https://www.scmagazine.com/topic/data-security
SCM feed for Data Security
2024-03-28T08:13:30+00:00
https://files.scmagazine.com/logo/scm-horizontal-white-with-resource.png
Copyright © 2024 CyberRisk Alliance, LLC All Rights Reserved
tag:www.scmagazine.com:post,709440
Snapchat user traffic reportedly subjected to secret Facebook surveillance
2024-03-27T10:11:28-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>TechCrunch reports that Facebook was revealed to have covertly conducted Snapchat network traffic interception and decryption since 2016 as part of the initiative dubbed "Project Ghostbusters" that sought to bolster user behavior analysis and better compete with the instant messaging app.</p>
2024-03-27T10:11:23-04:00
tag:www.scmagazine.com:post,709435
Nearly 2K Shopify stores' data exposed by plugins
2024-03-27T09:59:51-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>More than 1,800 stores on major e-commerce platform Shopify using Saara's EcoReturns and WyseMe plugins had 25 GB of data exposed due to the developer's misconfigured MongoDB database, according to Cybernews.</p>
2024-03-27T09:59:46-04:00
tag:www.scmagazine.com:post,709425
Separate breaches impact California state, local agencies
2024-03-27T09:39:31-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Cybernews reports that the California Department of Food and Agriculture had individuals' sensitive and personal information leaked to "external users" following the compromise of its external Plant Health and Pest Prevention website discovered earlier this month.</p>
2024-03-27T09:39:26-04:00
tag:www.scmagazine.com:post,708988
GoFetch: Apple chips vulnerable to encryption key stealing attack
2024-03-25T19:02:56-04:00
Laura French
https://www.scmagazine.com/contributor/laura-french
<p>Data memory-dependent prefetching can enable side-channel extraction of cryptographic secrets. </p>
2024-03-25T19:01:29-04:00
GoFetch logo (Credit: Courtesy of Chen et al.)
tag:www.scmagazine.com:post,708895
Vans, North Face parent downplays cyberattack
2024-03-25T12:32:17-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>U.S. global apparel and footwear company VF Corporation, which owns Vans, The North Face, and Supreme, emphasized that the December cyberattack that impacted data from 35.5 million customers did not include any bank information or credit card details, The Register reports.</p>
2024-03-25T12:32:11-04:00
tag:www.scmagazine.com:post,708887
Exposed AT&T data's veracity further proven as telco insists no compromise
2024-03-25T12:28:49-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>TechCrunch reports that data allegedly stolen from AT&T three years ago that contained information from 73 million subscribers was confirmed to be authentic by Have I Been Pwned? administrator Troy Hunt after matching the exposed details with purportedly impacted AT&T customers.</p>
2024-03-25T12:28:44-04:00
tag:www.scmagazine.com:post,708881
Cryptographic key theft likely with new side-channel attack against Apple chips
2024-03-25T12:25:15-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>BleepingComputer reports that threat actors could leverage the novel GoFetch side-channel attack to facilitate the exfiltration of secret cryptographic keys from devices running on Apple M1, M2, and M3 processors.</p>
2024-03-25T12:25:10-04:00
tag:www.scmagazine.com:post,708877
Ongoing Kimsuky attacks involve novel tactic
2024-03-25T12:16:13-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Information-stealing malware has been deployed by North Korean state-backed hacking group Kimsuky in ongoing attacks against South Korean organizations exploiting Compiled HTML Help files, reports The Hacker News.</p>
2024-03-25T12:16:07-04:00
tag:www.scmagazine.com:post,708874
Massive StrelaStealer malware campaign hits US, Europe
2024-03-25T12:13:07-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>More than 100 organizations in the U.S. and Europe have been subjected to a far-reaching StrelaStealer malware attack campaign aimed at exfiltrating email account credentials that peaked from late January to early February, BleepingComputer reports.</p>
2024-03-25T12:13:02-04:00
tag:www.scmagazine.com:post,708574
Is Cozy Bear targeting Western political parties with phishing attacks?
2024-03-22T16:11:13-04:00
Steve Zurier
https://www.scmagazine.com/contributor/steve-zurier
<p>Google Mandiant says APT29 targeted German politicians and is a threat to Western political parties.</p>
2024-03-22T16:07:12-04:00
(Adobe Stock)
tag:www.scmagazine.com:post,707312
Tornado Cash leveraged in new Lazarus Group money laundering activity
2024-03-18T07:17:52-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Lazarus, which has since tapped the Sinbad.io and Blender.io crypto-mixing services to launder proceeds from the Atomic Wallet, Axie Infinity, and Horizon Bridge attacks, may have been looking to conceal transactions with the recent use of Tornado Cash.</p>
2024-03-18T07:17:47-04:00