What You May Have Missed

What You May Have Missed

1. Here’s an interesting perspective from a CTO on why metadata matters. 2. By September 30th, California Governor Jerry Brown will either veto or sign two very important bills that will protect student data and their privacy. Major protections of SB 1177 include prohibiting any website or mobile app from targeted advertising to K-12 students, their parents…

Continue Reading

SSAE16

How Varonis Helps with the Statement on Standards for Attestation Engagements 16(SSAE16)

The Statement on Standards for Attestation Engagements 16 (SSAE16) is a regulation for how service organizations report on compliance controls. Created by the Auditing Standards Board of the American Institute of Certified Public Accountants, SSAE16 requires a written statement of assertion to the auditor that their controls description accurately represents their business operations. To learn…

Continue Reading

399px-Golden_North_Samon_Derby_Winner_1955_Meyer

Phishing Attacks Classified: Big Phish vs. Little Phishes

The CMU CERT team I referred to in my last post also has some interesting analysis on the actual mechanics of these phishing attacks. Based on reviewing their incident database, the CERT team was able to categorize phishing attacks into two broader types: single- versus multi-stage. What’s the difference? Think of single-stage as catching lots of…

Continue Reading

what you may have missed

What You May Have Missed

1. In a previous post, we mentioned firms interested in disrupting the data broker business by empowering consumers to share their personal information with companies and get paid for it too. However, it’s still unclear whether customers are worried enough about their privacy to embrace these new services. At the Annual Meeting of the New…

Continue Reading

personality-traits-more-prone-to-phishing

Do Certain Traits Make People Vulnerable to Phishing?

The Computer Emergency Response Team (CERT) at Carnegie-Mellon University is a research institute devoted to computer and network security. CERT is often referenced by other security researchers, and for good reason: they have deep knowledge of vulnerabilities and have developed cyber-engineering techniques both to analyze and prevent attacks. CERT also has an entire practice area…

Continue Reading

CSSF

How Varonis Helps with the Commission de Surveilance du Secteur Financier (CSSF)

In 2013, Luxembourg’s financial regulator, The Commission de Surveilance du Secteur Financier (CSSF) released new rules regarding controls for Access Tools to “always have permanent full control over the [IT] resources under their responsibility and the corresponding accesses to these resources”. Investment firms, financial, and support professionals, among others, need to comply. Interested in having…

Continue Reading

pos attack

Point-of-Sale Cyber Attacks Are Back With Backoff

Point-of-Sale attacks are back in the news. But they never really left us. In the wake of the Target attack, the FBI issued a bulletin in January warning about future incidents. They identified the malware type (RAM scrapers) and the infection vector (phish mails, and compromised websites or “watering holes”). And they even pointed out…

Continue Reading

What You May Have Missed

What You May Have Missed

1. Recently, the United Kingdom’s Information Commissioner’s Office published a Big Data report along with suggestions on how to comply with the Data Protection Act. Prepared by the European Data Protection Authority, their primary goal is to ensure that big data’s privacy risks and benefits are considered. If you don’t have time to read the…

Continue Reading

Ticket_example

In Search of Kerberos’s Golden Ticket

In a Kerberos environment, all users get tickets, or more specifically TGTs (Ticketing Granting Tickets). It’s the starting point for gaining access to services—network files, email, apps, etc.  In Windows, there’s one user who stands out, the all-powerful domain administrator. They have access to the keys of the kingdom, literally—the Domain Controller on which the…

Continue Reading

FCA

How Varonis Helps with the Financial Conduct Authority (FCA)

The Financial Conduct Authority (FCA), previously Financial Services Authority (FSA), in the United Kingdom is responsible for regulating financial firms that provide services to consumers and maintain the integrity of the UK’s financial markets. Effective controls and processes that improve the security of customer data are critical to the FCA in order to prevent high…

Continue Reading