Data assessment, user consent key to compliance with China law
www.zdnet.com/article/data-assessment-user-consent-key-to-compliance-with-china-law/#ftag=RSSbaffb68 International businesses that process information from China should obtain user consent and establish a data map, so they do not run afoul of the country’s Personal Information Protection Law (PIPL). Specifically, they should look closely at cross-border data flow and residency, even as more clarity still is needed on some components in the new legislation. Organisations that already are set up to comply with Europe’s General Data Protection Regulation (GDPR), though, have a good foundation on which to work towards PIPL adherence.
The Future is in Interoperability Not Big Tech: 2021 in Review
www.eff.org/deeplinks/2021/12/future-interoperability-not-big-tech-2021-review 2021 was not a good year for Big Tech: a flaming cocktail of moderation failings, privacy breaches, leaked nefarious plans, illegal collusion and tone-deaf, arrogant pronouncements stoked public anger and fired up the political will to do something about the unaccountable power and reckless self-interest of the tech giants. But this year, something new happened: lawmakers, technologists, public interest groups, and regulators around the world converged on an idea we’re very fond of around here: interoperability.
Europe completes first phase of silicon independence project
www.theregister.com/2021/12/24/european_processor_initiative_phase_one_concludes/ The European Processor Initiative (EPI) has concluded the first phase of its efforts to create made-in-Europe chips, an effort it is hoped will reduce reliance on imports, improve sovereign capabilities, and create the continent’s first exascale supercomputer.
Personal and salary data for 637, 138 Albanian citizens leaks online
therecord.media/personal-and-salary-data-for-637138-albanian-citizens-leaks-online/ The Albanian government has confirmed and apologized on Thursday for a data leak that exposed the personal and salary-related information for 637, 138 citizens, more than 22% of the country’s entire population. Details such as names, ID card numbers, salaries, job positions, and employer names were shared over the weekend on WhatsApp as an Excel document.
Cyber Warfare: What To Expect in 2022
securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/ Cyberwarfare is not a future threatit’s a clear and present danger. While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.
Honeypot experiment reveals what hackers want from IoT devices
www.bleepingcomputer.com/news/security/honeypot-experiment-reveals-what-hackers-want-from-iot-devices/ A three-year-long honeypot experiment featuring simulated low-interaction IoT devices of various types and locations gives a clear idea of why actors target specific devices. More specifically, the honeypot was meant to create a sufficiently diverse ecosystem and cluster the generated data in a way that determines the goals of adversaries. Research paper: arxiv.org/pdf/2112.10974.pdf
Common spear-phishing tricks
www.kaspersky.com/blog/common-spear-phishing-tricks/43224/ Virtually every employee of a large company comes across the occasional e-mail aiming to steal their corporate credentials. It’s usually in the form of mass phishing, an attack in which e-mails are sent out at random in the hope that at least some recipients will take the bait. However, the stream of phishing e-mails may contain one or two more dangerous, targeted messages, the content of which has been customized for employees of specific companies. This is spear-phishing.
Zero Trust migration: where do I start?
www.ncsc.gov.uk/blog-post/zero-trust-migration-where-do-i-start Following our Zero Trust: is it right for me?’ blog, this second installment focuses on how to start your zero trust architecture journey. Hopefully by now, you have decided it meets your business requirements, and have set implementing a zero trust architecture’ as your strategic goal.
Building the Zero Trust Enterprise: A Holistic Approach
www.paloaltonetworks.com/blog/2021/12/building-the-zero-trust-enterprise/ At its core, Zero Trust seeks to eliminate implicit trust throughout the enterprise by continuously validating all digital transactions. This is inherently a much more secure approach and helps deal with some of the most sophisticated and dangerous types of threats, such as ransomware and associated behaviors like lateral movement. Today, organizations can evolve into a Zero Trust enterprise by taking a holistic approach and applying Zero Trust best practices comprehensively across users, applications and infrastructure.