Catch-up on the latest information security news with our Weekly Podcast. Also, keep an eye out for our 'Author Interviews' where we speak with industry experts, covering; InfoSec, Cyber Security, IT, project management, PCI DSS and more.
This week, we discuss a data breach affecting Casio users in 149 countries, two zero-day vulnerabilities in Cisco's IOS XE web user interface, a slew of legal action against Progress Software following the MOVEit Transfer breach, and an update on last month's cyber attack on the International Criminal Court.
This week, we discuss another GDPR fine for TikTok relating to its processing of child users' personal information, more data breaches caused by MOVEit Transfer, including Sony Interactive Entertainment, and the exposure of a mammoth 3.8 billion data records.
This week, we discuss a cyber attack on MGM Resorts that has allegedly cost the company millions of dollars in revenue even before it began its remediation efforts, the leak of 38 terabytes of Microsoft data and a cyber attack on the International Criminal Court in The Hague.
This week, we discuss security issues at the Electoral Commission, Meta's appeal against daily GDPR fines, and a breach affecting 10 million users of the French unemployment agency Pôle emploi.
This week, we discuss “insider wrongdoing” at Tesla, a data breach affecting 2.6 million Duolingo users and the conclusion of a two-month court case against members of the Lapsus$ gang.
This week, we discuss data breaches affecting the Electoral Commission and the Police Service of Northern Ireland, and the financial repercussions of Capita's March ransomware incident.
This week, we discuss the new EU adequacy decision for the US, based on the Data Privacy Framework (plus Max Schrems's inevitable reaction), and a proposed UK-US ‘data bridge'; fixes for three more vulnerabilities in Progress Software's MOVEit Transfer app; plus this month's Patch Tuesday and other security updates.
This week, we discuss 100,000 compromised ChatGPT credentials, a data breach affecting the LetMeSpy stalkerware app, and a potential security vulnerability in Microsoft Teams that could be exploited to spread malware. Plus, Alan Calder discusses the current cybersecurity and regulatory landscape, and how they affect organisations.
This week, we discuss a data breach affecting users of Progress Software's MOVEit file transfer app, GDPR fines for LinkedIn and Spotify, and the delay of Google Bard's EU launch because of privacy concerns.
This week, we discuss more organisations affected by Capita's security issues, the security implications of 20 NHS trusts' use of Meta Pixel, Meta's €1.2 billion GDPR fine and its potential effects for other organisations, and the progress of the DPDI (No. 2) Bill. Plus, Alan Calder discusses cyber regtech and how organisations can use it to manage their regulatory compliance.
This week, we look at the wider repercussions of the Capita ransomware attack, and how numerous clients have been affected, including the Universities Superannuation Scheme and other pension providers. Plus, accusations of another Capita breach and Alan Calder on what all organisations can learn from the attack and Capita's response.
This week, we discuss ChatGPT's restoration in Italy despite wider security concerns, an apology from the LockBit ransomware group and another breach for T-Mobile, and Alan Calder discusses what boards need to do to build their organisations' cyber defences.
This week, we discuss the apparent sale of exfiltrated Capita data by the Black Basta ransomware group, a zero-day Google Chrome vulnerability and the development of a new LockBit ransomware variant targeting macOS, and Alan Calder analyses the new US National Cybersecurity Strategy and explains what all organisations should learn from it.
This week, we discuss a cyber attack on the outsourcing giant Capita, Italy's ban on OpenAI's ChatGPT chatbot and further bad news for TikTok: a £12.7 million fine from the ICO for breaching UK data protection law.
This week, we discuss ransomware attacks on Ferrari and the Dole Food Company, another TikTok ban – this time by the BBC – and vulnerabilities that allow some Android phones to be hacked with only the victim's phone number.
This week, we discuss a data breach affecting WH Smith, the latest proposals to reform data protection law in the UK, TikTok's response to being banned by the European Commission and European Parliament, and the proposed US RESTRICT Act, and a woman who has been sentenced for defrauding Luton Borough Council in a cyber attack.
This week, we discuss the European Parliament Committee on Civil Liberties's opinion of the EU-US Data Privacy Framework, Twitter's decision to disable free text-based 2FA, a series of attacks on GoDaddy's infrastructure and the HardBit 2.0 ransomware group's negotiation tactics.
This week, we discuss a Which? investigation into basic security flaws on banks' websites and apps, a ransomware attack on the financial firm ION Cleared Derivatives, and a phishing attack that compromised the emails of Stewart McDonald MP.
This week, we discuss the fallout from the latest Mailchimp breach, a ransomware attack on KFC, Pizza Hut and Taco Bell's parent company, another T-Mobile data breach, an incident affecting Planet Ice, and an update for older Apple devices. We also talk to the ISO 27001 expert Steve Watkins about his new pocket guide to the Standard.
This week, we discuss a series of ransomware attacks on 30 schools and colleges in the UK, legal action against both Meta and the Irish Data Protection Commission following last year's massive Facebook GDPR fine, and the third stage of a cyber-defence-in-depth strategy: management.
This week, we discuss a ransomware attack on Rackspace, a Citrix zero-day vulnerability, the forthcoming EU adequacy decision in respect of the EU-U.S Data Privacy Framework, and the second stage of a cyber-defence-in-depth strategy: protection.
This week, we discuss the Hive ransomware as a service, the latest developments following the Medibank breach, a Canadian city shut down by ransomware, Suffolk Police's leak of sensitive data and the ethical implications of AI.
This week, we discuss a £4.4 million GDPR fine for the construction company Interserve, a data breach affecting 9.7 million customers of Medibank, an unusual GDPR fine for UPS, and Microsoft's latest software updates.
This week, we discuss the new mechanism for transferring EU residents' personal data to the US, the first GDPR Data Protection Seal, a new ransomware attack targeting Ukraine and its allies, and the first layer in a defence-in-depth approach to cyber security: detection.
This week, we discuss yet more planned changes to UK data protection law, a £1.35 million GDPR fine for “predatory marketing”, the conviction of Uber's former chief security officer, and a new book about how to establish an enjoyable career.
This week, we discuss a potential fine of £27 million for TikTok, a data breach caused by a phishing attack on American Airlines and a $35 million penalty for Morgan Stanley Smith Barney LLC after ”extensive” security failures.
This week, we discuss allegations of data security failures at Twitter, a €405 million fine for Instagram, a cyber attack on InterContinental Hotels Group, and why Cloud security is so important.
This week, we discuss two zero-day vulnerabilities affecting Apple devices, the further effects of a ransomware attack on an NHS digital services provider and a large-scale phishing campaign affecting users of secure services such as Okta, Authy and Signal.
This week, we discuss a ransomware attack on an NHS digital services provider and a huge increase in cyber attacks as a result of the war in Ukraine, and provide an overview of the main reforms to UK data protection law proposed by the Digital Protection and Information Bill.
This week, we discuss a malware campaign targeting Facebook Business users, a breach apparently affecting 5.4 million Twitter users, a €1.1 million GDPR fine for Volkswagen, the new Digital Protection and Information Bill, and why it's so important to maintain your cyber security through a recession.
This week, we discuss NCSC and ICO advice to the legal profession, a new phishing campaign that bypasses multifactor authentication, and the huge increase in the number of ransomware and phishing attacks this year. Plus, we talk to Gary Hibberd about his new book, The Art of Cyber Security.
This week, we discuss new NCSC guidance on avoiding cyber security “staff burnout”, a data breach affecting a Japanese city's entire population, good news for the ransomware-hit Maastricht University, and the privacy implications of the metaverse.
This week, we discuss a cyber attack that's disrupted Yodel's deliveries, new tactics from a ransomware gang, the government's plans for reforming UK data privacy law, and the importance of a defence-in-depth approach to cyber security.
This week, we look at a $150 million fine for Twitter, phishing attacks affecting the Twitter followers of the digital artist Beeple and users of the accounting platform QuickBooks, and a massive data breach affecting Pegasus Airlines – plus we talk about security issues facing organisations with a remote or hybrid workforce.
The Schrems II ruling and Brexit mean that UK organisations are required to reconsider the legal basis for the transfer of personal data to and from Europe. The webinar recording covers: The Schrems II decision regarding transfers of data; The implications for UK and EU data controllers regarding data transfers; The types of data transfers organisations should consider; Data flows and the legal basis for UK–EU data transfers; Practical steps organisations can take now; and What the future holds following Schrems II and Brexit.
We take a look at Data Flow Audit And Data Mapping For GDPR Compliance in this webinar recoding
We take a look at Data Flow Mapping in this webinar recording
The EU General Data Protection Regulation (GDPR) highlights how the principles of ‘privacy by design’ and ‘privacy by default’ are fundamental to ensuring that organisations protect the rights of data subjects. We take a look at Data Protection By Design And By Default Under The GDPR in this webinar recording
Alan Calder, Founder and CEO of IT Governance discusses the first steps towards GDPR compliance in this webinar recording.
In our last ever podcast, we discuss Citrix’s data breach, the GDPR and cookie walls, data breach notification, and Patch Tuesday.
This week, we delve into the government's FTSE 350 Cyber Governance Health Check report, Microsoft's Security Intelligence Report Volume 24, and Cisco's latest Data Privacy Benchmark Study
This week, we discuss ICANN's warning about DNS attacks, the extent of credential stuffing attacks on the retail sector, password managers' responses to recent research into security flaws, and the European Data Protection Supervisor's annual report for 2018.
This week, we discuss a security flaw affecting 1Password, Dashlane, KeePass and LastPass; the prevalence of historic vulnerabilities in corporate IT systems; the increase in formjacking attacks; and Wendy's $50 million data breach settlement.
This week, we discuss a data breach at Mumsnet, no data breach at OkCupid, and a lawsuit against Apple for implementing security measures.
This week, we discuss the compromise of Metro Bank's two-factor authentication system, nearly one million cyber attacks on the Student Loans Company, nearly 60,000 GDPR breaches and a surprising discovery for some marine biologists
31 January Weekly Podcast: Facebook VPN, FaceTime bug, and Internet Explorer 10 by IT Governance
This week, we discuss Google's €50 million GDPR fine, GDPR complaints against eight streaming services, Facebook’s Supreme Court appeal and its potential effects on the EU-US Privacy Shield, and an Emergency Directive from the US Department of Homeland Security.
This week, we discuss how the US government shutdown is affecting federal websites' security, the sentencing of a man who knocked Liberia's Internet offline with a botnet, and what a no-deal Brexit means for data protection
This week, we discuss a high-profile German data breach, the top worst passwords of 2018, the resignation of NHS Digital’s CISO, and Microsoft’s latest patches.
This week, in our last podcast of the year, we revisit some of the biggest information security stories from the past 12 months
This week, we discuss the latest fines for Uber in connection with its 2016 data breach, GDPR complaints against Google, and the other side of the City of York Council 'hack' story.