Graham Cluley writes: The Turkish government is proposing a controversial new cybersecurity law that could make it a criminal act to report on data breaches. The new legislation proposes penalties for various cybersecurity-related offences. But the key one which has people concerned is this: “Those who carry out activities aimed at targeting institutions or individuals…
Year: 2025
PayPal to pay NYS $2M for violating DFS’s Cybersecurity Regulation
January 23, 2025 New York State Department of Financial Services Superintendent Adrienne A. Harris today announced that PayPal, Inc. (PayPal) will pay a $2 million penalty to New York State for violations of DFS’s Cybersecurity Regulation. An investigation determined PayPal failed to use qualified personnel to manage key cybersecurity functions and failed to provide adequate training…
Orlando Man Pleads Guilty To Conducting Series Of Cyber Intrusions Against Former Employer
Orlando, Florida – United States Attorney Roger B. Handberg announces that Michael Scheuer (39, Orlando) today pleaded guilty to one count of knowingly transmitting a program, code, or command to a protected computer and intentionally causing damage without authorization and one count of aggravated identity theft. Scheuer faces a maximum penalty of 10 years in federal prison…
Hackers Crack Subaru’s Connected Services To Access Location Data, Door Locks And More
Amber DaSilva reports: If you own a modern Subaru, chances are you’ve heard of Starlink — the company’s connected services suite, which lets you control your car through an app or call roadside assistance to your location. That system, though, has other functionality that you might not know: Storing your car’s location history for the last year, and making that…
Research Report: The Insider Threat Digital Recruitment Marketplace
An interesting report by Nisos looks at those selling or advertising insider access and those recruiting insiders at firms. From the report: Executive Summary Nisos routinely monitors mainstream and alternative social media platforms, as well as cloud-based messaging applications and dark web forums to identify individuals and networks advertising insider access or recruiting insiders at…
Cloudflare CDN flaw leaks user location data, even through secure chat apps
Bill Toulas reports: A security researcher discovered a flaw in Cloudflare’s content delivery network (CDN), which could expose a person’s general location by simply sending them an image on platforms like Signal and Discord. While the geo-locating capability of the attack is not precise enough for street-level tracking, it can provide enough data to infer what…