News

Breach Notification , Fraud Management & Cybercrime , Identity & Access Management Jim Van Dyke and Al Pascual of Sontiq Describe Criminals’ Use of Breached Data Nick Holland (nickster2407) • March 27, 2021     Jim Van Dyke (left) and Al Pascual of Sontiq Identity crimes are up, but…

NGA Picks Four States for Academy on Cybersecurity PolicyFour states have been chosen by the National Governors Association (NGA) for its 2021 Policy Academy to Advance Whole-of-State Cybersecurity. Kansas, Missouri, Montana, and Washington have all been selected by the NGA Center for Best Practices to work directly with the NGA on cybersecurity governance, workforce development, and government partnership…

Although Facebook has been banned in China, the company recently exposed hackers who used the social media platform to lure Uyghurs into downloading malicious software used for surveillance. According to Facebook’s Mike Dvilyanski, Head of Cyber Espionage Investigations, and Nathaniel Gleicher, Head of Security Policy, hackers “targeted activists, journalists and dissidents predominantly among Uyghurs from…

Four states have been chosen by the National Governors Association (NGA) for its 2021 Policy Academy to Advance Whole-of-State Cybersecurity.  Kansas, Missouri, Montana, and Washington have all been selected by the NGA Center for Best Practices to work directly with the NGA on cybersecurity governance, workforce development, and government partnership policies.  “Representatives of the four states will…

Cybercrime , Endpoint Security , Fraud Management & Cybercrime Manufacturing and IT Systems Disrupted Doug Olenick (DougOlenick) • March 23, 2021     Message displayed on Sierra Wireless website (Update: On Friday, Sierra Wireless said it had partially recovered from a ransomware attack that took place earlier this week, enabling it to restart its production…

The hackers were using malware campaigns to target iOS and Android devices used by Uyghurs living outside China including journalists. Facebook has removed accounts of hackers possibly backed by the Chinese government for targeting Uyghur community members living abroad. According to Facebook’s Head of Cyber Espionage Investigations, Mike Dvilyanski, and Head of Security Policy, Nathaniel…

By Jack M. Germain Mar 26, 2021 7:51 AM PT Cloud cybersecurity — or a lack of it — is feeding a frenzy of companies out of the public cloud. A similar concern about managing compliance obligations is keeping organizations from moving to the cloud in general. However, much of the growing concerns over cloud…

Breach Notification , Incident & Breach Response , Security Operations So Are We Supposed to Keep This Data Breach Notification Just Between Us Friends? Mathew J. Schwartz (euroinfosec) • March 26, 2021     (See update on Fat Face paying a $2 million ransom.) See Also: Live Webinar | Mitigating the Risks Associated with Remote…

Enterprise Vulnerabilities From DHS/US-CERT’s National Vulnerability Database CVE-2020-19625PUBLISHED: 2021-03-26 Remote Code Execution Vulnerability in tests/support/stores/test_grid_filter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter. CVE-2020-19626PUBLISHED: 2021-03-26 Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new….