Sara Merken reports: Accellion Inc has reached an $8.1 million deal with a proposed nationwide class to end litigation over a breach of its legacy file transfer product, a platform that allowed companies to securely share large or sensitive files, according to settlement papers filed in California federal court. The Palo Alto-based tech company faced…
Category: Commentaries and Analyses
Microsoft Defender weakness lets hackers bypass malware detection
Ionut Ilascu reports: Threat actors can take advantage of a weakness that affects Microsoft Defender antivirus on Windows to learn locations excluded from scanning and plant malware there. The issue has persisted for at least eight years, according to some users, and affects Windows 10 21H1 and Windows 10 21H2. Read more at BleepingComputer.
Breach of the Protection and Accountability Obligations by Nature Society (Singapore) 14 Jan 2022
A financial penalty of $14,000 was imposed on Nature Society (Singapore) for breaches of the PDPA. First, the organisation failed to put in place reasonable measures to protect personal data on its website database. Second, it did not appoint a data protection officer. Lastly, it did not have written policies and practices necessary to comply…
In change, Army to allow file downloads for Army 365 email on personal devices
Davis Winkie reports: After months of soldiers complaining that security features on the Army’s new email platform were preventing them from doing basic tasks, the Army’s top IT official announced a change to the Army 365 download policy in a Monday LinkedIn post. Army Times previously reported the frustration that some soldiers were experiencing because the new email…
The RIPTA Data Breach May Provide Valuable Lessons About Data Collection and Retention
Joseph J. Lazzarotti of JacksonLewis writes: Efforts to secure systems and data from a cyberattack often focus on measures such as multifactor authentication (MFA), endpoint monitoring solutions, antivirus protections, and role-based access management controls, and for good reason. But there is a basic principle of data protection that when applied across an organization can significantly…
Who is the Network Access Broker ‘Wazawaka?’
Brian Krebs reports: In a great many ransomware attacks, the criminals who pillage the victim’s network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman known as an initial…