Vincent Ryan reports: After being discovered, cybersecurity breaches are not consistently disclosed promptly, found an Audit Analytics study of public companies released on Friday. On average, publicly held companies took 53 days to disclose a breach incident after discovering it. The 53-day average disclosure timeframe is less than the 10-year average of 67 days, but…
Category: Commentaries and Analyses
Attackers deliver legal threats, IcedID malware via contact form
Sergiu Gatlan reports: … IcedID is a modular banking trojan first spotted in 2017 and updated to also deploy second-stage malware payloads, including Trickbot, Qakbot, and Ryuk ransomware. Recently detected by the Microsoft 365 Defender Threat Intelligence Team, this phishing campaign seems to have found a way to bypass contact forms’ CAPTCHA protection to flood enterprises with a barrage…
No password required: Mobile carrier exposes data for millions of accounts
Dan Goodin reports: Q Link Wireless, a provider of low-cost mobile phone and data services to 2 million US-based customers, has been making sensitive account data available to anyone who knows a valid phone number on the carrier’s network, an analysis of the company’s account management app shows. Read more on The Register. Opinion: I…
Hogan Lovells Asia Pacific Data Protection and Cyber Security Guide 2021
Resource: Hogan Lovells Asia Pacific Data Protection and Cyber Security Guide 2021 (registration required to access it)
Maze/Egregor ransomware cartel estimated to have made $75 million
Catalin Cimpanu reports: The group behind the Maze and Egregor ransomware operations are believed to have earned at least $75 million worth of Bitcoin from ransom payments following intrusions at companies all over the world. “We believe this figure to be much more significant, but we can only assess the publicly acknowledged ransom payments. Many victims never…
Proctor-U agrees to security audit thanks to inquiries by Senator Wyden
Sean Lyngaas reports: A company whose software has been widely used to administer law school entrance exams during the coronavirus pandemic has agreed to an independent audit of the software after a U.S. senator raised cybersecurity concerns about the product. Alabama-based ProctorU’s web-browser extension software has allowed people across the U.S. to take the LSAT…