Nieuws over privacy & security

Security.NL maakt Nederland veilig

VS klaagt negen Iraanse verdachten aan voor cyberdiefstal (vr, 23 mrt 2018)
Het Amerikaanse Openbaar Ministerie heeft negen burgers uit Iran aangeklaagd op verdenking van grootschalige cyberdiefstal. De ...
>> meer lezen

Amerikaans Congres keurt omstreden CLOUD-wetgeving goed (vr, 23 mrt 2018)
Het Amerikaanse Congres heeft deze week de omstreden CLOUD-wetgeving goedgekeurd die vergaande bevoegdheden aan ...
>> meer lezen

Infosecurity Magazine

Hoe je continue beveiliging inbouwt in applicatieontwikkeling (vr, 23 mrt 2018)
Chantal ’t Gilde, Managing Director, Benelux & Nordics bij Qualys Software is inmiddels de kern van elk essentieel bedrijfsproces. Organisaties moeten dus beveiliging inbouwen in hun applicatieontwikkelingspipeline om data-inbreuken te voorkomen, compliance te garanderen en initiatieven op het gebied van digitale transformatie te beschermen. Dit geldt voornamelijk voor organisaties die snel en doorlopend applicaties creëren
>> meer lezen

Facebook beperkt toegang van ontwikkelaars tot gebruikersdata (vr, 23 mrt 2018)
Facebook (bron: Pixabay / geralt)Facebook gaat de toegang van ontwikkelaars tot informatie van gebruikers verder beperken. Ontwikkelaars krijgen niet alleen standaard toegang tot minder data, maar verliezen deze toegang ook indien mensen hun app langer dan drie maanden niet gebruiken. Wie toegang wil krijgen tot meer gedetailleerde informatie, heeft hiervoor toestemming van Facebook nodig. Dit heeft Mark Zuckerberg bekend
>> meer lezen

Bits of Freedom

De week van #DeleteFacebook (en een gewonnen referendum!) (za, 24 mrt 2018)
Dit zijn de interessante, ontroerende, zorgwekkende en/of hilarische linkjes over internetvrijheid die ik deze week graag met je deel.
>> meer lezen

De kiezer heeft gesproken: kabinet moet de wet verbeteren! (do, 22 mrt 2018)
UPDATE 22/10: Alle stemmen zijn geteld. Het hing al in de lucht maar is nu zeker. Een meerderheid heeft tegen de sleepwet gestemd! De uitslag is helder: kiezers willen een betere wet. We zijn ontzettend blij dat zoveel mensen zich hebben uitgesproken! Het is een duidelijk signaal dat er een wens is voor een veilig Nederland, met een wet die onze vrijheden beschermt.
>> meer lezen

Privacy Barometer

BEWINDSPERSONEN LIJKEN BEWUST FOUTE INFORMATIE TE VERSPREIDEN Ook Rutte misleidt ten behoeve van voor-stem (zo, 18 mrt 2018)
Minister-president Rutte stelt dat de geheime diensten op dit moment het internet niet via de kabel mogen aftappen. Dat is pertinent niet waar. Na vice-premier De Jonge en vice-premier Ollongren is Rutte de derde bewindspersoon die wegkomt met deze desinformatie.
>> meer lezen

De vijf grootste problemen van de sleepwet (zo, 18 mrt 2018)
Het is goed dat er een nieuwe wet komt voor de AIVD en de MIVD. De wet uit 2002 is verouderd en biedt te weinig waarborgen. De nieuwe wet schiet echter zijn doel voorbij en moet worden aangepast.
>> meer lezen


Guidelines on IT Government and IT Management (vr, 23 mrt 2018)
The Guidelines describe the data protection aspects related to the processing of personal data.
>> meer lezen

Online manipulation and personal data (wo, 21 mrt 2018)
EDPS advocates an extension of the scope of protection afforded to individuals' interests in the digital society. Read the press release and the opinion.
>> meer lezen

RSS-feed Autoriteit Persoonsgegevens

Onderwijsorganisaties passen werkwijze met leerlingvolgsysteem aan na onderzoek AP (ma, 12 mrt 2018)
Drie grote onderwijsorganisaties hebben hun werkwijzen met een leerlingvolgsysteem zodanig aangepast, dat die nu voldoen aan de Wet bescherming persoonsgegevens. Dat constateert de Autoriteit Persoonsgegevens (AP) na onderzoek. Na technische aanpassingen in het leerlingvolgsysteem hebben medewerkers nu alleen nog toegang tot persoonsgegevens van leerlingen die zij voor de uitvoering van hun taken nodig hebben. En niet meer tot de persoonsgegevens van alle leerlingen van de school. De drie onderzochte onderwijsorganisaties hebben daarnaast de beveiliging van de persoonsgegevens verbeterd door bij te houden welke bestanden van welke leerlingen zijn gelezen of aangepast. De AP roept scholen op hun werkwijze met leerlingvolgsystemen tegen het licht te houden.
>> meer lezen

Ontwerpbesluit registratie ongewenst huurdersgedrag regio Utrecht (wo, 21 feb 2018)
De Autoriteit Persoonsgegevens (AP) is voornemens om de door Stichting Woonruimteverdeling Regio Utrecht (SWRU) gemelde verwerking van persoonsgegevens (registratie ongewenst huurdersgedrag regio Utrecht) rechtmatig te verklaren. De gemelde verwerking houdt in dat SWRU van plan is om strafrechtelijke gegevens en gegevens over onrechtmatig of hinderlijk gedrag te verwerken, anders dan in de gevallen genoemd in artikel 22, vierde lid, onderdelen a en b van de Wet bescherming persoonsgegevens.
>> meer lezen

SecurityWeek RSS Feed

UK Regulators Search Cambridge Analytica Offices (za, 24 mrt 2018)
British regulators on Friday began searching the London offices of Cambridge Analytica (CA), the scandal-hit communications firm at the heart of the Facebook data scandal, shortly after a judge approved a search warrant. Around 18 enforcement agents from the office of Information Commissioner Elizabeth Denham entered the company's London headquarters at around 8:00pm (2000 GMT) to execute the warrant. The High Court granted the raid request less than an hour earlier, as Denham investigates claims that Cambridge Analytica may have illegally harvested Facebook data for political ends. A full explanation of the legal ruling by Judge Anthony James Leonard will be issued on Tuesday, according to the court. "We're pleased with the decision of the judge," Denham's office said on Twitter. "This is just one part of a larger investigation into the use of personal data and analytics for political purposes," it added in a statement. "As you will expect, we will now need to collect, assess and consider the evidence before coming to any conclusions." The data watchdog's probe comes amid whistleblower accusations that CA, hired by Donald Trump during his primary campaign, illegally mined tens of millions of users' Facebook data and then used it to target potential voters. Fresh allegations also emerged Friday night about the firm's involvement in the 2016 Brexit referendum campaign. Brittany Kaiser, CA's business development director until two weeks ago, revealed it conducted data research for Leave.EU, one of the leading campaign groups, via the UK Independence Party (UKIP), according to The Guardian. 'I was lying' Kaiser, 30, told the newspaper she felt the company's repeated public denials it ever worked on the poll misled British lawmakers and the public. "In my opinion, I was lying," she said. "In my opinion I felt like we should say, 'this is exactly what we did.'" CA's suspended chief executive Alexander Nix told MPs last month: "We did not work for Leave.EU. We have not undertaken any paid or unpaid work for them, OK?" Nix was suspended this week following the Facebook revelations and a further media sting in which he boasts about entrapping politicians and secretly operating in elections around the world through shadowy front companies. He has already been called to reappear before British lawmakers to explain "inconsistencies" in past testimony about the firm's use of the data. Meanwhile Facebook founder Mark Zuckerberg has been forced to issue a statement outlining his firm's role in the scandal and apologised Wednesday to its billions of users for the breach. The company has seen its stock market value plunge by around $75 million amid the crisis, as shares closed the week down 13 percent -- their worst seven days since July 2012. Cambridge Analytica denies any wrongdoing, and said Friday it was undertaking an independent third-party audit to verify that it no longer holds any of the mined data. "As anyone who is familiar with our staff and work can testify, we in no way resemble the politically-motivated and unethical company that some have sought to portray," acting CEO Alexander Tayler said in a statement. He apologised for the firm's involvement, but said it had licensed the data from a research company, led by an academic, that "had not received consent from most respondents". "The company (CA) believed that the data had been obtained in line with Facebook's terms of service and data protection laws," Tayler said. New review Aleksandr Kogan, a University of Cambridge psychologist, created a personality prediction app that harvested the data of 270,000 people who downloaded it -- as well as scooping up the information of their friends. That was possible under Facebook's rules at the time, and Kogan this week claimed he was being unfairly blamed. "I'm being basically used as a scapegoat by both Facebook and Cambridge Analytica," he said in interviews Wednesday. "We were assured by Cambridge Analytica that everything was perfectly legal and within the terms of service" of Facebook, he added. However, Cambridge University announced Friday it was "undertaking a wide-ranging review" of the episode and had written to Facebook "to request all relevant evidence in their possession". "Should anything emerge from this review, or from our request to Facebook, the University will take any action necessary in accordance with our policies and procedures," it said in a statement. view counter // © AFP 2018 Previous Columns by AFP: UK Regulators Search Cambridge Analytica Offices Facebook as an Election Weapon, From Obama to Trump U.S. Imposes Sanctions on Iranians for Hacking Worried About Being on Facebook? Some Options Explained Growing Mistrust Threatens Facebook After Data Mining Scandal 2018 ICS Cyber Security Conference | Singapore [April. 24-26] view counter 2018 ICS Cyber Security Conference | USA [Oct. 22-25] view counter Register for the 2018 CISO Forum at Half Moon Bay view counter sponsored links Tags:
>> meer lezen

Ransomware Hits City of Atlanta (vr, 23 mrt 2018)
A ransomware attack -- possibly a variant of SamSam -- has affected some customer-facing applications and some internal services at the City of Atlanta. The FBI and incident response teams from Microsoft and Cisco are investigating. The city's police department, water services and airport are not affected. The attack was detected early on Thursday morning. By mid-day the city had posted an outage alert to Twitter. In a press conference held Thursday afternoon, mayor Keisha Bottoms announced that the breach had been ransomware. She gave no details of the ransomware demands, but noticeably declined to say whether the ransom would be payed or refused. Bottoms could not at this stage confirm whether personal details had also been stolen in the same breach, but suggested that customers and staff should monitor their credit accounts. Questions on the viability of data backups and the state of system patches were not clearly answered; but it was stressed that the city had adopted a 'cloud first' policy going forwards specifically to improve security and mitigate against future ransomware attacks. A city employee obtained and sent a screenshot of the ransom note to local radio station 11Alive. The screenshot shows a bitcoin demand for $6,800 per system, or $51,000 to unlock all systems. It is suggested that the ransom note is similar to ones used by the SamSam strain of ransomware. Steve Ragan subsequently tweeted, "1 local, 2 remote sources are telling me City of Atlanta was hit by SamSam. The wallet where the ransom is to be sent (if they pay) has collected $590,000 since Jan 27." SamSam ransomware infected two healthcare organizations earlier this year. SamSam is not normally introduced via a phishing attack, but rather following a pre-existing breach. This could explain the concern over data theft on top of the data encryption. It also raises the question over whether the initial breach was due to a security failure, an unpatched system, or via a third-party supplier. Ransomware is not a new threat, and there are mitigations -- but it continues to cause havoc. Official advice is, wherever at all possible, refuse to pay. The theory is if the attackers cease getting a return on their attacks, they will turn to something easier with a better ROI on their time. This approach simply isn't working. Sometimes payment can be avoided by recovering data from backups. But this isn't always possible with SamSam. In the Hancock Health SamSam incident earlier this year, the organization decided to pay the ransom "to expedite our return to full operations", despite having backups. In the event, the SamSam attackers had already closed this route. "Several days later," announced CEO Steve Long, "it was learned that, though the electronic medical record backup files had not been touched, the core components of the backup files from all other systems had been purposefully and permanently corrupted by the hackers." It isn't yet known whether the City of Atlanta attack is definitely a SamSam attack, whether the system was breached prior to file encryption, nor whether backup files have been corrupted. These details should become clear over time. The fact that Hancock Health decided to pay the ransom, and had its systems back up and running within days, may become part of Atlanta's decision on whether to pay or not. Apart from recovering from backups or paying the ransom, the only other option (assuming that there are no decryptors available from the NoMoreRansom project) is to stop the encryption the moment it starts. Traditional anti-malware perimeter detection will not stop modern malware. That means prevention requires very rapid and early detection. "Ransomware spreads like wild fire, and is the most time critical of cyber threats," comments Matt Walmsley, EMEA Director at Vectra. "The ability to detect the pre-cursor behaviors of ransomware is the only way to get ahead of the attack. Unfortunately, that's almost impossible to do using traditional manual threat hunting techniques. That's why forward-thinking enterprises are increasingly using an automated approach, using AI-powered threat detection. You need to detect and respond at machine speed." Timely patching is also vital, especially where the attacker breaches the system prior to encryption. "When you are told to patch months before and witness precursor warnings like WannaCry and NotPetya going by," exhorts Yonathan Klijnsma, threat researcher at RiskIQ, "well, you damn well better patch. If your organization's patch management is so problematic that it takes this long, you have to change it. Events of this potential magnitude and impact require management to respond by elevating maintenance and patching to mission critical status until they are resolved. The ROI is clear, consider the costs and material loss of your company going down for a day, versus shifting priorities to give your engineers more time to manage patches properly. It's not a good time to roll the dice." Connected cities are becoming increasingly like large corporations. "A city has some hallmark characteristics of a large enterprise," suggests Rapid7's chief data scientist, Bob Rudis: "there are a large number of employees and contractors with a diverse array of operating systems, hardware and data types that all need protection. Beyond financial account information and general personally identifiable information (PII), city-related systems and networks can and do contain court and criminal records, tax records, non-public information on police and other protective services employees, department activities/plans and more. Much of this is extremely sensitive data and would be treasure trove of information, capable of being used in a diverse array of disruptive, targeted attacks against both individuals and entire departments." What all this means is anti-ransomware preparations require at least three layers of defense: off-site backups; an efficient patch regime; and real-time anomaly detection. Relying on IT staff 'noticing something peculiar' (as happened with the City of Atlanta) is simply not good enough. Related: Insurance Firm Directs Response in Madison County Ransomware Attack   // Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines. Previous Columns by Kevin Townsend: Ransomware Hits City of Atlanta 18.5 Million Websites Infected With Malware at Any Time XM Cyber Unveils Automated Purple-Teaming at Speed and Scale F-Secure Looks to Address Cyber Security Risks in Aviation Industry California Bill Seeks to Adopt Strict Net Neutrality Despite FCC Ruling sponsored links Tags:
>> meer lezen

Dark Reading:

AMD Will Release Fixes for New Processor Flaws in a Few Weeks (vr, 23 mrt 2018)
Security firm that disclosed flaws accuses chipmaker of downplaying flaws; says timeline is overly optimistic.
>> meer lezen

City of Atlanta Hit with Ransomware Attack (vr, 23 mrt 2018)
FBI investigating computer outages in the city's network possibly tied to Samsam-type ransomware variant.
>> meer lezen

Threatpost | The first stop for security news

Senate Gives Nod To Controversial Cross-Border Data Access Bill (vr, 23 mrt 2018)
The senate on Thursday gave the thumbs up to a bill that is the subject of both support by tech companies and critique by privacy groups.
>> meer lezen

A Closer Look at APT Group Sofacy’s Latest Targets (vr, 23 mrt 2018)
Threatpost talks to Kaspersky Lab researcher Kurt Baumgartner who was instrumental in tracking the latest activities of the Russian-speaking Sofacy APT gang.
>> meer lezen


Kwetsbaarheden verholpen in F5 BIG-IP (vr, 23 mrt 2018)

>> meer lezen

Meerdere kwetsbaarheden verholpen in OpenSUSE (vr, 23 mrt 2018)

>> meer lezen


Factsheet Veilig beheer van digitale certificaten (do, 14 dec 2017)
Sinds het DigiNotar-incident in 2011 zijn er vele ontwikkelingen geweest rond het versterken van het digitale certificatenstelsel. Verschillende stappen zijn gezet om de robuustheid en weerbaarheid van het certificatenstelsel te vergroten, zoals bijvoorbeeld strengere richtlijnen vanuit het CA/Browser Forum en recente technische ontwikkelingen zoals Certificate Transparency (CT) en Certificate Authority Authorization (CAA). Het DigiNotar-incident heeft geleid tot inzichten die beheerders en gebruikers van certificaten kunnen helpen om hun stelsel van maatregelen te toetsen en aan te scherpen. Deze factsheet beschrijft maatregelen om de kans op incidenten met certificaten zo klein mogelijk te maken en, in het geval van een incident, de schade zo snel mogelijk te herstellen.
>> meer lezen

Factsheet TLS-interceptie (wo, 11 okt 2017)
TLS-interceptie maakt versleutelde verbindingen binnen het netwerk van een organisatie toegankelijk voor inspectie. Inzet van deze technische maatregel vergt vanwege bijkomende risico’s een gedegen afweging en dient aan een aantal belangrijke randvoorwaarden te voldoen.
>> meer lezen


NCSC waarschuwt voor misbruik publiek beschikbare memcached-systemen bij DDOS-aanvallen (wo, 28 feb 2018)
Het NCSC is op de hoogte gebracht van recente nationale en internationale DDoS-aanvallen waarbij veelal misbruik is gemaakt van publiek beschikbare memcached-systemen [1].
>> meer lezen

Cybersecuritywet naar Tweede Kamer (do, 15 feb 2018)
Vandaag is het voorstel voor de Cybersecuritywet naar de Tweede Kamer gestuurd. In de Cybersecuritywet wordt de Europese NIB-richtlijn omgezet naar Nederlands recht. Het doel is dat lidstaten hun digitale weerbaarheid verbeteren en beter met elkaar samenwerken, zodat Europa digitaal veiliger wordt.
>> meer lezen