dcsimg

British Airways fine could be the start of GDPR tidal wave

Earlier this week, the ICO (Information Commissioner’s Office), the UK’s data protection authority, announced that it would be fining British Airways £183.4 million (about €204 million) for a data breach that occurred last year.  The incident, which affected 500,000 customers, involved a sophisticated attack in which criminals diverted traffic from British Airways’ website to a bogus replica, … [Read more...]

Things to consider when processing biometric data

Biometric data is being used in countless systems these days. If you’ve ever used your fingerprint scan to unlock your phone or facial recognition software, then your biometric data is being processed.  But like any form of data, biometrics – i.e. information relating to individual’s physical, physiological or behavioural characteristics – are potentially accessible by malicious sources, and the … [Read more...]

How Ireland’s Credit Unions can meet their penetration testing requirements

Credit unions in Ireland are required to conduct a penetration test once a year, and send the results to the Central Bank of Ireland for review.  According to a report published by the Bank last year, credit unions are getting better at doing this. But for those that are still unsure how to complete this process or simply want to get better at it, this blog explains everything you need to know … [Read more...]

Leaks and breaches: a roundup

It’s time for one of our semi-regular breach/data exposure roundup blogs, as the last few days have brought us a few monsters. If you use any of the below sites, or if you think some of your data has been sitting around exposed, we’ll hopefully give you a better idea of what the issue is. Seeing so many services be compromised or simply exposed for all to see without being secured is rather … [Read more...]

Medical industry struggles with PACS data leaks

In the medical world, sharing patient data between organizations and specialists has always been an issue. X-Rays, notes, CT scans, and any other data or related files have always existed and been shared in their physical forms (slides, paperwork). When a patient needed to take results of a test to another practice for a second opinion or to a specialist for a more detailed look, it would … [Read more...]

‘ZombieLoad’ vulnerabilities expose computers using Intel chips

Cyber security researchers have discovered a class of vulnerabilities in Intel chips that could be exploited to steal sensitive information, unencrypt data and spy on tasks handled by the processor.  The bugs, dubbed ‘ZombieLoad’, affect almost every computer that uses an Intel chip released since 2011.  What does ZombieLoad do?  ZombieLoad is a side-channel attack that enables criminals to … [Read more...]

Huge breach affects 9 million Cathay Pacific customers

Airlines aren’t having a good time of things at the moment. Even if you managed to dodge the recent British Airways fallout, you may well be caught up in the latest breach affecting no fewer than 9 million customers of Cathay Pacific. So what was taken? The impact this time around isn’t so much where payment information is concerned, as the 403 credit card numbers the hackers grabbed had all … [Read more...]

A week in security (July 16 – July 22)

Last week on Labs, we looked at a Magniber expansion, explored open source vulnerabilities, and checked out the boons and drawbacks of smart assistants. We also continued our ad blocking article extravaganza, gave a whistlestop tour of third-party problems, and published our Q2 Cybercrime tactics & techniques report. Other news: Huge data breach in Singapore (Source: Straights Times) Venmo … [Read more...]

Major data breaches at Adidas, Ticketmaster pummel web users

There’s been a number of data breaches and accidental data exposures coming to light in the last few days, and no matter where in the world you happen to be located, you’ll want to do some due diligence and see if you’ve been affected. These aren’t small fishes being preyed upon by black hats; we’re talking Adidas, Ticketmaster, and Exactis, the last one being a … [Read more...]

What am I supposed to do with all these privacy policy emails?

Society doesn’t tend to agree on much, but late last week hundreds of millions of people were united by the question: “What’s with all these emails about updated privacy policies?” The flurry of messages led to many jokes and memes, but lost among the humour was the reason for this torrent of emails. It wasn’t just an amazing coincidence that every organisation you’ve ever visited updated its … [Read more...]