InfoSecSherpa Newsletter — 07 June 2021
- Illegal trading of personal data difficult to control
(Vietnam Net Global, 08 June 2021)
The act of buying and selling personal data in Vietnam is in two forms. Businesses that provide services that collect personal data of customers allow third parties to access the data, and the third parties transfer and trade the data. Or, businesses actively collect personal information of customers to have personal data to sell.
- Removing the fear, uncertainty, and doubt around zero trust security
(GCN, 07 June 2021)
While zero-trust security doesn’t protect networks from every possible attack, it reduces risk, speeds up threat detection and closes gaps in visibility, It is tailor-made for a world where cloud computing and an ever-increasing number of mobile devices are increasing the network attack surface and demanding finer-grain security controls.
- DISA Details Plans to Improve Network for Shift to Zero Trust
(Nextgov, 07 June 2021)
The Defense Department’s IT services provider is driving a shift away from perimeter-based security toward a data-focused, never trust, always verify paradigm, and it’s looking for industry guidance on a potential acquisition to help it do so.
- North Carolina cybersecurity chief Maria Thompson resigns
(State Scoop, o7 June 2021)
North Carolina’s top cybersecurity official, Maria Thompson, stepped down from state government last Friday after six-and-a-half years as its chief risk officer.
- Cobalt Gang Members Sentenced by Kazakhstan District Court
(Gov Info Security, 07 June 2021)
A district court in Kazakhstan last Wednesday sentenced two unidentified Cobalt, aka Carbanak, gang members to serve eight years in prison on robbery and attempted robbery charges.
- Domino’s Pizza leaked user data available on dark web search engine
(Illinois News Today, 07 June 2021)
The leaked data includes Domino’s India customer names, email IDs, mobile phone numbers, and GPS locations. Approximately a month after Domino’s India user data was leaked on the dark web, it is said that data related to 18 million pizza chain orders was republished on the dark web.
- Lexington-based security provider warns of fake door-to-door salesmen trying to trick homeowners
(Lex 18, 07 June 2021)
Bryan Bates, Vice President of Bates Security, says people from out-of-town may show up to your home unannounced and act as if they are from your own security company, taking advantage of the trust you have with your provider.
- New Google tool reveals dependencies for open source projects
(Help Net Security, 07 June 2021)
Google has been working on a new, experimental tool to help developers discover the dependencies of the open source packages/libraries they use and known security vulnerabilities they are currently sporting.
- Security vulnerability in Hyperkitty could expose private data
(The Daily Swig, 07 June 2021)
Users of the Mailman newsletter management service should patch now.
- GitHub changes policy to welcome security researchers
(The Daily Swig, 07 June 2021)
Coding platforms explicitly permits proof of concept exploits.