This document has a comment period that ends in 29 days. (02/22/2023) AGENCY: Federal Communications Commission. ACTION: Proposed rule. SUMMARY: In this document, the Federal Communications Commission (Commission) begins the process to update and strengthen its data breach rule to provide greater protections to the public. We propose to expand the Commission’s definition of “breach”…
Category: Of Note
North Korea-linked hackers behind $100 million crypto heist, FBI says
Arjun Kharpal reports: North Korean-linked actors were behind the theft of $100 million through the hack of a crypto product last year, the Federal Bureau of Investigation said. The FBI said it was “able to confirm” that Lazarus Group and APT38, two hacking groups linked to Pyongyang, were responsible for the attack on the so-called Horizon…
TSA ‘no fly’ list leaked after being found on unsecured airline server
Chris Pandolfo reports: The Swiss hacker known as “maia arson crimew” blogged Thursday that she discovered the Transportation Security Administration “no fly” list from 2019 and a trove of data belonging to CommuteAir on an unsecured Amazon Web Services cloud server used by the airline. The hacker told The Daily Dot the list appeared to have more…
Ransomware Revenue Falls by 40% as Majority of Victims Refuse to Pay
Abdul Karim Abdulwahab reports: The illegal revenue accruing to crypto criminals from ransomware exploits declined in 2022 as more victims refused to pay, according to recent data published by market intelligence firm, Chainalysis. The report noted that Ransomware attackers could only extort $456 million from victims in 2022 after stealing nearly twice that value in…
34,942 PayPal users notified of data security incident in December
PayPal has sent breach notifications to 34,942 users this week. Their notification reads, in part: On December 20, 2022, we confirmed that unauthorized parties were able to access your PayPal customer account using your login credentials. We have no information suggesting that any of your personal information was misused as a result of this incident,…
New Cybersecurity Directives (NIS2 and CER) Enter into Force in EU
Hunton Andrews Kurth writes: On January 16, 2023, the Directive on measures for a high common level of cybersecurity across the Union (the “NIS2 Directive”) and the Directive on the resilience of critical entities (“CER Directive”) entered into force. The NIS2 Directive repeals the current NIS Directive and creates a more extensive and harmonized set of rules on cybersecurity…