Wed.Jul 01, 2020

It's Official: CCPA Enforcement Begins

Data Breach Today

Move Comes Despite Lack of Final Version of Sweeping Data Protection Law Enforcement of the California Consumer Privacy Act officially began Wednesday despite the lack of a final, codified version of the regulation. Experts weigh in on compliance steps organizations should take

IT 210

Ransomware Gangs Don’t Need PR Help

Krebs on Security

We’ve seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

FakeSpy Android Malware Disguised as Postal Service Messages

Data Breach Today

Researchers: Attackers Use SMS Phishing Messages to Spread Info Stealer The operators behind an updated version of the FakeSpy malware are targeting Android devices using SMS phishing messages to spread the info stealer, according to Cybereason.

List of data breaches and cyber attacks in June 2020 ­– 7 billion records breached

IT Governance

The first half of 2020 ended on a familiarly bad note, with 92 security incidents accounting for at least 7,021,195,399 breached records.

Building Trust in Digital Identities

Data Breach Today

Open Identity Exchange CEO Nick Mothershaw on the Global Outlook Implementing trusted digital IDs will create benefits for end users as well as service providers, says Nick Mothershaw, chair and executive director at the Open Identity Exchange.

186
186

New Mac Ransomware Is Even More Sinister Than It Appears

WIRED Threat Level

The malware known as ThiefQuest or EvilQuest also has spyware capabilities that allow it to grab passwords and credit card numbers. Security Security / Cyberattacks and Hacks Security / Security News

More Trending

Rikke Jacobsen: Helping Danish companies build solid analytics foundations and prepare for change

IBM Big Data Hub

Follow @IBMAnalytics. This story is part of Analytics Heroes, a series of profiles on leaders transforming the future of business analytics

Guarding Against COVID-19 Fraud Schemes

Data Breach Today

With the COVID-19 pandemic continuing to surge, organizations must remain vigilant in their defense against coronavirus-themed phishing, business email compromise and other fraud campaigns, says attorney Robert Egan, who offers risk mitigation insights

Netgear is releasing fixes for ten issues affecting 79 products

Security Affairs

Netgear is addressing ten vulnerabilities affecting nearly 80 of its products, including issues discovered at the Pwn2Own hacking competition. Netgear is releasing security patches to address ten vulnerabilities affecting nearly 80 of its products.

Ondemand Webinar | Navigating the Security Maze of the Remote Worker with Splunk

Data Breach Today

In-depth overview of the new attack surface of the remote worker Join us for an in-depth overview of the new attack surface of the remote worker

New EvilQuest ransomware targets macOS users

Security Affairs

Experts discovered a new ransomware dubbed EvilQuest designed to target macOS systems, it also installs a keylogger and a reverse shell to take over them.

FCC: Huawei, ZTE Are 'National Security Threats'

Data Breach Today

Telecoms Cannot Use Federal Funds to Buy Gear from Chinese Firms The U.S. Federal Communications Commission has officially designated China's Huawei Technologies and ZTE Corp.

Schools Already Struggled With Cybersecurity. Then Came Covid-19

WIRED Threat Level

A lack of dedicated funding and resources made it hard to keep data secure—and that was before classes moved almost entirely online. Security Security / Cyberattacks and Hacks

OnDemand Webinar | Securing the New Hybrid Workforce: IT Best Practices for Balancing On-Premises and Remote Teams

Data Breach Today

Best practices for getting your workplace back up and running with Progress Register and attend this session to discuss IT Best Practices for Balancing On-Premises and Remote Teams

IT 109

Maze Ransomware operators hacked the Xerox Corporation

Security Affairs

Xerox Corporation is the last victim of the Maze ransomware operators, hackers have encrypted its files and threaten of releasing them. Maze ransomware operators have breached the systems of the Xerox Corporation and stolen files before encrypting them.

Another COVID-19 Side Effect: Rising Nation-State Cyber Activity

Dark Reading

While financial institutions and government remain popular targets, COVID-19 research organizations are now also in the crosshairs

Securing the International IoT Supply Chain

Schneier on Security

Together with Nate Kim (former student) and Trey Herr (Atlantic Council Cyber Statecraft Initiative), I have written a paper on IoT supply chain security. The basic problem we try to solve is: how to you enforce IoT security regulations when most of the stuff is made in other countries?

IoT 80

DHS Shares Data on Top Cyberthreats to Federal Agencies

Dark Reading

Backdoors, cryptominers, and ransomware were the most widely detected threats by the DHS Cybersecurity and Infrastructure Security Agency (CISA)'s intrusion prevention system EINSTEIN

Responding to subject rights requests for the CCPA and beyond

OpenText Information Management

This blog is co-authored by Andy Teichholz and Gino Vicari. July 1, 2020 marks the start of enforcement of the California Consumer Privacy Act (CCPA).

4 Steps to a More Mature Identity Program

Dark Reading

Security has evolved to evaluate an identity's attributes, access, and behavior to determine appropriate access

The U.S. FCC considers Huawei and ZTE as national security threats

Security Affairs

The U.S. Federal Communications Commission (FCC) announced that Chinese telecommunications giants Huawei and ZTE are considered as national security threats. Last week China accused the US government of “oppressing Chinese companies” after U.S.

DHS Shares Data on Top Cyber Threats to Federal Agencies

Dark Reading

Backdoors, cryptominers, and ransomware were the most widely detected threats by the DHS Cybersecurity and Infrastructure Security Agency (CISA)'s intrusion prevention system EINSTEIN

Microsoft releases emergency security updates to fix Windows codecs

Security Affairs

Microsoft has silently released an emergency security update through the Windows Store app to address two vulnerabilities in Windows codecs. Microsoft has silently released two out-of-band security updates through the Windows Store app to address two vulnerabilities in the Windows Codecs Library.

Attackers Compromised Dozens of News Websites as Part of Ransomware Campaign

Dark Reading

Malware used to download WastedLocker on target networks was hosted on legit websites belonging to one parent company, Symantec says

Cisco Warns of High-Severity Bug in Small Business Switch Lineup

Threatpost

A high-severity flaw allows remote, unauthenticated attackers to potentially gain administrative privileges for Cisco small business switches. Vulnerabilities Web Security Cisco cisco flaw Cisco patch CVE-2020-3297 high severity flaw security vulnerability small business switch

How You Can Write Better Threat Reports

Lenny Zeltser

Writing about cybersecurity threats, such as phishing campaigns, malware infections, and attack groups, is challenging for many reasons. How should you decide what details to include? How can you persuade the readers that your analysis is sound? How might you address the needs of multiple audiences?

Email Sender Identity is Key to Solving the Phishing Crisis

Threatpost

Almost 90% of email attacks manipulate sender identity to fool recipients and initiate social engineering attacks. Web Security email security email sender identity phishing attacks

Unemployment Insurance Fraud and Identity Theft: Up Close and Personal

Lenny Zeltser

In June 2020, the Federal Trade Commission (FTC) warned that “imposters are filing claims for unemployment benefits [in the US], using the names and personal information of people who have not filed claims.”

New Android Spyware Tools Emerge in Widespread Surveillance Campaign

Threatpost

Never-before-seen Android spyware tools have been used in a widespread APT campaign to spy on the Uyghur ethnic minority group - since 2013. Hacks Malware Web Security Android apt APT15 CarbonSteal data exfiltration DoubleAgent GoldenEagle mAPT SilkBean Spyware surveillanceware Uyghur

New MacOS Ransomware Hides in Pirated Program

Dark Reading

A bogus installer for Little Snitch carries a ransomware hitchhiker

Microsoft Releases Emergency Security Updates for Windows 10, Server

Threatpost

The patches fix two separate RCE bugs in Windows Codecs that allow hackers to exploit playback of multimedia files. Vulnerabilities Web Security Attackers Microsoft multimedia files Patches remote code execution Security Update vulnerabilities Windows Codecs Windows server zero day exploit

Remote working: the biggest recent information governance challenge via Technative

IG Guru

Check out the article here. The post Remote working: the biggest recent information governance challenge via Technative appeared first on IG GURU. AI Business IG News Information Governance information privacy information security Privacy Security ML PII Remote Working

EvilQuest: Inside A ‘New Class’ of Mac Malware

Threatpost

Mac expert Thomas Reed discusses how EvilQuest is ushering in a new class of Mac malware. Malware Podcasts Adware apple crypto wallet EvilQuest key-logger Mac malware Malwarebytes mobile podcast ransomware Thomas Reed Windows

New Zealand: Significant changes to NZ’s Privacy Act – but where is the bite?

DLA Piper Privacy Matters

By: Nick Valentine, Laura Scampion, Rachel Taylor. After a lengthy process (dating as far back as 1998, depending on how you measure it) the Privacy Bill, which amends the Privacy Act 1993, has finally made its way through Parliament, receiving Royal Assent on 30 June 2020.

GDPR 56