Angus Loten reports: European privacy regulators are unlikely to issue a final ruling on Twitter Inc.’s handling of a data breach disclosed in January 2019 before the end of this year, Ireland’s data commissioner said Wednesday. Under the General Data Protection Regulation, the European Union’s 2018 data privacy law, Twitter faces a fine of up to 2% of…
Category: Of Note
FIN11: Widespread Email Campaigns as Precursor for Ransomware and Data Theft
Genevieve Stark, Andrew Moore, Vincent Cannon, Jacqueline O’Leary, Nalani Fraser, and Kimberly Goody of FireEye write: Mandiant Threat Intelligence recently promoted a threat cluster to a named FIN (or financially motivated) threat group for the first time since 2017. We have detailed FIN11’s various tactics, techniques and procedures in a report that is available now by…
Germany: No GDPR damages after data breach
Seen at DLA Piper: One of the many open questions of data protection law in Europe is how compensation for “non-material damage” will be calculated. In contrast to personal injury claims where lawyers have (hundreds of) years of case law to call upon to help calculate compensation, there is comparatively little case law considering how…
New action to combat ransomware ahead of U.S. elections
Tom Burt, Corporate Vice President, Customer Security & Trust for Microsoft, explains: Today we took action to disrupt a botnet called Trickbot, one of the world’s most infamous botnets and prolific distributors of ransomware. As the United States government and independent experts have warned, ransomware is one of the largest threats to the upcoming elections. Adversaries can use ransomware to infect…
Hacker groups chain VPN and Windows bugs to attack US government networks
Catalin Cimpanu reports: Hackers have gained access to government networks by combining VPN and Windows bugs, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) said in a joint security alert published on Friday. Attacks have targeted federal and state, local, tribal, and territorial (SLTT) government networks. Attacks against non-government…
Office of the Comptroller of the Currency fines Morgan Stanley $60 million for 2016 data breach
Brendan Pedersen reports: Morgan Stanley was slapped with a $60 million fine by regulators Thursday for risk management problems tied to a 2016 data breach. The consent order by the Comptroller of the Currency cited failures at both Morgan Stanley Bank, N.A., and Morgan Stanley Private Bank, N.A. related to the shutdown of two wealth…