Archive for November, 2017

GDPR

November 8th, 2017

HyTrust conducted survey of 323 attendees at the VMworld 2017 conference in Las Vegas, Nevada. It found that only 21 percent are concerned about GDPR compliance regulations and plan to implement it. Twenty seven percent are concerned but have no plan to implement.

“If you think GDPR desn’t apply to your organization, think again,” HyTrust president and founder Eric Chiu mentioned in a statement.

“Most organizations today are very aware of their security risks, but are not as far along with technology and processes to meet the GDPR compliance requirements, despite a May 2018 deadline that has significant fines for failure to comply,” Chiu added.

Another survey conducted by Carbon Black survey of 120 business decision makers has below findings –

Eighty six percent of respondents mentioned that they are confident in their ability to comply with GDPR requirements

Fifty eight percent are not using effective risk management tools

Survey conducted by Computing Magazine stated that only ten percent have their toolsets for classifying critical data and prioritizing risk to data.

“In order to effectively identify and neutralize data breaches, it’s essential to know what constitutes normal network behaviors versus what is suspicious,” Carbon Black senior director for compliance and governance programs Chris Strand said in a statement.

“Failing to align the right data protection toolsets with people and processes, many organizations are at risk of non-compliance with the GDPR and, more importantly, putting their customers’ information in jeopardy,” Strand added.

Survey conducted by IAPP-EY survey of 548 privacy professionals worldwide shows that fully 95 percent ( 75 percent of whom are located outside the EU) say the GDPR applies to their organization.

“Even though the EU’s GDPR has yet to take effect, organizations the world over are spending money on hiring and promoting privacy staff, training employees on privacy, purchasing technology to help with GDPR compliance, and pushing privacy awareness into every corner of the firm,” the report states.

____________________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra. AlertSec ACCESS will also verify that all smartphones running iOS and Android are encrypted before access is granted.

Ghostwriter AWS Issue

November 2nd, 2017

Skyhigh Networks researchers is warning about “GhostWriter,”. This entity misconfigures Amazon S3 buckets to allow public write access for a malicious third party to launch man-in-the-middle (MiTM) attacks.

“GhostWriter underlines the fact that security is just not the responsibility of the cloud service providers, but also the customer, and often it is a customer misconfiguration that exposes their data to threat,” Skyhigh chief scientist Sekhar Sarukkai wrote in blog.

According to Skyhigh, more than 1,600 S3 buckets get accessed from the enterprise network. Four percent are exposed to GhostWriter. “Skyhigh has identified thousands of such buckets being accessed from enterprise networks and has shared these affected buckets with AWS for remediation,” Sarukkai wrote.

Affected entities are major news sites, leading retailers, popular cloud services and ad networks.

“Bucket owners who store JavaScript or other code should pay particular attention to this issue to ensure that third parties don’t silently overwrite their code for drive-by attacks, Bitcoin mining or other exploits,” Sarukkai added.

This kind of misconfiguration is creating high profile data breaches which includes expose of 4 million Verizon customers’ data and 3 million WWE fans’ contact details.

Another survey conducted by AlgoSec of 450 senior security and network professionals showed that thirty percent of the participants plan to increase public cloud usage.  Forty four percent said that they faced challenges after migrating to public cloud.

AlgoSec director of communications Joanne Godfrey mentioned that it’s essential for organizations to maintain complete visibility”This enables them to better protect the business and fulfill compliance demands, while taking full advantage of the cost savings and agility offered by the hybrid cloud model,” she said.

“Companies of all sizes are adopting increasingly more complex technical solutions as the market democratizes what was previously reserved for software giants,” Threat Stack CSO Sam Bisbee said in a statement. “This has created an opening for internal and external threats as security teams catch up on cloud, containers, and more.”

____________________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra. AlertSec ACCESS will also verify that all smartphones running iOS and Android are encrypted before access is granted.