Cybersecurity News
2FA: Double down on your security
The second authentication factor might be a minor inconvenience, but it provides a major security boost
The post 2FA: Double down on your security appeared first on WeLiveSecurity
P2PE v3.0: What Merchants Need to Know
The updates to the P2PE Standard and supporting program is part of the Council’s mission to evolve security standards and validation programs to support a range of environments, technologies and methodologies for achieving security. Ultimately, the updated PCI Point-to-Point Encryption (P2PE) ® Standard and supporting program will result in more PCI P2PE ® Solutions available to the marketplace. Here we cover key questions on what merchants need to know about P2PE v3.0.
P2PE v3.0: What Vendors and Assessors Need to Know
The updates to the P2PE Standard and supporting program are part of the Council’s mission to evolve security standards and validation programs to support a range of environments, technologies and methodologies for achieving security. Ultimately, the updated PCI Point-to-Point Encryption (P2PE)® Standard and supporting program will result in more PCI P2PE®Solutions available to the marketplace. We sit down with PCI SSC Vice President, Global Head of Programs Gill Woodcock to discuss the changes to the program.
The Great $50M African IP Address Heist
A top executive at the nonprofit entity responsible for doling out chunks of Internet addresses to businesses and other organizations in Africa has resigned his post following accusations that he secretly operated several companies which sold tens of millions of dollars worth of the increasingly scarce resource to online marketers. The allegations stemmed from a three-year investigation by a U.S.-based researcher whose findings shed light on a murky area of Internet governance that is all too often exploited by spammers and scammers alike.Increasing Standards Alignment and Consistency
Increasing standards alignment and consistency is a core pillar in the PCI Security Standards Council’s strategic framework, which guides how the Council achieves its mission and supports the needs of the global payments industry. In this interview with PCI SSC Operations Officer Mauro Lance, we discuss this strategic pillar and how it’s shaping Council priorities.
The Guardian view on Boris Johnson’s NHS plan: trading patient data | Editorial

The NHS is a goldmine of patient data which the United States wants to be quarried by some of its biggest companies. Britain’s health service is home to a unique medical dataset that covers the entire population from birth to death. Jeremy Corbyn’s NHS press conference revealed that the US wanted its companies to get unrestricted access to the UK’s medical records, thought to be worth £10bn a year. A number of tech companies – including Google – already mine small parts of the NHS store. Ministers have been treading carefully after an attempt to create a single patient database for commercial exploitation was scrapped in 2016 when it emerged there was no way for the public to work out who would have access to their medical records or how they were using them.
However, such caution might be thrown to the wind if Boris Johnson gets his way over Brexit – and patients’ privacy rights are traded away for US market access. This would be a damaging step, allowing US big tech and big pharma to collect sensitive, personal data on an unprecedented scale. Donald Trump’s officials have already made clear that this is what they are aiming for. In the leaked government records of talks between US and UK trade representatives White House officials state that “the free flow of data is a top priority” in a post-Brexit world. Trump’s team see Brexit as an opportunity “to avoid forcing companies to disclose algorithms”. The US wants the UK to drop the EU’s 2018 data law, in which individuals must be told what is happening with their medical data, even if scrubbed of personal identifiers.
Continue reading...Has WhatsApp become a potential career assassin? | Afua Hirsch

We need to talk about WhatsApp. When the little green speech bubble first showed up in my life, I greeted it with awe and wonder. I even wrote a little love letter to its ability to connect with a virtual black sisterhood – the kind that rarely exists in our too-undiverse workplaces in real life – in my first book. It became the perfect platform to share experiences, frustrations, strategies and ideas.
WhatsApp group communities proliferated on my phone – they were education, community and activism all in one place. It was great.
Continue reading...Be Alert this Holiday Season: Payment Security Tips for Businesses
On this blog we explore the challenges around security of payment data during the hectic holiday season and provide tips and best practices to help restaurants better secure their payment data. The following is a Q & A with Troy Leach, Senior Vice President of the PCI Security Standards Council and Laura Chadwick, Program Director, Technology & Innovation of the National Restaurant Association about the importance of cybersecurity this holiday season.
Just Published: PCI Contactless Payments on COTS
The PCI Security Standards Council (PCI SSC) has published a new data security standard for solutions that enable merchants to accept contactless payments using a smartphone or other commercial off-the-shelf (COTS) mobile device with near-field communication (NFC). Here’s what you need to know about the new PCI Contactless Payments on COTS (CPoC™) Standard and its supporting validation program.
Securing Emerging Payment Channels
Securing emerging payment channels is a core pillar in the PCI Security Standards Council’s (PCI SSC) strategic framework, which guides how the Council achieves its mission and supports the needs of the global payments industry. In this interview with PCI SSC Standards Officer Emma Sutcliffe, we discuss this pillar and how it’s shaping Council priorities.
What sort of security software and backups do I need for a home business?

Allen wants to set up a small company working from home, and would like some advice
I’m looking to set up a small business working from home, and would like some advice on back up and security measures. I have an Office 365 account so my main directory for saving documents will be OneDrive. I was looking to back up on a Synology NAS drive, perhaps to two separate hard drives as a precaution. Also, I currently just use Windows’ built-in security, but wondered whether I should look for something else.
Initially, it would just be me, but if things go well then I may have another two or three people helping. I’m assuming I can just scale up any security measures as the need arises. Allen
Technology manufacturers cater to two very large markets with different needs: home users and businesses. You’re about to enter the SoHo (small office, home office) market where home technologies dominate because most single traders don’t need proper business systems with all the extra costs and complications involved.
Continue reading...Twitter to clear out inactive accounts and free up usernames

Company has been criticised for handling of move it says will reduce risk from hacking
Twitter has announced it is to clear out inactive accounts, freeing up dormant usernames and reducing the risk of old accounts being hacked.
But the company is facing criticism for the way it has handled the announcement, with many concerned that the accounts of people who have died over the past decade will be removed with no way of saving their Twitter legacies.
Continue reading...ISA in Practice Case Study: TIVIT
To better serve its customers in the payment card industry and support their PCI Data Security Standard (PCI DSS) compliance initiatives, TIVIT chose Internal Security Assessor (ISA) training and certification for its staff.
Google's secret cache of medical data includes names and full details of millions – whistleblower

Whistleblower tells Guardian of growing alarm over secret transfer of medical history data, which can be accessed by Google staff
A whistleblower who works in Project Nightingale, the secret transfer of the personal medical data of up to 50 million Americans from one of the largest healthcare providers in the US to Google, has expressed anger to the Guardian that patients are being kept in the dark about the massive deal.
Related: Mick Mulvaney drops impeachment lawsuit but will not comply with House subpoena – live
Continue reading...These new rules were meant to protect our privacy. They don’t work | Stephanie Hare

Who owns your data? This is one of the toughest questions facing governments, companies and regulators today and no one has answered it to anyone’s satisfaction. Not what we were promised last year, when the European Union’s General Data Protection Regulation, commonly known as the GDPR, came into effect.
The GDPR was billed as the gold standard of data protection, offering the strongest data rights in the world. It has forced companies everywhere to modify their operating models, often at great cost. It inspired the state of California to pass a similar law and where California leads, the rest of the US often follows; there have been calls for a federal version of the GDPR.
Most websites nudge us into clicking 'I consent' by making it harder for us not to
Advances in computing processing power and AI will allow those who have our data to do much more with it, and so with us
Continue reading...Alexis Bledel, Lil Wayne, and Nicki Minaj Make McAfee’s Most Dangerous Celebrity 2019 List
Not that McAfee! By William Knowles @c4i Senior Editor InfoSec News October 29, 2019 Actress Alexis Bledel, best known for her role as Rory Gilmore in network television’s “Gilmore Girls,” tops McAfee’s U.S. list of most dangerous celebrities to search for online. For the thirteenth year, McAfee researched which famous individuals generate the riskiest results […]Navy Information Warfare
By William Knowles @c4i Senior Editor InfoSec News October 29, 2019 As a ten-year regular volunteer at the USO O’Hare, there’s a sly grin on my face knowing all the U.S. Navy personnel featured in this video have visited the Terminal 2 center at least once in their careers and should make every InfoSec […]7-Eleven fuel app data breach exposes users' personal details

App users were able to see other customers’ data, including names, dates of birth and mobile numbers
The popular petrol-buying app run by 7-Eleven has suffered a data breach that allowed customers to view the names, email addresses, mobile numbers and dates of birth of other users.
The 7-Eleven fuel app, which the company said this week has been downloaded two million times, was taken offline for a matter of hours on Thursday after a customer alerted the company to the fact that he was able to access the personal information of several other customers via the app.
Continue reading...Police database flagged 9,000 cybercrime reports as 'security risk'

Reports were quarantined by software designed to protect fraud bureau’s computer system, watchdog told
Thousands of reports of cybercrime were quarantined on a police database instead of being investigated because software designed to protect the computer system labelled them a security risk.
The backlog at one point stretched to about 9,000 reports of cybercrime and fraud, some of them dating back to October last year. The reports had been made to Action Fraud and handed to the National Fraud Intelligence Bureau (NFIB), run by the City of London police.
Related: Plan for massive facial recognition database sparks privacy concerns
Related: Counter-terror police running secret Prevent database
Continue reading...Farewell the ‘porn block’ – a PR exercise but lousy policy | Amy Orben

The UK government’s porn block was a dead man walking for months, if not years. It is long overdue that this attempt to curb children’s access to online pornography is scrapped. Almost two years ago, a close colleague and I sat in a meeting with one of the policymakers who had recently been asked to implement the proposal. The pained look on his face when we queried his progress confirmed our suspicions that it was an impossible task. It was clear to many that the block could – and would – never come to pass.
The plan did not have just one achilles heel – it had many.
Scientists and other stakeholders cannot access information about what the population is actually doing online
Related: UK drops plans for online pornography age verification system
Continue reading...