π΄ Apple Patches Group FaceTime Flaw π΄
π Read
via "Dark Reading: ".
Teenaged Fortnite player gets credit for finding the bug.π Read
via "Dark Reading: ".
Dark Reading
Apple Patches Group FaceTime Flaw
Teenaged Fortnite player gets credit for finding the bug.
π΄ Carbonite Announces Webroot Purchase π΄
π Read
via "Dark Reading: ".
The purchase will add WebRoot's cloud-based security to the cloud-based data backup and recovery platform of Carbonite.π Read
via "Dark Reading: ".
Dark Reading
Carbonite Announces Webroot Purchase
The purchase will add WebRoot's cloud-based security to the cloud-based data backup and recovery platform of Carbonite.
π΄ Ransomware Attack Via MSP Locks Customers Out of Systems π΄
π Read
via "Dark Reading: ".
Vulnerable plugin for a remote management tool gave attackers a way to encrypt systems belonging to all customers of a US-based MSP.π Read
via "Dark Reading: ".
Darkreading
Ransomware Attack Via MSP Locks Customers Out of Systems
Vulnerable plugin for a remote management tool gave attackers a way to encrypt systems belonging to all customers of a US-based MSP.
β Facebook ordered to keep apps data separate without user consent β
π Read
via "Naked Security".
So much for creating a three-headed Cerberus marketing-happy chat dog! Also, we'll soon see the who-what-huh? behind the ads we're shown.π Read
via "Naked Security".
Naked Security
Facebook ordered to keep apps separate unless users opt in to sharing
So much for creating a three-headed Cerberus marketing-happy chat dog! Also, weβll soon see the who-what-huh? behind the ads weβre shown.
β Police demands Waze stop pinpointing their checkpoints β
π Read
via "Naked Security".
Waze users are helping intoxicated drivers to evade checkpoints and could thus be "engaging in criminal conduct," say police.π Read
via "Naked Security".
Naked Security
Police tell Waze to stop pinpointing their checkpoints
Waze users are helping intoxicated drivers to evade checkpoints and could thus be βengaging in criminal conduct,β say police.
β Student gets creative with data accidentally blasted out by university β
π Read
via "Naked Security".
A university employee accidentally emailed a spreadsheet containing personal information on every one of the college's 4,557 students.π Read
via "Naked Security".
Naked Security
Student gets creative with data accidentally blasted out by university
A university employee accidentally emailed a spreadsheet containing personal information on every one of the collegeβs 4,557 students.
π Infographic: The death of passwords π
π Read
via "Security on TechRepublic".
Enterprises need to start preparing for a future without traditional passwords, according to LoginRadius.π Read
via "Security on TechRepublic".
β Child abuse imagery found in cryptocurrency blockchain β
π Read
via "Naked Security".
For the second time in a year, illegal child abuse images have been spotted inside a blockchain. According to a post by web blockchain payments system Money Button, on 30 January its service was abused to place βillegal contentβ inside the Bitcoin Satoshi Vision (BSV) ledger, a recent cryptocurrency hard fork from Bitcoin Cash [BCH]. [β¦]π Read
via "Naked Security".
Naked Security
Child abuse imagery found in cryptocurrency blockchain
For the second time in a year, illegal child abuse images have been spotted inside a blockchain. According to a post by web blockchain payments system Money Button, on 30 January its service was abβ¦
<b>⌨ Phishers Target Anti-Money Laundering Officers at U.S. Credit Unions ⌨</b>
<code>A highly targeted, malware-laced phishing campaign landed in the inboxes of multiple credit unions last week. The missives are raising eyebrows because they were sent only to specific anti-money laundering contacts at credit unions, and many credit union sources say they suspect the non-public data may have been somehow obtained from the National Credit Union Administration (NCUA), an independent federal agency that insures deposits at federally insured credit unions.</code><code>The USA Patriot Act, passed in the wake of the terror attacks of Sept 11, 2001, requires all financial institutions to appoint at least two Bank Secrecy Act (BSA) contacts responsible for reporting suspicious financial transactions that may be associated with money laundering. U.S. credit unions are required to register these BSA officers with the NCUA.</code><code>On the morning of Wednesday, Jan. 30, BSA officers at credit unions across the nation began receiving emails spoofed to make it look like they were sent by BSA officers at other credit unions. The missives addressed each contact by name, claimed that a suspicious transfer from one of the recipient credit unionβs customers was put on hold for suspected money laundering, and encouraged recipients to open an attached PDF to review the suspect transaction.</code><code>Media</code><code>One of the many variations on the malware-laced targeted phishing email sent to dozens of credit unions across the nation last week.</code><code>The phishing emails contained grammatical errors and were sent from email addresses not tied to the purported sending credit union. It is not clear if any of the BSA officers who received the messages actually clicked on the attachment, although one credit union source reported speaking with a colleague who feared a BSA contact at their institution may have fallen for the ruse.</code><code>One source at an association that works with multiple credit unions who spoke with KrebsOnSecurity on condition of anonymity said many credit unions are having trouble imagining another source for the recipient list other than the NCUA.</code><code>βI tried to think of any public ways that the scammers might have received a list of BSA officers, but sites like LinkedIn require contact through the site itself,β the source said. βCUNA [the Credit Union National Association] has BSA certification schools, but they certify state examiners and trade association staff (like me), so non-credit union employees that utilize the school should have received these emails if the list came from them. As far as we know, only credit union BSA officers have received the emails. I havenβt seen anyone who received the email say they were not a BSA officer yet.β</code><code>βWonder where they got the list of BSA contacts at all of our credit unions,β said another credit union source. βThey sent it to our BSA officer, and [omitted] said they sent it to her BSA officers.β A BSA officer at a different credit union said their IT department had traced the source of the message they received back to Ukraine.</code><code>The NCUA has not responded to multiple requests for comment since Monday. The agencyβs instructions for mandatory BSA reporting (PDF) state that the NCUA will not release BSA contact information to the public. Officials with CUNA also did not respond to requests for comment.</code><code>A notice posted by the U.S. Treasury Departmentβs Financial Crimes Enforcement Network (FinCEN) said the bureau was aware of the phishing campaign, and was urging financial institutions to disregard the missives.</code><code>The latest scam comes amid a significant rise in successful phishing attacks, according to a non-public alert sent in late January by the U.S. Secret Service to financial institutions nationwide. βThe Secret Service is observing a noticeable increase in successful large-scale phishing attacks targetingβ¦
<code>A highly targeted, malware-laced phishing campaign landed in the inboxes of multiple credit unions last week. The missives are raising eyebrows because they were sent only to specific anti-money laundering contacts at credit unions, and many credit union sources say they suspect the non-public data may have been somehow obtained from the National Credit Union Administration (NCUA), an independent federal agency that insures deposits at federally insured credit unions.</code><code>The USA Patriot Act, passed in the wake of the terror attacks of Sept 11, 2001, requires all financial institutions to appoint at least two Bank Secrecy Act (BSA) contacts responsible for reporting suspicious financial transactions that may be associated with money laundering. U.S. credit unions are required to register these BSA officers with the NCUA.</code><code>On the morning of Wednesday, Jan. 30, BSA officers at credit unions across the nation began receiving emails spoofed to make it look like they were sent by BSA officers at other credit unions. The missives addressed each contact by name, claimed that a suspicious transfer from one of the recipient credit unionβs customers was put on hold for suspected money laundering, and encouraged recipients to open an attached PDF to review the suspect transaction.</code><code>Media</code><code>One of the many variations on the malware-laced targeted phishing email sent to dozens of credit unions across the nation last week.</code><code>The phishing emails contained grammatical errors and were sent from email addresses not tied to the purported sending credit union. It is not clear if any of the BSA officers who received the messages actually clicked on the attachment, although one credit union source reported speaking with a colleague who feared a BSA contact at their institution may have fallen for the ruse.</code><code>One source at an association that works with multiple credit unions who spoke with KrebsOnSecurity on condition of anonymity said many credit unions are having trouble imagining another source for the recipient list other than the NCUA.</code><code>βI tried to think of any public ways that the scammers might have received a list of BSA officers, but sites like LinkedIn require contact through the site itself,β the source said. βCUNA [the Credit Union National Association] has BSA certification schools, but they certify state examiners and trade association staff (like me), so non-credit union employees that utilize the school should have received these emails if the list came from them. As far as we know, only credit union BSA officers have received the emails. I havenβt seen anyone who received the email say they were not a BSA officer yet.β</code><code>βWonder where they got the list of BSA contacts at all of our credit unions,β said another credit union source. βThey sent it to our BSA officer, and [omitted] said they sent it to her BSA officers.β A BSA officer at a different credit union said their IT department had traced the source of the message they received back to Ukraine.</code><code>The NCUA has not responded to multiple requests for comment since Monday. The agencyβs instructions for mandatory BSA reporting (PDF) state that the NCUA will not release BSA contact information to the public. Officials with CUNA also did not respond to requests for comment.</code><code>A notice posted by the U.S. Treasury Departmentβs Financial Crimes Enforcement Network (FinCEN) said the bureau was aware of the phishing campaign, and was urging financial institutions to disregard the missives.</code><code>The latest scam comes amid a significant rise in successful phishing attacks, according to a non-public alert sent in late January by the U.S. Secret Service to financial institutions nationwide. βThe Secret Service is observing a noticeable increase in successful large-scale phishing attacks targetingβ¦
β iPhone apps record your screen sessions without asking β
π Read
via "Naked Security".
Absent from privacy policies, the tracking came to light after a breach with Air Canada's mobile app, then password slurping from Mixpanel.π Read
via "Naked Security".
Naked Security
iPhone apps record your screen sessions without asking
Absent from privacy policies, the tracking came to light after a breach with Air Canadaβs mobile app, then password slurping from Mixpanel.
π iPhone snooping: Apple cracks down on apps that secretly record taps, keystrokes π
π Read
via "Security on TechRepublic".
iOS app developers have been capturing how users interact with screens without gaining user consent.π Read
via "Security on TechRepublic".
TechRepublic
iPhone snooping: Apple cracks down on apps that secretly record taps, keystrokes
iOS app developers have been capturing how users interact with screens without gaining user consent.
π΄ Cyberattack Hits Australian Parliament π΄
π Read
via "Dark Reading: ".
Officials believe a nation-state is to blame for the incident, which took place Thursday night into Friday morning.π Read
via "Dark Reading: ".
Darkreading
Cyberattack Hits Australian Parliament
Officials believe a nation-state is to blame for the incident, which took place Thursday night into Friday morning.
β FireOS Flaw Allowed Limited Content Injection in Amazon Tablets β
π Read
via "Threatpost | The first stop for security news".
A vulnerability in FireOS, the Amazon Fire Tablet's operating system, has been patched.π Read
via "Threatpost | The first stop for security news".
Threat Post
FireOS Flaw Allowed Limited Content Injection in Amazon Tablets
A vulnerability in FireOS, the Kindle's operating system, has been patched.
π΄ We Need More Transparency in Cybersecurity π΄
π Read
via "Dark Reading: ".
Security has become a stand-alone part of the corporate IT organization. That must stop, and transparency is the way forward.π Read
via "Dark Reading: ".
Dark Reading
We Need More Transparency in Cybersecurity
Security has become a stand-alone part of the corporate IT organization. That must stop, and transparency is the way forward.
β Android vulnerabilities open Pie to booby-trapped image attacks β
π Read
via "Naked Security".
A trio of bugs could have opened Android 7, 8 and 9 to remote attackers wielding booby-trapped image files. Here's what you need to know...π Read
via "Naked Security".
Naked Security
Android vulnerabilities open Pie to booby-trapped image attacks
A trio of bugs could have opened Android 7, 8 and 9 to remote attackers wielding booby-trapped image files. Hereβs what you need to knowβ¦
π΄ A Dog's Life: Dark Reading Caption Contest Winners π΄
π Read
via "Dark Reading: ".
What do a telephony protocol, butt-sniffing, and multifactor authentication have in common? A John Klossner cartoon! And the winners are ...π Read
via "Dark Reading: ".
Dark Reading
A Dog's Life: Dark Reading Caption Contest Winners
What do a telephony protocol, butt-sniffing, and multifactor authentication have in common? A John Klossner cartoon! And the winners are ...
π Longest DDoS attack since 2015 lasts 329 hours π
π Read
via "Security on TechRepublic".
While the number of DDoS attacks have declined, they have become much more sophisticated, according to a Kaspersky Lab report.π Read
via "Security on TechRepublic".
TechRepublic
Longest DDoS attack since 2015 lasts 329 hours
While the number of DDoS attacks have declined, they have become much more sophisticated, according to a Kaspersky Lab report.
β Theory: βSimple Hackβ Behind Bezosβ Alleged Compromising Images β
π Read
via "Threatpost | The first stop for security news".
Researchers theorize how Bezosβ very personal pictures may have been allegedly hacked.π Read
via "Threatpost | The first stop for security news".
Threat Post
Theory: βSimple Hackβ Behind Bezosβ Alleged Compromising Images
Researchers theorize how Bezosβ very personal pictures may have been allegedly hacked.
π΄ Malware Campaign Hides Ransomware in Super Mario Wrapper π΄
π Read
via "Dark Reading: ".
A newly discovered malware campaign uses steganography to hide GandCrab in a seemingly innocent Mario image.π Read
via "Dark Reading: ".
Darkreading
Malware Campaign Hides Ransomware in Super Mario Wrapper
A newly discovered malware campaign uses steganography to hide GandCrab in a seemingly innocent Mario image.
π΄ 6 Reasons to Be Wary of Encryption in Your Enterprise π΄
π Read
via "Dark Reading: ".
Encryption can be critical to data security, but it's not a universal panacea.π Read
via "Dark Reading: ".
Dark Reading
6 Reasons to Be Wary of Encryption in Your Enterprise
Encryption can be critical to data security, but it's not a universal panacea.
🕳 February Event Spotlight: IAPP Data Protection Intensive: France 2019, Privacy Insight Series Webinars, IAPP CCPA Comprehensive 2019 🕳
<code>Media</code><code>_____________________________________________________________________________</code><code>Media</code><code>IAPP Data Protection Intensive: France 2019
12 β 13 February
Paris </code><code>Join data protection professionals from across Europe for two days of concentrated learning, sharing, and networking at the IAPP Data Protection Intensive: France 2019 in Paris on 12-13 February. All sessions will be delivered by data protection experts in parallel tracksβone in English, the other in French. It is practical advice designed to improve your operational response to the GDPR and prepare you for future challenges.</code><code>TrustArc will be exhibiting and sponsoring the Networking Reception on 12 February. Stop by booth #6 to say hello!</code><code>Register here</code><code>_____________________________________________________________________________</code><code> </code><code>Media</code><code>Privacy Insight Series Webinar
The Path to U.S. β Japan Data Transfer Compliance
February 13 @ 9AM PT | 12PM ET | 5PM GMT
Online Webinar </code><code>Japanβs data protection law, the Act on the Protection of Personal Information (APPI) requires that companies have sufficient data protections for data transfers out of Japan. Since APPI went into effect in May 2017, companies, including subsidiaries of U.S.-headquartered companies in Japan, are liable for any violation and are subject to enforcement.</code><code>APPI recognizes that the APEC Cross Border Privacy Rules (CBPR) system is one mechanism to demonstrate that required data protections are in place. An APEC CBPR Certification can support companiesβ compliance efforts with APPI and show their commitment to secure U.S . -Japan data transfer.</code><code>This webinar will cover the following:</code><code>International data transfer requirements under APPI and who they apply to along with how the APEC CBPR system fits in with these requirements</code><code>Introduction to APEC CBPR certification, including benefits in the context of APPI requirements</code><code>Real-world examples from industry experts on how APEC CBPR certification can fit in with your global compliance strategy</code><code>> Register here</code><code>_____________________________________________________________________________</code><code>Media</code><code>Privacy Insight Series Webinar
Managing Risk & Easing the Pain of Vendor Management
February 20 @ 9AM PT | 12PM ET | 5PM GMT
Online Webinar </code><code>Whether youβre focused on GDPR, CCPA, HIPAA or Privacy Shield β one of the most important components of a privacy and security risk management program is to understand how your third party vendors are handling your data and whether they can maintain compliance. At the same time, youβre struggling to keep up with privacy assessments and security questionnaires about your own data handling practices.</code><code>A regulator may never ask about your GDPR compliance status but your largest customer probably will. Demonstrate your compliance or expand and efficiently scale a vendor management program.</code><code>This webinar will outline:</code><code>Options to demonstrate compliance against multiple regulations or buyer requirements</code><code>Tools and methodology to support privacy and security third party assessments</code><code>Ways to develop an independent validation program and process for ongoing assurance of a risk-based level of supplier compliance</code><code>> Register here</code><code>_____________________________________________________________________________</code><code>Media</code><code>IAPP CCPA Comprehensive 2019
February 25
Fremont, CA</code><code>Start planning your response to the California Consumer Privacy Act (CCPA) by diving into its details at the IAPP CCPA Comprehensive. This day-long examination of the law willβ¦
<code>Media</code><code>_____________________________________________________________________________</code><code>Media</code><code>IAPP Data Protection Intensive: France 2019
12 β 13 February
Paris </code><code>Join data protection professionals from across Europe for two days of concentrated learning, sharing, and networking at the IAPP Data Protection Intensive: France 2019 in Paris on 12-13 February. All sessions will be delivered by data protection experts in parallel tracksβone in English, the other in French. It is practical advice designed to improve your operational response to the GDPR and prepare you for future challenges.</code><code>TrustArc will be exhibiting and sponsoring the Networking Reception on 12 February. Stop by booth #6 to say hello!</code><code>Register here</code><code>_____________________________________________________________________________</code><code> </code><code>Media</code><code>Privacy Insight Series Webinar
The Path to U.S. β Japan Data Transfer Compliance
February 13 @ 9AM PT | 12PM ET | 5PM GMT
Online Webinar </code><code>Japanβs data protection law, the Act on the Protection of Personal Information (APPI) requires that companies have sufficient data protections for data transfers out of Japan. Since APPI went into effect in May 2017, companies, including subsidiaries of U.S.-headquartered companies in Japan, are liable for any violation and are subject to enforcement.</code><code>APPI recognizes that the APEC Cross Border Privacy Rules (CBPR) system is one mechanism to demonstrate that required data protections are in place. An APEC CBPR Certification can support companiesβ compliance efforts with APPI and show their commitment to secure U.S . -Japan data transfer.</code><code>This webinar will cover the following:</code><code>International data transfer requirements under APPI and who they apply to along with how the APEC CBPR system fits in with these requirements</code><code>Introduction to APEC CBPR certification, including benefits in the context of APPI requirements</code><code>Real-world examples from industry experts on how APEC CBPR certification can fit in with your global compliance strategy</code><code>> Register here</code><code>_____________________________________________________________________________</code><code>Media</code><code>Privacy Insight Series Webinar
Managing Risk & Easing the Pain of Vendor Management
February 20 @ 9AM PT | 12PM ET | 5PM GMT
Online Webinar </code><code>Whether youβre focused on GDPR, CCPA, HIPAA or Privacy Shield β one of the most important components of a privacy and security risk management program is to understand how your third party vendors are handling your data and whether they can maintain compliance. At the same time, youβre struggling to keep up with privacy assessments and security questionnaires about your own data handling practices.</code><code>A regulator may never ask about your GDPR compliance status but your largest customer probably will. Demonstrate your compliance or expand and efficiently scale a vendor management program.</code><code>This webinar will outline:</code><code>Options to demonstrate compliance against multiple regulations or buyer requirements</code><code>Tools and methodology to support privacy and security third party assessments</code><code>Ways to develop an independent validation program and process for ongoing assurance of a risk-based level of supplier compliance</code><code>> Register here</code><code>_____________________________________________________________________________</code><code>Media</code><code>IAPP CCPA Comprehensive 2019
February 25
Fremont, CA</code><code>Start planning your response to the California Consumer Privacy Act (CCPA) by diving into its details at the IAPP CCPA Comprehensive. This day-long examination of the law willβ¦