Infosec Weekly Podcast

This week, we discuss a ransomware attack on Rackspace, a Citrix zero-day vulnerability, the forthcoming EU adequacy decision in respect of the EU-U.S Data Privacy Framework, and the second stage of a cyber-defence-in-depth strategy: protection.

This week, we discuss the Hive ransomware as a service, the latest developments following the Medibank breach, a Canadian city shut down by ransomware, Suffolk Police's leak of sensitive data and the ethical implications of AI.

This week, we discuss a £4.4 million GDPR fine for the construction company Interserve, a data breach affecting 9.7 million customers of Medibank, an unusual GDPR fine for UPS, and Microsoft’s latest software updates.

This week, we discuss the new mechanism for transferring EU residents’ personal data to the US, the first GDPR Data Protection Seal, a new ransomware attack targeting Ukraine and its allies, and the first layer in a defence-in-depth approach to cyber security: detection.

This week, we discuss yet more planned changes to UK data protection law, a £1.35 million GDPR fine for “predatory marketing”, the conviction of Uber’s former chief security officer, and a new book about how to establish an enjoyable career.

This week, we discuss a potential fine of £27 million for TikTok, a data breach caused by a phishing attack on American Airlines and a $35 million penalty for Morgan Stanley Smith Barney LLC after ”extensive” security failures.

This week, we discuss allegations of data security failures at Twitter, a €405 million fine for Instagram, a cyber attack on InterContinental Hotels Group, and why Cloud security is so important.

This week, we discuss two zero-day vulnerabilities affecting Apple devices, the further effects of a ransomware attack on an NHS digital services provider and a large-scale phishing campaign affecting users of secure services such as Okta, Authy and Signal.

This week, we discuss a ransomware attack on an NHS digital services provider and a huge increase in cyber attacks as a result of the war in Ukraine, and provide an overview of the main reforms to UK data protection law proposed by the Digital Protection and Information Bill.

This week, we discuss a malware campaign targeting Facebook Business users, a breach apparently affecting 5.4 million Twitter users, a €1.1 million GDPR fine for Volkswagen, the new Digital Protection and Information Bill, and why it’s so important to maintain your cyber security through a recession.

This week, we discuss NCSC and ICO advice to the legal profession, a new phishing campaign that bypasses multifactor authentication, and the huge increase in the number of ransomware and phishing attacks this year. Plus, we talk to Gary Hibberd about his new book, The Art of Cyber Security.

This week, we discuss new NCSC guidance on avoiding cyber security “staff burnout”, a data breach affecting a Japanese city's entire population, good news for the ransomware-hit Maastricht University, and the privacy implications of the metaverse.

This week, we discuss a cyber attack that’s disrupted Yodel’s deliveries, new tactics from a ransomware gang, the government’s plans for reforming UK data privacy law, and the importance of a defence-in-depth approach to cyber security.

This week, we look at a $150 million fine for Twitter, phishing attacks affecting the Twitter followers of the digital artist Beeple and users of the accounting platform QuickBooks, and a massive data breach affecting Pegasus Airlines – plus we talk about security issues facing organisations with a remote or hybrid workforce.

The Schrems II ruling and Brexit mean that UK organisations are required to reconsider the legal basis for the transfer of personal data to and from Europe. The webinar recording covers: The Schrems II decision regarding transfers of data; The implications for UK and EU data controllers regarding data transfers; The types of data transfers organisations should consider; Data flows and the legal basis for UK–EU data transfers; Practical steps organisations can take now; and What the future holds following Schrems II and Brexit.

We take a look at Data Flow Audit And Data Mapping For GDPR Compliance in this webinar recoding

We take a look at Data Flow Mapping in this webinar recording

The EU General Data Protection Regulation (GDPR) highlights how the principles of ‘privacy by design’ and ‘privacy by default’ are fundamental to ensuring that organisations protect the rights of data subjects. We take a look at Data Protection By Design And By Default Under The GDPR in this webinar recording

Alan Calder, Founder and CEO of IT Governance discusses the first steps towards GDPR compliance in this webinar recording.

In our last ever podcast, we discuss Citrix’s data breach, the GDPR and cookie walls, data breach notification, and Patch Tuesday.