Senator: Car hacks that control steering or steal driver data way too easy

Recently manufactured cars expose drivers to hacking attacks that could cause collisions and steal sensitive personal information, according to a report released Monday by a US Senator.

The majority of model-year 2014 cars offer network-connected features that provide driving directions, messaging, hands-free phone calls, safety monitoring, and entertainment. But a lack of security defenses makes it possible for those features to be remotely hijacked, potentially giving attackers the ability to control critical functions such as steering and braking, the 12-page report warned. Monday's report was issued by the office of US Senator Edward Markey, a member of the Senate Commerce Committee, which has jurisdiction over the auto industry. The report is the result of correspondence with 20 automobile manufacturers that received questions from Markey about the security mechanisms they employ to prevent hacking attacks.

"These findings reveal that there is a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to collect and use personal driver information," the report warned.

Read 5 remaining paragraphs | Comments

Droopescan – Plugin Based CMS Security Scanner

Droopescan is a plugin-based CMS security scanner that that will help you with identifying issues with several CMSs, mainly Drupal & Silverstripe. Droopescan aims to be the most accurate by default, while not overloading the target server due to excessive concurrent requests. Due to this, by default, a large number of requests will be made...

Read the full post at darknet.org.uk

Let the phishing begin: Scammers now targeting Anthem hack victims

Less than a week after health insurer Anthem warned that a breach of its network exposed the personal information of as many as 80 million people, scammers are sending phishing e-mails that target those unlucky individuals.

The fraudulent e-mails claim they are official Anthem communications being sent to current and former customers. The messages promise free credit monitoring services for people who click on a link that asks for personal data.

"This outreach is from scam artists who are trying to trick consumers into sharing personal data," Anthem officials wrote in an advisory. "There is no indication that the scam e-mail campaigns are being conducted by those that committed the cyber attack, or that the information accessed in the attack is being used by the scammers."

Read 1 remaining paragraphs | Comments

First Data gains approval for its Processor BCRs

Dentons has advised First Data Corporation (“First Data“), a global leader in payment technology and service solutions, in successfully obtaining approval for its Binding Corporate Rules (“BCRs“) for Data Processors. BCRs are a company-wide privacy policy to guarantee that a company’s practices are consistent with European data protection law. They are widely considered the platinum standard for compliance with the European Data Protection Directive.

Here are our 5 big takeaways from this story:

  1. First by the ICO – First Data is the first company to obtain authorisation for BCRs for Processors under the leadership of the UK’s Information Commissioner’s Office (“ICO“). The only other DPAs to have led a successful application for Processor BCRs are the Dutch DPA and the French CNIL.
  2. First payment processor – First Data is the only payments technology company to obtain such authorisation. First Data will no longer need to enter into model contracts with many of its clients, simplifying the contractual process. This should give it a competitive advantage in a marketplace that is increasingly sensitive to privacy issues.
  3. Dual approval – First Data is one of only five companies worldwide that has completed this rigorous process for information processed both as a Data Processor and as a Data Controller.
  4. 2 Year project - The Data Processor authorisation is the culmination of a two-year project. If you are considering making an application, this is a guide to the timescales you should be expecting (although this was the first application and the process may be streamlined).
  5. Easier for Data Controllers – The BCRs approval will open the door to a streamlined process for Data Controllers wanting to rely on the BCRs to enable their data to be shared across borders.

If you would like any more information on this application, you can find First Data’s press release here, or you can contact Scott Singer, Nicola Harding or me directly.