On Tuesday December 12, 2017 researchers Hanno Böck and Juraj Somorovsky announced a “new but old” vulnerability (The ROBOT Attack) found from certain TLS implementations. The vulnerability is (based on current knowledge) limited to certain TLS implementations and based on current information available most of TLS or RSA implementations are not affected.
First, some history:
In the previous article on Skype Phishing, I explored the possibilities of using Skype for Business as a channel for carrying out targeted attacks on specific high-value individuals in companies. If you did not read that article, do so now as rest of this article assumes you did: https://www.nixu.com/blog/how-own-company-skype-phishing-101
This the second part of our blog series "Things that security auditors will nag about and why you shouldn't ignore them" In these articles, Nixu's security consultants explain issues that often come up when assessing the security of web applications, platforms and other computer systems.
On Tuesday November 21, 2017 Uber revealed that they have faced a data breach during 2016 but failed to disclose the event initially. Data of 57 million users and over 600,000 drivers was affected in the breach as reported by Uber themselves. The company admits that instead of disclosing the event publicly at the time, it agreed to pay the hackers $100,000 in exchange for deleting the data and not
IAPP Europe Data Protection Conference 2017, held in Brussels during 8-9th of November, is the most important venue for data protection professionals to get together and share lessons learned with others from around the world.