Security Experts:

Privacy & Compliance
long dotted

NEWS & INDUSTRY UPDATES

The patch comes exactly one week after the Redmond, Wash. software giant acknowledged the CVE-2021-40444 security defect and confirmed the existence of in-the-wild exploitation via booby-trapped Microsoft Office documents. [Read More]
China's new data privacy law, the Personal Information Protection Law (PIPL), will provide solid protection for its people’s personal information nationally, internationally the law can be used as a weapon. [Read More]
Security researchers worldwide are invited to hunt for vulnerabilities in the e-voting system as part of a bug bounty program on YesWeHack. [Read More]
Tenable makes its priciest acquisition to date and expands its product portfolio with capabilities to detect security problems in code before they become operational security risks. [Read More]
Google introduced Private Compute Services for Android, a new suite of services designed to improve privacy in the Android operating system. [Read More]
Secure email provider ProtonMail has been strongly criticized for providing the IP address of a customer to Swiss authorities, ultimately leading to the arrest of a climate activist in France. But simply blaming ProtonMail misses the important lessons of this case. [Read More]
Cisco warns that these vulnerabilities could be exploited by attackers to reboot devices, elevate privileges, or overwrite and read arbitrary files. [Read More]
A critical security flaw in HAProxy could lead to HTTP request smuggling attacks, allowing attackers to bypass security controls and access sensitive data without authorization. [Read More]
GitHub has published documentation on seven vulnerabilities in the Node.js packages and warned that exploitation could expose users to code execution attacks. [Read More]
The U.S. government's CISA and OMB are seeking the public’s opinion on draft zero trust strategic and technical documentation. [Read More]

FEATURES, INSIGHTS // Privacy & Compliance

rss icon

Gordon Lawson's picture
While obscurity is an offensive tool for attackers, it also represents a defensive measure for organizations. Let’s consider the benefits of concealing network infrastructure and activity from the outside world to reduce the enterprise attack surface.
Preston Hogue's picture
There is a dawning realization of the potential danger posed by algorithms, written by humans to steer other humans.
Preston Hogue's picture
Everywhere you go, you cast a shadow of data that, taken together, reveals who you are, what you like to do, your habits, your addictions.
Alastair Paterson's picture
For companies based in the U.S. with customers and files in many different countries, reconciling conflicting practices and laws is likely to remain a serious headache for years to come.
Jim Gordon's picture
Individuals and security professionals should have a 360 mindset and know the actions needed to take in the pursuit of data protection and the preservation of privacy.
David Holmes's picture
Architects and IT security teams are looking for technology evolutions to help them manage real problems in endpoint storage and messaging.
Josh Lefkowitz's picture
Regardless of which framework you use, it’s crucial to operationalize it in the context of your organization’s unique environment and risk factors.
Laurence Pitt's picture
In the coming years the data protection and privacy landscape will change dramatically, improving the experience for us as individuals but potentially making things more complex for businesses.
Alastair Paterson's picture
With more legislation expected, every company should ensure they have a robust framework in place along with strong data mapping capabilities.
Torsten George's picture
By implementing the core pillars of GDPR, organizations can assure they meet the mandate’s requirements while strengthening their cyber security posture.