Zarrah Morden reports: Transparency International Malaysia (TI-M) today expressed concern over the alleged data leaks and sale of personal data belonging to Malaysians and urged the government to publicly disclose the results of police investigation into the matter. […] It also suggested that legislators study what is lacking in existing legislation, leading to solutions that…
Category: Commentaries and Analyses
DisCONTInued: The End of Conti’s Brand Marks New Chapter For Cybercrime Landscape
Yelisey Bogusalvskiy & Vitali Kremez write: On May 19, 2022, the admin panel of the Conti ransomware gang’s official website, Conti News, was shut down. The negotiations service site was also down, while the rest of the infrastructure: from chatrooms to messengers, and from servers to proxy hosts was going through a massive reset. Conti…
Major Cyber Organizations of the Russian Intelligence Services
The Office of Information Security Securing One HHS and Health Sector Security Coordination Center (HC3) have released slides from: Major Cyber Organizations of the Russian Intelligence Services (pdf, 27 pp) TLP: WHITE, ID# 202205191300 May 19, 2022 Agenda • Russian Intelligence Services’ Structure • Russian Intelligence Services’ Mandates • Turla • APT29 • APT28 •…
Decisions by the Personal Data Protection Commissioner of Singapore
The Personal Data Protection Commissioner of Singapore announced several new decisions this week. Here are three of them: A financial penalty of $2,000 was imposed on Southaven Boutique for failing to put in place reasonable security arrangement to prevent the unauthorised access of its customers’ personal data in its Point-Of-Sale system server. Read more. A…
DOJ’s New CFAA Policy is a Good Start But Does Not Go Far Enough to Protect Security Researchers
Andrew Crocker of EFF responds to the announcement this week by DOJ about its revised policy for enforcement of the Computer Fraud and Abuse Act: The Computer Fraud and Abuse Act (CFAA), the notoriously vague anti-hacking law, is long overdue for major reform. Among many problems, the CFAA has been used to target security researchers whose work…
Phishing Attacks for Initial Access Surged 54% in Q1
Jai Vijayan reports: Threat actors doubled down on their use of phishing emails as an initial attack vector during the first quarter of 2022 — and in many cases then used that access to drop ransomware or to extort organizations in other ways. Researchers from Kroll recently analyzed data gathered from security incidents they responded…