You are here
Home > Author: Peter Glock

CCPA Final Proposed Regulations Filed

The general advice is "Use GDPR as your base and tweak for each jurisdiction". We're almost there for California in terms of the tweaks. Watch for more articles analysing what is means for businesses operating in this market...: [...] The Attorney General, in a statement filed with the regulations, requested expedited review of the regulations, despite the additional time provided by the Executive Order. The statement cited the CCPA’s July 1, 2020 statutory deadline to final

Zoom Successfully Addresses New York’s Privacy and Security Concerns

Zoom have managed to weather the storm of security and privacy concerns pretty well...: A few weeks ago on this blog, we addressed some of the legal issues that have arisen for Zoom, as it becomes a significant part of American daily life during the COVID-19 pandemic. Among those legal issues was an inquiry by the New York State Attorney General into Zoom’s privacy practices, and particularly into its measures to detect and prevent hackers or other outside parties attempt

VMware Cloud Director vulnerability could lead to hijack of enterprise server infrastructure

As well as checking your own VMware setup(s) you should also look at your service providers and seek assurances that they have mitigated the threat...: [...] On Monday, penetration testing firm Citadelo published a security advisory detailing the bug, tracked as CVE-2020-3956, which was first discovered in April. The cybersecurity firm said CVE-2020-3956 was uncovered during a security audit performed for a Fortune 500 enterprise customer and user of VMware Cloud Director

DOD’s third attempt to implement IPv6 isn’t going well

It may be 'boring', but having an inventory of what's on your network is THE crucial first step in any infrastructure project. I have some sympathy for extremely large and diverse network operators but starting a migration project without an inventory is just asking for trouble...: On Monday, the Government Accountability Office (GAO), the auditing agency of the US government, said that the DOD's third attempt isn't doing any better either. GAO officials said the DOD fail

Webinar, 11 June 11.00 UK: Why is tackling the people component of cyber security so hard!

There's a lot of webinar action at the moment. I'm running one on 5 June with one of my technology partners(see here) and another of my partners has one 11 June Details below). I hope you find them useful...: We are hosting a series of monthly webinars on human-centred security with the aim of bringing together the industry and academia to develop a revolutionary Framework for the Management of Human Risk in Cyber Security. With all the investment in #securityawareness vi

Cisco security breach hits corporate servers that ran unpatched software

And today's fire drill is...: [...] Cisco said that without updates any VIRL-PE or CML products that are deployed in standalone or cluster configurations will remain vulnerable to the same sorts of compromises. The company released software updates for the two vulnerable products. Cisco rated the severity of the vulnerabilities with a ranking of 10 out of 10 on the CVSS scale. The Salt vulnerabilities are a CVE-2020-11651, an authentication bypass, and CVE-2020-11652, a...

New China National Security Law

Expect this to affect privacy and data security legislation, but we can't say how until we see the text of the legislation...: [...] The text of the proposed legislation (the “National Security Law”) is not publically available or, in all likelihood, settled yet. As a next step, the Standing Committee will need to finalize and approve the legislation. We understand that this could happen as soon as the next Standing Committee session in late June (according to the reported c

All the security features added in the Windows 10 May 2020 update

Good reasons to update (hope your broadband is meaty enough). On the recovery option: Apple have had this for years, but it's relatively easy to cope with a limited set of hardware (Macs and MacBooks) rather than the chaotic bazaar that is the Windows world...: [...] Windows 10 now has a cloud recovery option in the "Reset this PC" section. Until today, the "Reset this PC" option only had one option -- namely to do a local reinstall where it would build a new Windows inst

Presenting Virtually? Here’s How to Do it Right (RSAC Webinar)

There are quite a few of these wandering around the net. I do about 10 online presentation sessions a week, mainly to small audiences. The advantage I have is that I can pre-qualify what the audience wants to focus on before launching into presentation mode, often skipping the powerpoint-y bit and going straight to a demo and/or discussion. When dealing with a larger audience, we rely a bit more on the Q&A features. I also try to have more than one voice as we can all get

Mercedes-Benz Data Leak Lesson: Lock Down Code Repositories

Several lessons here: 1. Don't allow keys and credentials to be store in git repos; 2. Be careful who you grant access. Verify everything...: Don't forget to lock down online shared code repositories, as Mercedes-Benz parent company Daimler AG learned the hard way after a researcher was able to access nearly 9 GB of software development documentation from a misconfigured GitLab repository. As first reported by ZDNet, the data exposure, which first came to light last week,