The Office of Information Security Securing One HHS and Health Sector Security Coordination Center (HC3) have released slides from: Major Cyber Organizations of the Russian Intelligence Services (pdf, 27 pp) TLP: WHITE, ID# 202205191300 May 19, 2022 Agenda • Russian Intelligence Services’ Structure • Russian Intelligence Services’ Mandates • Turla • APT29 • APT28 •…
Decisions by the Personal Data Protection Commissioner of Singapore
The Personal Data Protection Commissioner of Singapore announced several new decisions this week. Here are three of them: A financial penalty of $2,000 was imposed on Southaven Boutique for failing to put in place reasonable security arrangement to prevent the unauthorised access of its customers’ personal data in its Point-Of-Sale system server. Read more. A…
DOJ’s New CFAA Policy is a Good Start But Does Not Go Far Enough to Protect Security Researchers
Andrew Crocker of EFF responds to the announcement this week by DOJ about its revised policy for enforcement of the Computer Fraud and Abuse Act: The Computer Fraud and Abuse Act (CFAA), the notoriously vague anti-hacking law, is long overdue for major reform. Among many problems, the CFAA has been used to target security researchers whose work…
Greenland hit by cyber attack, finds its health service crippled
Graham Cluley reports: It appears that Costa Rica isn’t the only country making headlines as it battles cyber attackers. For the past week and a half, Greenland’s health service has reportedly been struggling to recover from a cyber attack that has crippled its IT systems, causing long waiting times and forcing doctors to resort to using pen and paper…
Phishing Attacks for Initial Access Surged 54% in Q1
Jai Vijayan reports: Threat actors doubled down on their use of phishing emails as an initial attack vector during the first quarter of 2022 — and in many cases then used that access to drop ransomware or to extort organizations in other ways. Researchers from Kroll recently analyzed data gathered from security incidents they responded…
Trust Stamp, a facial recognition company with a $7.2 million ICE contract, had dozens of peoples’ data exposed in breach
Caroline Haskins reports: Trust Stamp, a government contractor that develops facial recognition and surveillance tools for agencies like Immigration and Customs Enforcement, left the personal information of several dozen people unsecured on a breached database, Insider has learned. This information included names, birthdays, home addresses, and driver’s license data. An anonymous tipster who said they…