Privacy & Compliance news & analysis | SC Media

Privacy & Compliance News and Analysis

Maze delivers on threat to publish data stolen from Canon

Canon apparently didn’t pay up as previously believed after it fell victim to a Maze ransomware attack, because the company’s stolen data has cropped up online. On the site where Maze leaks data from its conquests, attackers said that they would release five percent of the data stolen from Canon during the late July attack,…

Have I Been Pwned code base goes open source as it expands

After a failed attempt at a sale, Have I Been Pwned (HIBP) founder Troy Hunt decided to open source the code base for the sprawling database, which has become unwieldy for his singular stewardship. Hunt said the HIPB website, which since 2013 has allowed internet users to check if their data has been compromised and…

Business must overcome privacy challenge for facial recognition to thrive

Pharmacy chain Rite-Aid’s recent abandonment of an eight-year-old facial recognition program aimed at curbing shoplifting as well as creating new marketing underscores how widespread the use of the controversial technology is and how organizations struggle to overcome associated security and privacy challenges – as well negative perceptions.

Pompeo in China

US expands Clean Network to protect COVID-19 vaccine research from China

As concerns mount over China’s efforts to swipe intellectual property from U.S. companies – most recently COVID-19 vaccine research – the State Department has expanded its Clean Network program to protect U.S. critical telecommunications and technology infrastructure. Among the key objectives is to push vaccine research and other sensitive information to secured clouds. The programs…

Regulators levy $80 million fine, hammer Capital One for massive breach

Bank regulators dropped the hammer on Capital One, with the Office of the Comptroller of the Currency (OCC) levying an $80 million fine and the Federal Reserve filing a cease and desist order that specified what the steps the bank needed to take to redeem itself after a massive data breach in 2019 that compromised…

Lesson learned: Failure to patch led to password leak of 900 VPN enterprise servers

Applying a security update to a CVE released more than a year ago could have prevented a hacker from publishing plaintext usernames and passwords, as well as IP addresses, for more than 900 Pulse Secure VPN enterprise servers. “The lesson here? Patch, patch, patch,” said Laurence Pitt, global security strategy director at Juniper Networks. “The…

Feds arrest teen Twitter hack leader, accomplices

The ringleader of the Twitter breach that used prominent accounts to run a cryptocurrency scam turns out to be a 17-year-old in Tampa arrested earlier today. Two accomplices, Nima Fazeli, 22, of Orlando and Mason Sheppard, 19, in the U.K., known as Rolex and Chaewon, respectively, were also arrested in the scheme that took over…

Twitter hackers duped employees with phone spear phishing scam

Hackers who briefly commandeered high-profile Twitter accounts to perpetuate a cryptocurrency scam used a phone spear phishing attack to get into to the social media platform’s internal network as well as to “specific employee credentials” to access internal support tools. Not all of the small group of “employees that were initially targeted had permissions to…

Nefilim gang leaks files stolen from Dussmann Group subsidiary

By now, it’s a familiar refrain, ransomware operators publishing documents after pinching them from a vulnerable company – this time the victim was a subsidiary of Germany’s Dussmann Group, a sprawling multiservice provider, and the attacker, Nefilim’s operators. The ransomware gang pinched files, including AutoCAD drawings, Word documents and accounting docs from refrigerator specialist  Dresdner…

Dave ShinyHunters hack exposes 7.5 million user records

Overdraft protection and cash advance service Dave suffered a data breach that appeared to involve the practices of a former third-party vendor, resulting in its database containing 7.5 million user records being sold at auction and then released later for free on hacker forums. The stolen information, which appeared to be taken by hacking group…

Next post in Security News