Sergiu Gatlan reports: … IcedID is a modular banking trojan first spotted in 2017 and updated to also deploy second-stage malware payloads, including Trickbot, Qakbot, and Ryuk ransomware. Recently detected by the Microsoft 365 Defender Threat Intelligence Team, this phishing campaign seems to have found a way to bypass contact forms’ CAPTCHA protection to flood enterprises with a barrage…
Category: Commentaries and Analyses
No password required: Mobile carrier exposes data for millions of accounts
Dan Goodin reports: Q Link Wireless, a provider of low-cost mobile phone and data services to 2 million US-based customers, has been making sensitive account data available to anyone who knows a valid phone number on the carrier’s network, an analysis of the company’s account management app shows. Read more on The Register. Opinion: I…
Hogan Lovells Asia Pacific Data Protection and Cyber Security Guide 2021
Resource: Hogan Lovells Asia Pacific Data Protection and Cyber Security Guide 2021 (registration required to access it)
Maze/Egregor ransomware cartel estimated to have made $75 million
Catalin Cimpanu reports: The group behind the Maze and Egregor ransomware operations are believed to have earned at least $75 million worth of Bitcoin from ransom payments following intrusions at companies all over the world. “We believe this figure to be much more significant, but we can only assess the publicly acknowledged ransom payments. Many victims never…
Proctor-U agrees to security audit thanks to inquiries by Senator Wyden
Sean Lyngaas reports: A company whose software has been widely used to administer law school entrance exams during the coronavirus pandemic has agreed to an independent audit of the software after a U.S. senator raised cybersecurity concerns about the product. Alabama-based ProctorU’s web-browser extension software has allowed people across the U.S. to take the LSAT…
Utah is the 2nd State to Create a Safe Harbor for Companies Facing Data Breach Litigation
Joseph J. Lazzarotti, Jason C. Gavejian, and Maya Atrakchi of JacksonLewis write: In mid-March, Utah Governor Spencer Cox signed into law the Cybersecurity Affirmative Defense Act (HB80) (“the Act”), an amendment to Utah’s data breach notification law, creating several affirmative defenses for persons (defined below) facing a cause of action arising out of a breach…