Privacy & Compliance news & analysis | SC Media

Privacy & Compliance News and Analysis

SMBs imperiled as low-end RaaS grows more powerful

As Ransomware-as-a-Service (RaaS) has simultaneously grown more powerful and easier to use, just about anyone can launch successful, damaging ransomware attacks on organizations. Small and medium businesses are particularly vulnerable to the widening variety of tactics –from the “spray and pray” favored by Avaddon to the mass-market-based business model used by Dharma RaaS. “The skills…

Maze delivers on threat to publish data stolen from Canon

Canon apparently didn’t pay up as previously believed after it fell victim to a Maze ransomware attack, because the company’s stolen data has cropped up online. On the site where Maze leaks data from its conquests, attackers said that they would release five percent of the data stolen from Canon during the late July attack,…

Have I Been Pwned code base goes open source as it expands

After a failed attempt at a sale, Have I Been Pwned (HIBP) founder Troy Hunt decided to open source the code base for the sprawling database, which has become unwieldy for his singular stewardship. Hunt said the HIPB website, which since 2013 has allowed internet users to check if their data has been compromised and…

Business must overcome privacy challenge for facial recognition to thrive

Pharmacy chain Rite-Aid’s recent abandonment of an eight-year-old facial recognition program aimed at curbing shoplifting as well as creating new marketing underscores how widespread the use of the controversial technology is and how organizations struggle to overcome associated security and privacy challenges – as well negative perceptions.

Pompeo in China

US expands Clean Network to protect COVID-19 vaccine research from China

As concerns mount over China’s efforts to swipe intellectual property from U.S. companies – most recently COVID-19 vaccine research – the State Department has expanded its Clean Network program to protect U.S. critical telecommunications and technology infrastructure. Among the key objectives is to push vaccine research and other sensitive information to secured clouds. The programs…

Regulators levy $80 million fine, hammer Capital One for massive breach

Bank regulators dropped the hammer on Capital One, with the Office of the Comptroller of the Currency (OCC) levying an $80 million fine and the Federal Reserve filing a cease and desist order that specified what the steps the bank needed to take to redeem itself after a massive data breach in 2019 that compromised…

Lesson learned: Failure to patch led to password leak of 900 VPN enterprise servers

Applying a security update to a CVE released more than a year ago could have prevented a hacker from publishing plaintext usernames and passwords, as well as IP addresses, for more than 900 Pulse Secure VPN enterprise servers. “The lesson here? Patch, patch, patch,” said Laurence Pitt, global security strategy director at Juniper Networks. “The…

Feds arrest teen Twitter hack leader, accomplices

The ringleader of the Twitter breach that used prominent accounts to run a cryptocurrency scam turns out to be a 17-year-old in Tampa arrested earlier today. Two accomplices, Nima Fazeli, 22, of Orlando and Mason Sheppard, 19, in the U.K., known as Rolex and Chaewon, respectively, were also arrested in the scheme that took over…

Twitter hackers duped employees with phone spear phishing scam

Hackers who briefly commandeered high-profile Twitter accounts to perpetuate a cryptocurrency scam used a phone spear phishing attack to get into to the social media platform’s internal network as well as to “specific employee credentials” to access internal support tools. Not all of the small group of “employees that were initially targeted had permissions to…

Nefilim gang leaks files stolen from Dussmann Group subsidiary

By now, it’s a familiar refrain, ransomware operators publishing documents after pinching them from a vulnerable company – this time the victim was a subsidiary of Germany’s Dussmann Group, a sprawling multiservice provider, and the attacker, Nefilim’s operators. The ransomware gang pinched files, including AutoCAD drawings, Word documents and accounting docs from refrigerator specialist  Dresdner…

Next post in Security News