Fri.Feb 19, 2021

Mexican Politician Removed Over Alleged Ties to Romanian ATM Skimmer Gang

Krebs on Security

The leader of Mexico’s Green Party has been removed from office following allegations that he received money from a Romanian ATM skimmer gang that stole hundreds of millions of dollars from tourists visiting Mexico’s top tourist destinations over the past five years.

IRS Warns of Fresh Fraud Tactics as Tax Season Starts

Data Breach Today

Site Spoofing, Phishing Campaigns Proliferate As tax season begins, the Internal Revenue Service is warning that it's seeing signs of fraudsters spoofing the agency's domains and incorporating its logos and language into phishing campaigns

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Router Security

Schneier on Security

This report is six months old, and I don’t know anything about the organization that produced it, but it has some alarming data about router security. Conclusion: Our analysis showed that Linux is the most used OS running on more than 90% of the devices.

'Cuba' Ransomware Gang Hits Payment Processor and Steals Data

Data Breach Today

California DMV and Washington Cities Among Those Issuing Data Breach Notifications The "Cuba" ransomware gang has hit Seattle-based Automatic Funds Transfer Services, which processes data from California's Department of Motor Vehicles as well as many cities in Washington.

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

Kia Denies Ransomware Attack as IT Outage Continues

Dark Reading

Kia Motors America states there is no evidence its recent systems outage was caused by a ransomware attack

More Trending

Privacy bug in the Brave browser exposes Tor addresses to user’s DNS provider

Security Affairs

A privacy bug in the Brave Browser caused the leak of the Tor onion URL addresses visited in the Tor mode by the users. A bug in the Private Window with Tor implemented in the Brave web browser could reveal the onion sites visited by the users.

Analysis: Sandworm's Hacking Campaign

Data Breach Today

This edition of the ISMG Security Report features an analysis of the impact of a hacking campaign linked to Russia’s Sandworm that targeted companies using Centreon IT monitoring software.

Attackers Already Targeting Apple's M1 Chip with Custom Malware

Dark Reading

A proof-of-concept program infects systems with ARM64-compiled binaries and then reaches out to download additional functionality

95

Experts spotted the first malware tailored for Apple M1 Chip, it is just the beginning

Security Affairs

Apple launched its M1 chip and cybercriminals developed a malware sample specifically for it, the latest generation of Macs are their next targets.

IT 89

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

How to Fine-Tune Vendor Risk Management in a Virtual World

Dark Reading

Without on-site audits, many organizations lack their usual visibility to assess risk factors and validate contracts and SLA with providers

Risk 82

Hackers steal credit card data abusing Google’s Apps Script

Security Affairs

Hackers abuse Google Apps Script to steal credit cards, bypass CSP. Attackers are abusing Google’s Apps Script business application development platform to steal payment card information from e-stores.

Mysterious Silver Sparrow Malware Found Nesting on 30K Macs

Threatpost

A second malware that targets Macs with Apple's in-house M1 chip is infecting machines worldwide -- but it's unclear why. Malware

IT 113

New Masslogger Trojan variant exfiltrates user credentials

Security Affairs

MassLogger Windows credential stealer infamous is back and it has been upgraded to steal credentials from Outlook, Chrome, and instant messenger apps. MassLogger Windows credential stealer is back and it has been upgraded to steal credentials from Outlook, Chrome, and instant messenger apps.

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

Malformed URL Prefix Phishing Attacks Spike 6,000%

Threatpost

Sneaky attackers are flipping backslashes in phishing email URLs to evade protections, researchers said. Most Recent ThreatLists Web Security

66% of Workers Risk Breaching GDPR by Printing Work-Related Docs at Home via Infosecurity Magazine

IG Guru

Check out the article here. The post 66% of Workers Risk Breaching GDPR by Printing Work-Related Docs at Home via Infosecurity Magazine appeared first on IG GURU.

Risk 63

Credential-Stuffing Attack Targets Regional Internet Registry

Threatpost

RIPE NCC, the regional Internet registry for Europe, West Asia, and the former Soviet Union, said attackers attempted a credential-stuffing attack against its single-sign on service. Web Security

IT 101

Modernize your legacy applications

OpenText Information Management

Many organizations continue to hold onto legacy applications and systems for compliance and regulatory reasons. But they find it expensive and technically burdensome to maintain these. While they could archive ageing applications and systems, decommissioning the data can be complex.

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

The new DevSecOps team is up and running, and you feel ready to take on rising security threats while delivering quality software updates. But that leaves just one question: how do you monitor your new program as effectively and efficiently as possible? Join Shannon Lietz, Director of DevsecOps at Intuit, and award-winning innovator, to learn the answers to these questions so you can lead your DevSecOps team to the top!

Microsoft: SolarWinds Attackers Downloaded Azure, Exchange Code

Threatpost

However, internal products and systems were not leveraged to attack others during the massive supply-chain incident, the tech giant said upon completion of its Solorigate investigation. Cloud Security Hacks Malware Vulnerabilities

IT 101

7 Benefits of Metadata Management

erwin

Metadata management is key to wringing all the value possible from data assets. However, most organizations don’t use all the data at their disposal to reach deeper conclusions about how to drive revenue, achieve regulatory compliance or accomplish other strategic objectives. What Is Metadata?

UPDATE: Will Virginia be the Second State to Enact Major Privacy Legislation?

Hunton Privacy

As we previously reported , significant data privacy bills, titled the Consumer Data Protection Act, are working their way through the Virginia legislature. If enacted, Virginia would be the second state to enact major data privacy legislation of general applicability.

European Commission Publishes Draft UK Adequacy Decisions

Data Matters

On February 19, 2021, the European Commission ( EC ) published two draft implementing decisions to enable the continuing free-flow of personal data from the EU to the UK (the Draft Adequacy Decisions ) i.e., post-Brexit: (i) for transfers of personal data under the EU General Data Protection Regulation ( EU GDPR ); and (ii) for transfers of personal data under the Law Enforcement Directive ( LED ).

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

European Commission Publishes Draft UK Data Transfer Adequacy Determination

Hunton Privacy

On February 19, 2021, the European Commission published a draft data protection adequacy decision relating to the UK.

Regulatory agenda of the Brazilian national data protection authority for the 2021-2022 biennium

Privacy and Cybersecurity Law

On January 28, 2021, due to the Data Privacy Day, the Brazilian National Data Protection Authority (“ANPD”), through Ordinance No.

EU Commission draft UK Data Protection Adequacy Decision published

Data Protection Report

Following nine months of assessment of the UK’s data protection laws (including the rules on access to data by public authorities), the European Commission has today published its draft decision on the adequate protection of personal data by the United Kingdom. The draft decision can be found here.

Friday Squid Blogging: Amazing Video of a Black-Eyed Squid Trying to Eat an Owlfish

Schneier on Security

From the Monterey Bay Aquarium. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Uncategorized squid video

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.