Tag Archive for: expands

Connecticut Expands Data Breach Notification Requirements And Establishes A Cybersecurity “Safe Harbor” – Technology

/in



United States:

Connecticut Expands Data Breach Notification Requirements And Establishes A Cybersecurity “Safe Harbor”


To print this article, all you need is to be registered or login on Mondaq.com.

On June 16 and July 6, 2021, Connecticut Governor Ned Lamont
signed two new cybersecurity laws that continue the national trend
of expanding cyber incident disclosure obligations, shortening
notification timelines, and incentivizing the implementation of
recognized cybersecurity standards. Both laws take effect on
October 1, 2021.

“An Act Concerning Data Privacy Breaches” Amends
Connecticut’s Existing Data Breach Law

The amended data breach law includes three key changes:

  • The time businesses have to notify affected Connecticut
    residents and the Office of the Attorney General of a data breach
    has been shortened from 90 days to no later than 60 days after
    discovery of the breach;


  • If notice cannot be effected within the new 60-day window, a
    novel and significant amendment requires companies to provide
    preliminary substitute notice to individuals, and follow up with
    direct notice as soon as possible; and


  • The law significantly expands the definition of “personal
    information” that may trigger notification obligations to
    include an IRS identity protection personal identification number,
    certain medical information, biometric information, a user name or
    email address in combination with a password or security question
    and answer (regardless of whether or not the individual’s name
    is accessed in combination with it), and a number of other data
    elements commonly included in other states’ data breach notice
    laws.

“An Act Incentivizing the Adoption of Cybersecurity
Standards for Businesses” Establishes a Cybersecurity
“Safe Harbor” Statute

The new law will establish…

Source…

Facebook expands 2FA with hardware security keys for mobile

/in


Two-factor authentication when logging in to a new or unfamiliar device is a must nowadays. A lot of people have used SMS as their default 2FA but security experts are saying it’s not as secure as you think since numbers can be cloned. Hardware security keys are probably one of the most secure options out there and now Facebook is expanding its support for them by letting you log in to your Facebook app on your mobile device using it as your 2FA.

In case you’ve been living under a digital rock and don’t know what 2FA is, it’s a security feature that you should enable in all your accounts that support it. When you log in to a site or an app like Facebook, aside from requiring your password, you will also have a second security clearance. Most people use an SMS code or an Authenticator app. A hardware security key is a physical device that is small enough to fit in your keychain and is used for 2FA to verify it’s really you logging in.

Facebook says that since 2017, they have strongly recommended the use of hardware security keys to users that are at high risk of being hacked, like celebrities, politicians, public figures, journalists, or anyone that deals in possibly controversial work. Now they are encouraging everyone who wants to keep their account more secure by expanding support for mobile apps. This way if you’re signing in from a device that Facebook is seeing for the first time, they can make sure it’s really you.

You can enroll your physical security key by going to the Security and Login section of your settings and setting it up in the two-factor authentication section. If you’re using any new device to sign in, you’ll be notified that someone is accessing your account from a browser or mobile device that it doesn’t recognize. You’ll be asked to confirm that it’s really you with your key. And if your supposed hacker is the one trying to access, they won’t have your key to confirm.

Facebook is not selling hardware security keys but there are several companies selling them. You can connect it to your smartphone either through Bluetooth or by plugging it in directly.

Source…

Qualys expands VMDR to mobile devices with support for Android and iOS/iPadOS

/in


Qualys announced it is expanding Qualys VMDR (Vulnerability Management, Detection and Response) to mobile devices with support for Android and iOS/iPadOS delivering an end-to-end solution for mobile device security.

Qualys’ all-in-one VMDR provides in-depth mobile device visibility, data security insights, proactive posture monitoring, and automated response for all iOS and Android devices and installed apps – just like VMDR does for on premises, endpoints, clouds, containers, OT and IoT assets.

“The use of mobile devices as threat vectors has increased exponentially, particularly during the pandemic due to the growth in the remote workforce. Thus, I am pleased to see Qualys bring its outstanding Cloud Agent support to Android and iOS devices.

“Now I can expand my vulnerability management program to mobile devices and get the visibility I need to end mobile threats before they start,” said Suhail Muhammad, SOC Manager, global humanitarian aid organization.

Qualys VMDR for Mobile Devices provides:

  • Comprehensive mobile device and app inventory – Get a holistic view of all Android, iOS/iPadOS devices and installed apps across your enterprise. Enriched inventory provides in-depth details on hundreds of mobile data points such as device type, OS version, installed apps, EOL status, device location, CA certificates, and more.
  • Continuous vulnerability assessment – Qualys’ lightweight Cloud Agent provides real-time visibility and assessment of device, OS, app, and network vulnerabilities using the industry’s most comprehensive signature database. Qualys automatically correlates vulnerabilities with the appropriate app versions improving accuracy and eliminating the time required to manually research and map weaknesses.
  • Real-Time misconfiguration monitoring – Expand your vulnerability management program by continuously monitoring critical mobile device configurations as recommended by the NSA and CIS best practices to ensure continuous security (available Q2 2021).
  • Built-in response and patch orchestration – Remediate and act on all at-risk mobile devices simultaneously, using over-the-air, out-of-the-box controls to uninstall or update vulnerable apps,…

Source…

Tripwire expands multi-cloud capabilities for Tripwire Configuration Manager

/in


Tripwire announced expanded multi-cloud capabilities for Tripwire Configuration Manager. Tripwire’s SaaS application now helps organizations effectively manage security across AWS (Amazon Web Services), Microsoft Azure and GCP (Google Cloud Platform), including greater data privacy management through storage configuration monitoring.

Tripwire Configuration Manager simplifies the monitoring, remediation, and automation of cloud account configurations for multi-cloud organizations through a single console.

Users can monitor and enforce secure configuration policies across a multi-cloud environment and determine where they stand against Center for Internet Security Foundations benchmarks.

Misconfigurations are a leading cause of data breaches and security incidents involving the cloud. Tripwire Configuration Manager helps ensure your cloud accounts are in a known and trusted state by enforcing security policies.

Its automated remediation feature will reset a configuration that is out of compliance to its previous state, ensuring user cloud accounts are configured correctly, and the services and workloads they host in the cloud are safe.

The updated service also enables storage monitoring and provides an in-depth view of storage configuration across multi-cloud accounts, making it easier to define public vs. private data.

Users can break down data privacy settings to address specific areas of concern, such as encryption, and enforce increased levels of privacy for more important data.

“As companies continue to expand operations into the cloud, they are left open to significant security, privacy, and regulatory threats, often caused by misconfigurations,” said Tim Erlin, vice president of product management and strategy at Tripwire.

“Most teams have limited personnel to defend the network and need support to determine which problems are most pertinent. Secure configuration management is a basic but critical security practice to ensure gaps in security are realized and that companies are protected from devastating and costly impacts caused by cloud-related attacks.”

Tripwire Configuration Manager is easy to implement and operate. A free trial is available that…

Source…