Cybersecurity pros’ haphazard participation in data privacy raises concern


Before the General Data Protection Regulation (GDPR) became official in May 2018, I heard a similar story from many CISOs. Data privacy programs were legal exercises focused on data classification and governance. Yes, there were security angles around compliance, DLP, and incident response, but legal had oversight around which data was considered as private and what could and could not be done with sensitive data.

GDPR changed everything. Data privacy was no longer a background legal project but rather a set of business-critical processes, and this impacted the cybersecurity team.  CISOs were asked to utilize their operational expertise to help operationalize data privacy programs. 

To read this article in full, please click here

Read more

Yubico, Tufin, & Venmo – Hack Naked News #223

    This week, prevent the impact of a Linux worm, Yubico recalls FIPS Yubikey tokens after flaw discovered, how fraudulent domains hide in plain site, Samsung reminds rabble to scan smart TV’s for viruses and makes them forget, and the scraping of millions of Venmo transactions in a privacy warning to consumers! In the […]

The post Yubico, Tufin, & Venmo – Hack Naked News #223 appeared first on Security Weekly.

Read more

New MongoDB field-level encryption can help prevent data breaches


MongoDB has released a new version today featuring field-level encryption (FLE), a new mechanism that protects sensitive information stored in a database even if attackers compromise the database itself or the server it runs on.

MongoDB 4.2’s FLE implementation does not involve storing keys or performing any encryption and decryption operations on the server. Instead, these operations are performed by the MongoDB client library, also known as the driver, which is used by applications.

To read this article in full, please click here

Read more

Shannon Lietz, Intuit – Application Security Weekly #65

    Mike Shema and John Kinsella interview Shannon Lietz, the Director Information Security at Intuit about DevOps. Full Show Notes Follow us on Twitter: https://www.twitter.com/securityweekly Hosts             Announcements Register for our upcoming webcasts with SaltStack, DomainTools, and LogRhythm by going to securityweekly.com/webcasts. If you have missed any of our […]

The post Shannon Lietz, Intuit – Application Security Weekly #65 appeared first on Security Weekly.

Read more