Security Affairs

MARCH 8, 2022

The US Federal Bureau of Investigation (FBI) and CISA published a flash alert to warn that the Ragnar Locker ransomware gang has breached the networks of at least 52 organizations across 10 critical infrastructure sectors. The flash alert includes a series of mitigations to neutralize such attacks: Back-up critical data offline.

Ransomware 87

Ransomware Passwords Financial Services Manufacturing 87

Security Affairs

JULY 8, 2020

Early June, researchers at F5 Networks have addressed a critical remote code execution (RCE) vulnerability, tracked as CVE-2020-5902, that resides in undisclosed pages of Traffic Management User Interface (TMUI) of the BIG-IP product. This issue is not exposed on the data plane; only the control plane is affected.”.

Education 121

Education Government Passwords Authentication 121

Security Affairs

APRIL 18, 2021

Fedir Hladyr (35), a Ukrainian national was sentenced today to 10 years in prison for his role in the financially motivated group FIN7, aka Carbanak. FIN7 attacks aimed at breaching internal networks of businesses to install PoS malware and steal payment card data. The man is suspected to be a supervisor of the group.

Systems administration 117

Systems administration Encryption Communications Security 117

Security Affairs

JULY 28, 2021

The ‘Cost of a Data Breach’ report commissioned by IBM Security states that the cost of a data breach exceeded $4.2 The study highlights the significant impact of the ongoing pandemic on the cost of data breaches and the effort to contain them. ” states IBM Security. since the 2017).

Data breaches 137

Data breaches Ransomware Security Cloud 137

Security Affairs

NOVEMBER 15, 2020

Every week the best security articles from Security Affairs free for you in your email box. million Texas drivers Biotech research firm Miltenyi Biotec hit by Mount Locker ransomware CISA Chief Chris Krebs expects to be fired by the White House Schneider Electric published a security advisory on Drovorub Linux Malware.

Security 103

Security Data breaches Ransomware Manufacturing 103

Security Affairs

JUNE 13, 2023

A database containing personal information of 8,929,503 Zacks Investment Research users emerged on a popular hacking forum on June 10, 2023. The availability of the archive was reported by the data breach notification service Have I Been Pwned , which notified Zecks. ” reported HIBP.

Data breaches 88

Data breaches Passwords Encryption Archiving 88

Data Protection Report

APRIL 30, 2024

The claims related to the company’s sharing personal data without consumer consent and making it very difficult for consumers to cancel their subscriptions to this telehealth service. As indicated in the paragraph quoted above, the company collected some very sensitive personal information.

Personal data 85

Personal data Privacy Information governance Compliance 85

Security Affairs

SEPTEMBER 18, 2020

Singapore, 09/18/2020 — Group-IB , a global threat hunting and intelligence company headquartered in Singapore, evidenced the transformation of the threat portfolio over the first half of 2020. Secure web- phishing. Secure web- phishing. Opened email lets spy in.

Phishing 104

Phishing Ransomware Data collection Sales 104

Security Affairs

JANUARY 15, 2020

Microsoft has released a security update to address “a broad cryptographic vulnerability” that is impacting its Windows operating system. The flaw, dubbed ‘NSACrypt’ and tracked as CVE-2020-0601, resides in the Crypt32.dll ” reads the security advisory published by Microsoft.

Libraries 75

Libraries Encryption Security Risk 75

IBM Big Data Hub

OCTOBER 30, 2023

In July 2023, the Securities and Exchange Commission (SEC) voted to adopt new cybersecurity rules and requirements for all market entities to address risks. Among the passed regulations were updated requirements for Form 8-K reporting as well as new guidance for Form 10-K Amendments. increase from 2020.

Data breaches 74

Data breaches Cybersecurity Risk Privacy 74

Hunton Privacy

AUGUST 15, 2022

On June 10, 2022, New York became the first state to require attorneys to complete at least one credit of cybersecurity, privacy and data protection training as part of their continuing legal education (“CLE”) requirements. The new requirement will take effect July 1, 2023.

Cybersecurity 114

Cybersecurity Privacy Data Privacy Data breaches 114

Thales Cloud Protection & Licensing

JANUARY 10, 2024

Navigating the EU-US Data Protection Framework sparsh Thu, 01/11/2024 - 05:26 On 10 July 2023, the European Commission adopted a new adequacy decision regarding the Data Privacy Framework (“DPF”). This follows the invalidation of the EU-US Privacy Shield, by the Court of Justice of the European Union on 16 July 2020.

Data Privacy 83

Data Privacy Personal data Privacy Cloud 83

Security Affairs

JANUARY 16, 2020

Researchers published proof-of-concept (PoC) code exploits for a recently-patched CVE-2020-0601 flaw in the Windows operating system reported by NSA. dll module that contains various ‘Certificate and Cryptographic Messaging functions’ used by the Windows Crypto API for data encryption. . The flaw affects the way Crypt32.dll

Encryption 75

Encryption Security Cybersecurity Risk 75

Security Affairs

JUNE 18, 2021

said that the data breach it has suffered in March might have impacted its customers and employees. this week confirmed that the data breach that took place in March might have exposed personal information about customers and employees of Carnival Cruise Line, Holland America Line, and Princess Cruises. Carnival Corp.

Data breaches 105

Data breaches Security Ransomware Cybersecurity 105

Security Affairs

FEBRUARY 18, 2023

GoDaddy discloses a security breach, threat actors have stolen source code and installed malware on its servers in a long-runing attack. The security breach was discovered in December 2022 after customer reported that their sites were being used to redirect to random domains. ” reads a FORM- 10-K filed with SEC.

Data breaches 91

Data breaches Military Manufacturing Libraries 91

Hunton Privacy

NOVEMBER 16, 2020

On November 12, 2020, somewhat in the shadow of the new standard contractual clauses for data transfers to recipients outside the European Economic Area (“EEA”), the European Commission also adopted draft standard contractual clauses to be used between controllers and processors in the EEA (“EEA Controller-Processor SCCs”).

GDPR 88

GDPR Personal data Data breaches Information Security 88

Security Affairs

JUNE 6, 2024

The FBI is informing victims of LockBit ransomware it has obtained over 7,000 LockBit decryption keys that could allow some of them to decrypt their data. “Additionally, from our ongoing disruption of LockBit, we now have over 7,000 decryption keys and can help victims reclaim their data and get back online.”

Energy and Utilities 107

Energy and Utilities Ransomware Agriculture Encryption 107

Security Affairs

MAY 1, 2020

Oracle warns of attacks against recently patched WebLogic security bug. IT giant Oracle published a security alert to warn organizations running WebLogic servers of ongoing attacks that exploit the CVE-2020-2883 vulnerability. The company is urging its customers to install the latest security updates released on April 14.

Security 112

Security Authentication Cybersecurity IT 112

Security Affairs

JANUARY 3, 2021

Every week the best security articles from Security Affairs free for you in your email box. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. The post Security Affairs newsletter Round 295 appeared first on Security Affairs. Pierluigi Paganini.

Security 97

Security Data breaches Ransomware Phishing 97

Security Affairs

NOVEMBER 13, 2020

Schneider Electric released security advisories for multiple vulnerabilities impacting various products, including four issues that can be exploited by attackers to take control of Modicon M221 programmable logic controllers (PLCs). This data is encrypted using a 4-byte XOR key, which is a weak encryption method.”

Encryption 107

Encryption Security Passwords Authentication 107

Security Affairs

SEPTEMBER 1, 2020

Norway’s parliament announced Tuesday that it was the target of a major cyber-attack that allowed hackers to access emails and data of a small number of parliamentary representatives and employees. link] — PST (@PSTnorge) September 1, 2020. “There have been intrusions in the email accounts of a few MPs and employees.

Security 109

Security Phishing Access IT 109

Security Affairs

MARCH 12, 2022

Video game company Ubisoft has suffered a ‘cyber security incident’ that had a severe impact on games, systems, and services. The rumors of a cyber attack against Ubisoft circulated online in the last few days, while data extortion group LAPSUS$ claimed to have hacked the company. Pierluigi Paganini.

Security 90

Security Data breaches Ransomware Passwords 90

Security Affairs

MARCH 18, 2020

The online guitar tutoring website TrueFire was compromised by hackers in a classic Magecart style attack that exposed customers’ payment card data. The websites were informed by some affected TrueFire customers which shared details the data breach notification they received from the company.

Data breaches 100

Data breaches Access Libraries Passwords 100

Security Affairs

NOVEMBER 26, 2020

discloses a ransomware attack that took place in September 2020. revealed that a ransomware attack hit its systems in September 2020. The US Fertility (USF) network is comprised of 55 locations across 10 states that completed almost 25,000 IVF cycles in 2018 through its clinics with 130,000 babies have been born.

Ransomware 142

Ransomware Data breaches Encryption Security 142

Hunton Privacy

DECEMBER 24, 2020

On December 15, 2020, the Federal Trade Commission announced a proposed settlement with Ascension Data & Analytics, LLC, a Texas-based mortgage industry data analytics company (“Ascension”), to resolve allegations that the company failed to ensure one of its vendors was adequately securing personal information of mortgage holders.

Risk 99

Risk Analytics Information Security Cloud 99

Security Affairs

FEBRUARY 11, 2022

CISA has added to the catalog of vulnerabilities another 15 security vulnerabilities actively exploited in the wild. The US Cybersecurity & Infrastructure Security Agency (CISA) has added fifteen more flaws to the Known Exploited Vulnerabilities Catalog. ” reads the advisory published by Microsoft.

IT 111

IT IoT Cybersecurity Authentication 111

Hunton Privacy

MAY 20, 2021

On May 18, 2021, New York Attorney General (“AG”) Letitia James announced a settlement agreement with Filters Fast LLC (“Filters Fast”) over a data breach that compromised personal information of approximately 324,000 consumers nationwide, including over 16,500 New York state residents.

Data breaches 78

Data breaches Retail Security IT 78

Hunton Privacy

NOVEMBER 25, 2020

On November 24, 2020, a multistate coalition of Attorneys General announced that The Home Depot, Inc. million and implement a series of data security practices in response to a data breach the company experienced in 2014. Home Depot”) agreed to pay $17.5 In addition to the $17.5 In addition to the $17.5

Data breaches 64

Data breaches Information Security Security awareness Sales 64

Security Affairs

MARCH 3, 2022

. “We reviewed crowdsourced data from scans of more than 200,000 infusion pumps on the networks of hospitals and other healthcare organizations using IoT Security for Healthcare from Palo Alto Networks.” These data are disconcerting considering that the average infusion pump has a life of eight to 10 years.

IoT 93

IoT Risk Libraries Security 93

Security Affairs

NOVEMBER 3, 2020

Google released Chrome 86.0.4240.183 for Windows, Mac, and Linux to fix 10 security vulnerabilities, including an RCE zero-day exploited in the wild. The zero-day flaw was discovered on October 29, 2020 by Google white-hat hacker Samuel Groß of Google Project Zero and Clement Lecigne of Google’s Threat Analysis Group.

Libraries 108

Libraries Security IT Access 108

Hunton Privacy

NOVEMBER 10, 2020

On November 9, 2020, the Federal Trade Commission announced it had entered into an consent agreement (the “Proposed Settlement”) with Zoom Video Communications, Inc. reviewing software updates for security flaws and ensuring that updates will not hamper third-party security features.

Security 98

Security Encryption Authentication Risk 98

Hunton Privacy

MARCH 13, 2023

Securities and Exchange Commission (SEC) announced settled administrative charges against Blackbaud Inc. The case stems from disclosures Blackbaud made to investors regarding a 2020 ransomware attack that targeted donor data management software the company provides to non-profit organizations. On March 9, 2023, the U.S.

Cybersecurity 116

Cybersecurity Ransomware Marketing Access 116

Hunton Privacy

APRIL 17, 2020

On April 14, 2020, the Indiana Attorney General’s office announced that the state had reached a settlement agreement with Equifax in connection with Equifax’s 2017 data breach. Indiana previously elected not to participate in a July 2019 multistate and Federal Trade Commission settlement with Equifax regarding the same data breach.

Data breaches 64

Data breaches Information Security Security IT 64

Hunton Privacy

SEPTEMBER 14, 2020

On September 9, 2020, the UK Information Commissioner’s Office (“ICO”) published an Accountability Framework , designed to assist organizations in complying with their accountability obligations under the EU General Data Protection Regulation (“GDPR”).

IT 114

IT Compliance Records Management GDPR 114

Security Affairs

MAY 27, 2020

The updated Grandoreiro Malware equipped with latenbot-C2 features in Q2 2020 now extended to Portuguese banks. Cybercriminals attempt to compromise computers to generate revenue by exfiltrating information from victims’ devices, typically banking-related information. Figure 1: Grandoreiro email template Q2 2020 (Portugal).

Communications 67

Communications Archiving Access IT 67

Hunton Privacy

JUNE 8, 2020

On June 3, 2020, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP published its report, What Good and Effective Data Privacy Accountability Looks Like: Mapping Organizations’ Practices to the CIPL Accountability Framework (“Report”). Canada, Europe, Asia-Pacific and Latin America.

Data Privacy 113

Data Privacy Privacy Compliance Risk 113

eSecurity Planet

JANUARY 21, 2021

Data privacy regulations like the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) can be hard to navigate for businesses of any size, but GRC tools can simplify and streamline compliance with all of the requirements. IT governance and security. Audit management. LogicManager.

Compliance 57

Compliance Risk Government Retail 57