Iain Thomson reports: Software patches from Microsoft this week closed two vulnerabilities exploited by spyware said to have been sold to governments by Israeli developer Candiru. On Thursday, Citizen Lab released a report fingering Candiru as the maker of the espionage toolkit, an outfit Microsoft code-named Sourgum. It is understood the spyware, code-named DevilsTongue by Microsoft, exploited…
Category: Commentaries and Analyses
94% Of Organizations Have Suffered Insider Data Breaches, So Why Aren’t These a Bigger Worry?
Sometimes, 2+2 does not = 4, it seems. When employees falling for phishing attempts represent one of the two biggest preludes to a ransomware attack, why are 28% of IT leaders in a recent survey more concerned about malicious insiders than human error? Why are only 21% of those surveyed most concerned about human error?…
Is REvil really gone? Lots of speculation, no confirmation of anything yet.
The “Happy Blog” leak site belonging to the Sodinokibi threat actors known as “REvil” (“Are Evil”) is offline, and their spokesperson “Unknown” has been silent for a few days. Lawrence Abrams of Bleeping Computer says all of REvil’s sites are down, including the payment site. So have they folded? REvil’s “Unknown” consistently said they would…
Follow-up: Forensic audit didn’t reveal any unauthorized access to customer data: Mobikwik
Mint reports: Payments firm One Mobikwik Systems Ltd on Monday, in its draft IPO prospectus, said that a forensic audit conducted by an independent expert did not reveal any unauthorized access to its customer database in March. The alleged data breach came to light in March after unknown actors claimed they were selling Mobikwik’s data on the…
China’s Shenzhen City Enacted Regional Data Regulation
Manuel Torres and Zhang, Dun of Garrigues write: Shenzhen, the leading financial and production center for China and home of many Chinese internet and tech giants such as Huawei, Tencent and DJI, enacted its regional data protection law, ‘Data Regulation of the Shenzhen Special Economic Zone’ (Shenzhen Data Regulation) on June 29, 2021. Shenzhen Data…
Healthcare Under Attack
Health law attorney Matthew Fisher writes: Not a day can go by anymore without a report of at least one data breach (and likely more) or a cyber attack on a healthcare organization. The pace of attacks seemed to increase as the world shutdown in from COVID-19 and security concerns have only continued to increase….