All news with #data retention tag

Cloud Security Alliance Issues New SaaS Security Framework

🔐 The Cloud Security Alliance has published the SaaS Security Capability Framework (SSCF) to establish technical minimum requirements that help SaaS providers and customers apply Zero-Trust principles and address rising third-party risks highlighted by recent Salesforce attacks. The SSCF defines controls across six domains, including identity and access management, data lifecycle, and logging and monitoring, and translates business requirements into concrete, configurable security functions such as log forwarding, SSO enforcement and incident notification. CSA positions the SSCF as a complement to, not a replacement for, frameworks like ISO 27001, while vendors stress that continuous validation and operational implementation are essential to reduce real-world risk.

Threat Modeling Your Digital Life Under Authoritarianism

🔒 The article argues that personal threat modeling must adapt as governments increasingly combine their extensive administrative records with corporate surveillance data. It details what kinds of government-held data exist, how firms augment those records, and the distinct dangers of targeted versus mass surveillance. Practical mitigations are discussed—encryption, scrubbing accounts, burner devices—and the piece stresses that every defensive choice is a trade-off tied to individual goals.

Extending Zero Trust to the Storage Layer: Resilience

🔒 Applying zero trust to the storage layer is no longer theoretical — it is now essential to ensure recovery. The author describes ransomware incidents, including Change Healthcare in February 2024, where attackers deliberately targeted backups and recovery points, exposing storage as a primary attack surface. He recommends three operational principles — control where data is touched, control who and when, and make critical backups immutable — and ties those measures to governance, policy-as-code, and executive outcomes.

Cloudflare Confidence Scorecards for AI and SaaS Risk

🔒 Cloudflare today launched Application Confidence Scorecards, a new capability in the Cloudflare One SASE suite that automates safety and trust assessments for AI and SaaS applications. The feature combines an Application Posture Score and a Gen‑AI Posture Score to surface certifications, data‑management practices, security controls, and vendor maturity. Cloudflare crawls trust centers and public policies, uses LLMs for structured extraction and source validation, and pairs automated scoring with analyst review to reduce errors. Scores appear in the Application Library and can inform policy enforcement, warnings, or blocks so teams can reduce Shadow AI risk without manual audits.

Security Implications of Quantum Computing for CISOs

🔐 Quantum computing poses a long-term threat to public-key cryptography, with the potential to break RSA, ECC and Diffie-Hellman once scalable quantum machines exist. Although practical attacks on RSA-2048 are commonly estimated to be eight to fifteen years away, organizations with long-lived confidential data must act now. CISOs should begin a crypto-agility assessment, engage vendors about post-quantum cryptography, and brief leadership and boards to build a migration roadmap.

Microsoft 365: Why Its Dominance Creates Major Risk

🔒 Microsoft 365 has become the central nervous system of modern business, and its market dominance has turned the platform into a lucrative target for attackers. With over 400 million paid seats and tightly integrated apps like Outlook, SharePoint, Teams and OneDrive, a single compromise can cascade across services. Organizations must close backup gaps, adopt zero trust, enforce MFA and deploy cross-application threat detection to reduce catastrophic exposure.

Satisfaction Analysis for Untagged Chatbot Conversations

🔎 This article examines methods to infer user satisfaction from untagged chatbot conversations by combining linguistic and behavioral signals. It argues that conventional metrics such as accuracy and completion rates often miss subtle indicators of user sentiment, and recommends unsupervised and weakly supervised NLP techniques to surface those signals. The post highlights practical considerations including privacy-preserving aggregation, deployment complexity, and the potential business benefit of reducing churn and improving customer experience through targeted dialog improvements.

AWS Backup adds option to exclude ACLs and ObjectTags

🔒 AWS Backup now lets you choose whether to include Access Control Lists (ACLs) and ObjectTags when backing up Amazon S3 buckets. Previously, these metadata elements were included for all objects by default; the new option lets administrators include only the metadata required for their recovery or compliance needs. This capability is available in all Regions where AWS Backup for Amazon S3 is offered; review pricing and regional availability on the AWS Backup pricing page.

Signal adds opt-in end-to-end encrypted backups for chats

🔒 Signal has introduced an opt-in secure cloud backups feature that creates end-to-end encrypted archives of users' messages and recent media. The capability is available now in the Android beta and will be rolled out to iOS and desktop after testing completes. The free tier stores messages and up to 45 days of media within a 100 MiB limit; a paid $1.99/month plan raises storage to 100 GB and extends media retention. Backups occur daily, exclude soon-to-disappear and view-once messages, and are protected by a 64-character recovery key generated on-device that Signal never receives.

US Sues Toy Maker Over Kids' Geolocation Data Leak

🔒 The U.S. Department of Justice has sued toy maker Apitor after an FTC referral, alleging it allowed a Chinese third party to collect precise geolocation data from children without notifying parents or obtaining consent required under COPPA. Apitor's Android app for robot toys uses the JPush SDK, which reportedly collected location data for any purpose, including targeted advertising. Under a proposed settlement, Apitor must secure third-party COPPA compliance, notify parents, delete collected personal information, limit retention, and faces a $500,000 penalty that is currently suspended amid claimed financial hardship.

Nine Common Mistakes That Can Cost CISOs Their Jobs

🔒 This article outlines nine critical errors that can cost CISOs their positions, based on input from several industry leaders. It highlights risks such as overconfidence, unnecessary complexity, weak Governance, Risk & Compliance programs, and poor alignment with business priorities. The piece stresses practical prevention: prioritize access control and identity management, address the human factor, shrink stale data, break down silos, and avoid complacency to reduce breach risk and maintain executive trust.

Amazon EBS Adds Snapshot Copy Support for Local Zones

🔁 Amazon Elastic Block Store (EBS) now supports snapshot copy for AWS Local Zones, enabling point-in-time local snapshots to be copied to the parent Region or another Local Zone. The feature is generally available and accessible via the AWS Console, CLI, and SDKs. This capability helps customers meet disaster recovery, data migration, and compliance requirements by storing snapshots in Amazon S3 within the chosen Region or Local Zone.

Hidden Vulnerabilities in Project Management Tools: Backup

🛡️ Many organizations rely on SaaS project platforms such as Trello and Asana for daily operations, but native protections and short retention windows often leave critical data exposed. The piece highlights human error, misconfiguration, and targeted cyberattacks as leading causes of loss. It recommends adding a third‑party backup layer and presents FluentPro Backup as a solution offering continuous automated backups, granular restores, one‑click project recovery, and Azure‑backed security to ensure recoverability and auditability.

CrowdStrike to Acquire Onum for Real-Time Telemetry

📡 CrowdStrike announced an agreement to acquire Onum, a leader in real-time telemetry pipeline management that will extend the CrowdStrike Falcon platform's data advantage. Onum transforms telemetry in motion by filtering, enriching and optimizing events as they stream, delivering high-fidelity intelligence to Falcon Next-Gen SIEM, customer AI agents and data lakes. CrowdStrike highlights gains in speed and cost efficiency, saying the integration will reduce storage overhead, accelerate incident response and enable an agentic SOC powered by real-time, AI-driven detection.

Cloudflare Application Confidence Scores for AI Safety

🔒 Cloudflare introduces Application Confidence Scores to help enterprises assess the safety and data protection posture of third-party SaaS and Gen AI applications. Scores, delivered as part of Cloudflare’s AI Security Posture Management, use a transparent, public rubric and automated crawlers combined with human review. Vendors can submit evidence for rescoring, and scores will be applied per account tier to reflect differing controls across plans.

Microsoft launches Secure Future Initiative patterns

🔐 Microsoft announced the launch of the Secure Future Initiative (SFI) patterns and practices, a new library of actionable implementation guidance distilled from the company’s internal security improvements. The initial release includes eight patterns addressing urgent risks such as phishing-resistant MFA, preventing identity lateral movement, removing legacy systems, standardizing secure CI/CD, creating production inventories, rapid anomaly detection and response, log retention standards, and accelerating vulnerability mitigation. Each pattern follows a consistent taxonomy—problem, solution, practical steps, and operational trade-offs—so organizations can adopt modular controls aligned to secure by design, by default, and in operations principles.

Understanding Why Your Personal Data Is So Valuable

🔒 In this episode of Unlocked 403, host Becks and ESET Global Security Advisor Jake Moore examine how everyday online activity becomes a marketable commodity. They explain how social media, apps and websites harvest, analyze and monetize both first- and third-party data, and why metadata often reveals more than expected. The conversation highlights risks for children and the long-term consequences of pervasive collection. Jake shares practical tips for tightening app privacy settings, limiting permissions and embracing data minimization to better protect personal information.

SAFECOM/NCSWIC AI Guidance for Emergency Call Centers

📞 SAFECOM and NCSWIC released an infographic outlining how AI is being integrated into Emergency Communication Centers to provide decision-support for triage, translation/transcription, data confirmation, background-noise detection, and quality assurance. The resource also describes use of signal and sensor data to enhance first responder situational awareness. It highlights cybersecurity, operability, interoperability, and resiliency considerations for AI-enabled systems and encourages practitioners to review and share the guidance.

Twitter Whistleblower Alleges Major Security Failures

🔍 An 84-page whistleblower complaint from former Twitter head of security Peiter “Mudge” Zatko alleges systemic security and privacy failings at the company, including excessive staff access, unpatched servers, and potential foreign-agent infiltration. Zatko says these issues violate a 2010 FTC order and pose a national security risk. Twitter calls him a disgruntled ex-employee and says many issues are addressed. Congressional inquiries have already begun.