The Federal Trade Commission finalized a settlement with Zoom Video Communications, Inc., over allegations it misled consumers about the level of security it provided for its Zoom meetings and compromised the security of some Mac users. The final order requires Zoom to implement a comprehensive security program, review any software updates for security flaws prior to release and ensure…
Category: Of Note
China Has Stolen 80% Of American Adults’ Personal Data, Expert Claims
Daniel Richardson reports: Bill Evanina, former director of the US National Counterintelligence and Security Center, appeared as a guest on CBS’s 60 Minutes on Sunday, January 31, and gave a stark warning about data being used by China. During the programme, the former director suggested that Beijing is attempting to collect the medical data of Americans….
Lawmakers press NSA for answers about Juniper hack from 2015
Justin Katz reports: A group of Democratic lawmakers is calling on the National Security Agency to account for its part in the five-year-old breach of Juniper Networks, following a congressional investigation of the company last year. “The American people have a right to know why NSA did not act after the Juniper hack to protect…
FR: CNIL Fines a Data Controller and Its Processor 225,000 Euros for Security Violation in Connection with Credential Stuffing
Hunton Andrews Kurth writes: On January 27, 2021, the French Data Protection Authority (the “CNIL”) announced (in French) that it imposed a fine of €150,000 on a data controller, and a fine of €75,000 on its data processor, for failure to implement adequate security measures to protect customers’ personal data against credential stuffing attacks on the website…
Fonix ransomware shuts down and releases master decryption key
Lawrence Abrams reports: The Fonix Ransomware operators have shut down their operation and released the master decryption allowing victims to recover their files for free. Fonix Ransomware, also known as Xinof and FonixCrypter, began operating in June 2020 and has been steadily encrypting victims since. Read more on BleepingComputer.
Suspected Russian Hackers Gained Edge Through Tech Firm Attacks
Kartikay Mehrotra and Alyza Sebenius report: Whether it was opportunity, strategy or sheer chutzpah, the suspected Russian hackers behind a massive cyber-attack revealed last month focused particular attention on technology companies, including cybersecurity firms entrusted to find malicious activity in their clients’ networks. Four cybersecurity companies announced this week that they had been targeted as…