Derek B. Johnson reports: The financially motivated FIN11, which increasingly incorporated CL0P ransomware into their operations in 2020, appeared to rely on low-effort volume techniques like spamming malware for initial entry, but put a substantial amount of effort into each follow-up compromise. “Several of their recent ransom notes explicitly name data stolen from workstations that…
Category: Business Sector
Cn: 30 Firms Reprimanded Over Data Privacy Violations in Guangdong
Regulation Asia reports: The Guangdong Communications Administration ordered 30 firms including banks and securities firms to fix the breaches and revamp their mobile phone apps. China’s GDCA (Guangdong Communications Administration) has reprimanded 30 banks, financial services and fintech firms for unauthorised data access and collection through their mobile phone apps, the SCMP reports. The GDCA alleges that…
Cybercriminals are Bypassing Multi-factor Authentication to Access Organisation’s Cloud Services
Graham Cluley writes: The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to companies to better protect their cloud-based accounts after several recent successful attacks. According to an advisory published by CISA, an increasing number of attacks have succeeded as more employees have begun to work remotely with a variety…
Ph: Privacy Commission summons operators of website that exposed car owners’ personal data
There’s an update to a data leak situation previously noted on this site. It’s always interesting to me to see how other countries handle privacy violations or data leaks. It looks like the NPC has the authority — and uses it — to order ISPs to block access to problematic web sites that violate privacy….
Hy-Vee agrees to settle the class action lawsuit over payment card data breach
In August, 2019, Hy-Vee announced that it was investigating a payment card breach affecting customers who had used some of their fuel pumps, drive-thru coffee shops, and restaurants. Three days later, Brian Krebs reported: On Tuesday of this week, one of the more popular underground stores peddling credit and debit card data stolen from hacked…
Amazon’s Ring Neighbors app exposed users’ precise locations and home addresses
Zack Whittaker reports: A security flaw in Ring’s Neighbors app was exposing the precise locations and home addresses of users who had posted to the app. Ring, the video doorbell and home security startup acquired by Amazon for $1 billion, launched Neighbors in 2018 as a breakaway feature in its own standalone app. Neighbors is one…