Security News

Phishers are using a bogus GDPR compliance reminder to trick recipients - employees of businesses across several industry verticals - into handing over their email login credentials. "The attacker lures targets under the pretense that their email security is not GDPR compliant and requires immediate action. For many who are not versed in GDPR regulations, this phish could be merely taken as more red tape to contend with rather than being identified as a malicious message," Area 1 Security researchers noted.

JupiterOne announced $19 million in venture funding to help companies automate asset discovery, visibility and compliance as a critical foundation for cyber security. JupiterOne closes an important gap for CISOs, security operations, and compliance officers by providing automated, accurate and actionable visibility to their global asset inventory.

Calendars for security and compliance audits are largely unchanged despite COVID-19, but the pandemic is straining security teams as they work remotely, according to the findings of a recent survey by automated audit prep provider Shujinko. The survey of North American CISOs documented the challenges facing security and compliance professionals preparing for a wave of upcoming audits and was conducted by Pulse in late June 2020.

The thing is, compliance requirements are often being poorly written, vague and confusing. In my opinion, the confusion around compliance comes from the writing, so it's no surprise companies are struggling, especially when they have to comply with multiple requirements simultaneously.

BAE Systems announced a new offering created on Amazon Web Services to deliver complete anti-money laundering regulatory compliance solutions. The solution is supported by the availability, reliability and security of AWS and offers banks and financial institutions the opportunity to quickly stand up an affordable integrated financial crime regulatory compliance solution.

SOX & Internal Controls Professionals Group released a survey which measures the costs, execution, challenges and priorities faced by companies that comply with the Sarbanes-Oxley Act. "In its fifth year, our survey reflects the broad experience of SOX professionals over time and presents a balanced perspective of the current state of SOX and internal controls management," said Camille Kearns Rudy, National Director of the SOX & Internal Controls Professionals Group.

Which works to detect and compare configuration changes to servers, databases, and applications, now integrates a policy compliance engine aimed at helping IT teams simplify and more efficiently achieve compliance and compliance reporting, with an initial focus on the federal space. By integrating a policy compliance engine focused on select STIG policies, makes it easier for federal IT pros to automatically check systems and applications for STIG compliance, deliver clear and quick compliance results for auditing purposes, and identify non-compliant elements for more efficient remediation.

MemSQL announced that Thentia is launching MemSQL as the core operational database for its cloud-based regulatory licensing, assurance and enforcement technology. MemSQL's speed and scale will enable Thentia to achieve fast response times and automate a historically paper-based regulatory compliance process.

A group of academics from three German universities has decided to investigate whether and how mobile app vendors respond to subject access requests, and the results of their four-year undercover field study are dispiriting. "In three iterations between 2015 and 2019, we sent subject access requests to vendors of 225 mobile apps popular in Germany. Throughout the iterations, 19 to 26 % of the vendors were unreachable or did not reply at all. Our subject access requests were fulfilled in 15 to 53 % of the cases, with an unexpected decline between the GDPR enforcement date and the end of our study," they shared.

Sourcepoint has formed a relationship to help Oracle customers protect consumer privacy and manage compliance and user consent. Sourcepoint offers a fully customizable compliance management platform that allows companies to capture, manage, and optimize customer privacy preferences across a range of channels, including web, apps, AMP, and even emerging areas such as OTT and audio.