You are here
Home > Author: Peter Glock

Feds Want New IoT Guidance to Address Security Vulnerabilities

The challenge here is that IoT devices are flying off the shelves and being installed by all manner of suppliers, not just IT companies which should know about securing them...: “Internet of Things” devices are listening.  And now the federal government is taking notice. As we reported in our Government Contracts and Investigations blog, to date, federal cybersecurity regulations for government contractors focus on implementing safeguards to protect sensitive government data

VMware talks up multi-cloud era, need to transform security

All together now (in best Scotty accent) "You cannae change the laws of physics". The secondary point about rising complexity of security 'solutions' is well made. I suggest you send the next 'magic bullet' vendor away with a flea in their ear (unless it's my company)...: Driven by the laws of physics, economics, and land, the future of enterprise computing will head towards a multi-cloud era and technology vendors will have to step up to help businesses manage these environ

Alphabet’s Chronicle Explores Code-Signing Abuse in the Wild

Just because an executable is 'signed' , it doesn't mean you can trust it...: [...] To highlight the prevalence of this trend and problems with trust-based security, Chronicle researchers used VirusTotal, an online virus/malware scanner that analyzes suspicious files that a machine's antivirus tools may have missed. They limited this project to Windows PE Executable files, filtered out samples with fewer than 15 aggregate detections, and "aggressively" filtered out grayware

Windows 10 zero-day exploit code released online

Keep updating, these vulnerabilities are coming thick and fast. There's no patch yet. Microsoft's next Patch Tuesday is scheduled for June 11...: The zero-day is what security researchers call a local privilege escalation (LPE). LPE vulnerabilities can't be used to break into systems, but hackers can use them at later stages in their attacks to elevate their access on compromised hosts from low-privileged to admin-level accounts. According to a description of the zero-

Amendment to Breach Statute

It really is time for the U.S. to create an american GDPR...: In the absence of Federal legislation addressing a breach compromising personal information, let alone the protection of that information, states are continuing to fill the void. On Friday, May 10, 2019[1], New Jersey amended its breach notification statute, expanding the definition of “personal information,” which would trigger a breach notice obligation. Specifically, the state definition of "Personal Informa

Courts’ Approach to Cyber Insurance Continues to Evolve

TL;DR - cyber insurance policies don't always cover what you think they do. It's worth looking at the courts' interpretation of current case law...: [...] As more companies purchase cyber insurance to protect against the risks of computer hacking and data breaches, the body of law interpreting these policies is evolving rapidly. Risk managers and counsel should monitor these developments as they determine the best available policy forms to meet their companies’ needs. This r

How to change the complexity of your Windows PIN

Strange...I've setup PINs on many Win 10 devices (mostly VMs for me to destroy) and didn't even realise that you could choose 4 digits. All mine are 6 or greater...: [...] Those of you who create a PIN to back up your password in Windows probably rely on a standard 4-digit number, but did you know that you can create a longer and more complex PIN? You can devise a PIN with 6, 8, 10, 12, or more digits. You can also create a PIN with letters and special characters as well as

Where GDPR goes next: How digital privacy is taking over the world

I was at a security event recently where GDPR was commonly referred to as "You know. All those emails asking you if it was ok to store your inside leg measurements..." I think it's much more that that as this article from ZDNET shows...: [...] "To a large extent in the US, most users attribute GDPR with an influx of cookie notifications and see it as an annoyance, rather than what it is: an attempt by regulators to give the consumer a level of visibility and control over wha