporting and notification requirements, and the maintenance of file transfer activities.
To this effect, the implementation of advanced technologies such as Adaptive Defense 360, as a complement to traditional antivirus solutions or perimeter security, enables compliance with guidelines and the technical requirements outlined above, since Adaptive Defense offers guaranteed security against threats and advanced targeted attacks on companies.
Download the Infographic here.
Download the Whitepaper:
 |
International Edition | ||
 |
Edición América Latina |  |
Edición México |
 |
Edição Portugal |  |
Ausgabe Schweiz |
 |
UK Edition |  |
US Edition |
The post Panda Security Protects Privacy in Public Administration appeared first on Panda Security Mediacenter.