⚠ Police demands Waze stop pinpointing their checkpoints ⚠

Waze users are helping intoxicated drivers to evade checkpoints and could thus be "engaging in criminal conduct," say police.

📖 Read

via "Naked Security".

⚠ Student gets creative with data accidentally blasted out by university ⚠

A university employee accidentally emailed a spreadsheet containing personal information on every one of the college's 4,557 students.

📖 Read

via "Naked Security".

🔐 Infographic: The death of passwords 🔐

Enterprises need to start preparing for a future without traditional passwords, according to LoginRadius.

📖 Read

via "Security on TechRepublic".

⚠ Child abuse imagery found in cryptocurrency blockchain ⚠

For the second time in a year, illegal child abuse images have been spotted inside a blockchain. According to a post by web blockchain payments system Money Button, on 30 January its service was abused to place “illegal content” inside the Bitcoin Satoshi Vision (BSV) ledger, a recent cryptocurrency hard fork from Bitcoin Cash [BCH]. […]

📖 Read

via "Naked Security".

<b>&#9000; Phishers Target Anti-Money Laundering Officers at U.S. Credit Unions &#9000;</b>

<code>A highly targeted, malware-laced phishing campaign landed in the inboxes of multiple credit unions last week. The missives are raising eyebrows because they were sent only to specific anti-money laundering contacts at credit unions, and many credit union sources say they suspect the non-public data may have been somehow obtained from the National Credit Union Administration (NCUA), an independent federal agency that insures deposits at federally insured credit unions.</code><code>The USA Patriot Act, passed in the wake of the terror attacks of Sept 11, 2001, requires all financial institutions to appoint at least two Bank Secrecy Act (BSA) contacts responsible for reporting suspicious financial transactions that may be associated with money laundering. U.S. credit unions are required to register these BSA officers with the NCUA.</code><code>On the morning of Wednesday, Jan. 30, BSA officers at credit unions across the nation began receiving emails spoofed to make it look like they were sent by BSA officers at other credit unions. The missives addressed each contact by name, claimed that a suspicious transfer from one of the recipient credit union’s customers was put on hold for suspected money laundering, and encouraged recipients to open an attached PDF to review the suspect transaction.</code><code>Media</code><code>One of the many variations on the malware-laced targeted phishing email sent to dozens of credit unions across the nation last week.</code><code>The phishing emails contained grammatical errors and were sent from email addresses not tied to the purported sending credit union. It is not clear if any of the BSA officers who received the messages actually clicked on the attachment, although one credit union source reported speaking with a colleague who feared a BSA contact at their institution may have fallen for the ruse.</code><code>One source at an association that works with multiple credit unions who spoke with KrebsOnSecurity on condition of anonymity said many credit unions are having trouble imagining another source for the recipient list other than the NCUA.</code><code>“I tried to think of any public ways that the scammers might have received a list of BSA officers, but sites like LinkedIn require contact through the site itself,” the source said. “CUNA [the Credit Union National Association] has BSA certification schools, but they certify state examiners and trade association staff (like me), so non-credit union employees that utilize the school should have received these emails if the list came from them. As far as we know, only credit union BSA officers have received the emails. I haven’t seen anyone who received the email say they were not a BSA officer yet.”</code><code>“Wonder where they got the list of BSA contacts at all of our credit unions,” said another credit union source. “They sent it to our BSA officer, and [omitted] said they sent it to her BSA officers.” A BSA officer at a different credit union said their IT department had traced the source of the message they received back to Ukraine.</code><code>The NCUA has not responded to multiple requests for comment since Monday. The agency’s instructions for mandatory BSA reporting (PDF) state that the NCUA will not release BSA contact information to the public. Officials with CUNA also did not respond to requests for comment.</code><code>A notice posted by the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) said the bureau was aware of the phishing campaign, and was urging financial institutions to disregard the missives.</code><code>The latest scam comes amid a significant rise in successful phishing attacks, according to a non-public alert sent in late January by the U.S. Secret Service to financial institutions nationwide. “The Secret Service is observing a noticeable increase in successful large-scale phishing attacks targeting…

⚠ iPhone apps record your screen sessions without asking ⚠

Absent from privacy policies, the tracking came to light after a breach with Air Canada's mobile app, then password slurping from Mixpanel.

📖 Read

via "Naked Security".

🔐 iPhone snooping: Apple cracks down on apps that secretly record taps, keystrokes 🔐

iOS app developers have been capturing how users interact with screens without gaining user consent.

📖 Read

via "Security on TechRepublic".

🕴 Cyberattack Hits Australian Parliament 🕴

Officials believe a nation-state is to blame for the incident, which took place Thursday night into Friday morning.

📖 Read

via "Dark Reading: ".

❌ FireOS Flaw Allowed Limited Content Injection in Amazon Tablets ❌

A vulnerability in FireOS, the Amazon Fire Tablet's operating system, has been patched.

📖 Read

via "Threatpost | The first stop for security news".

🕴 We Need More Transparency in Cybersecurity 🕴

Security has become a stand-alone part of the corporate IT organization. That must stop, and transparency is the way forward.

📖 Read

via "Dark Reading: ".

⚠ Android vulnerabilities open Pie to booby-trapped image attacks ⚠

A trio of bugs could have opened Android 7, 8 and 9 to remote attackers wielding booby-trapped image files. Here's what you need to know...

📖 Read

via "Naked Security".

🕴 A Dog's Life: Dark Reading Caption Contest Winners 🕴

What do a telephony protocol, butt-sniffing, and multifactor authentication have in common? A John Klossner cartoon! And the winners are ...

📖 Read

via "Dark Reading: ".

🔐 Longest DDoS attack since 2015 lasts 329 hours 🔐

While the number of DDoS attacks have declined, they have become much more sophisticated, according to a Kaspersky Lab report.

📖 Read

via "Security on TechRepublic".

❌ Theory: ‘Simple Hack’ Behind Bezos’ Alleged Compromising Images ❌

Researchers theorize how Bezos’ very personal pictures may have been allegedly hacked.

📖 Read

via "Threatpost | The first stop for security news".

🕴 Malware Campaign Hides Ransomware in Super Mario Wrapper 🕴

A newly discovered malware campaign uses steganography to hide GandCrab in a seemingly innocent Mario image.

📖 Read

via "Dark Reading: ".

🕴 6 Reasons to Be Wary of Encryption in Your Enterprise 🕴

Encryption can be critical to data security, but it's not a universal panacea.

📖 Read

via "Dark Reading: ".

&#128371; February Event Spotlight: IAPP Data Protection Intensive: France 2019, Privacy Insight Series Webinars, IAPP CCPA Comprehensive 2019 &#128371;

<code>Media</code><code>_____________________________________________________________________________</code><code>Media</code><code>IAPP Data Protection Intensive: France 2019
12 – 13 February  
Paris  </code><code>Join data protection professionals from across Europe for two days of concentrated learning, sharing, and networking at the IAPP Data Protection Intensive: France 2019 in Paris on 12-13 February. All sessions will be delivered by data protection experts in parallel tracks—one in English, the other in French. It is practical advice designed to improve your operational response to the GDPR and prepare you for future challenges.</code><code>TrustArc will be exhibiting and sponsoring the Networking Reception on 12 February. Stop by booth #6 to say hello!</code><code>Register here</code><code>_____________________________________________________________________________</code><code> </code><code>Media</code><code>Privacy Insight Series Webinar
The Path to U.S. – Japan Data Transfer Compliance
February 13 @ 9AM PT | 12PM ET | 5PM GMT
Online Webinar  </code><code>Japan’s data protection law, the Act on the Protection of Personal Information (APPI) requires that companies have sufficient data protections for data transfers out of Japan. Since APPI went into effect in May 2017, companies, including subsidiaries of U.S.-headquartered companies in Japan, are liable for any violation and are subject to enforcement.</code><code>APPI recognizes that the APEC Cross Border Privacy Rules (CBPR) system is one mechanism to demonstrate that required data protections are in place. An APEC CBPR Certification can support companies’ compliance efforts with APPI and show their commitment to secure U.S . -Japan data transfer.</code><code>This webinar will cover the following:</code><code>International data transfer requirements under APPI and who they apply to along with how the APEC CBPR system fits in with these requirements</code><code>Introduction to APEC CBPR certification, including benefits in the context of APPI requirements</code><code>Real-world examples from industry experts on how APEC CBPR certification can fit in with your global compliance strategy</code><code>> Register here</code><code>_____________________________________________________________________________</code><code>Media</code><code>Privacy Insight Series Webinar
Managing Risk & Easing the Pain of Vendor Management
February 20 @ 9AM PT | 12PM ET | 5PM GMT
Online Webinar  </code><code>Whether you’re focused on GDPR, CCPA, HIPAA or Privacy Shield – one of the most important components of a privacy and security risk management program is to understand how your third party vendors are handling your data and whether they can maintain compliance. At the same time, you’re struggling to keep up with privacy assessments and security questionnaires about your own data handling practices.</code><code>A regulator may never ask about your GDPR compliance status but your largest customer probably will. Demonstrate your compliance or expand and efficiently scale a vendor management program.</code><code>This webinar will outline:</code><code>Options to demonstrate compliance against multiple regulations or buyer requirements</code><code>Tools and methodology to support privacy and security third party assessments</code><code>Ways to develop an independent validation program and process for ongoing assurance of a risk-based level of supplier compliance</code><code>> Register here</code><code>_____________________________________________________________________________</code><code>Media</code><code>IAPP CCPA Comprehensive 2019
February 25
Fremont, CA</code><code>Start planning your response to the California Consumer Privacy Act (CCPA) by diving into its details at the IAPP CCPA Comprehensive. This day-long examination of the law will…

🕴 New Zombie 'POODLE' Attack Bred From TLS Flaw 🕴

Citrix issues update for encryption weakness dogging the popular security protocol.

📖 Read

via "Dark Reading: ".

🕴 US Law Enforcement Busts Romanian Online Crime Operation 🕴

Twelve members of 20-person group extradited to US to face charges related to theft of millions via fake ads other scams.

📖 Read

via "Dark Reading: ".

❌ Google Boosts Encryption For Low-End Android Devices ❌

Google's Adiantum boosts encryption for low-end devices with processors that do not have hardware support for AES.

📖 Read

via "Threatpost | The first stop for security news".

🔐 Help! Need VPN recommendations for Android 🔐

What VPN would you recommend for an Android user who uses public WiFi quite often and wants to buff up their security?

📖 Read

via "Security on TechRepublic".