Cryptocurrency Fraud , Fraud Management & Cybercrime , Multi-factor & Risk-based Authentication Cryptocurrency Exchange Offering Some Affected Users $100 Worth of Bitcoin Dan Gunderman (dangun127) • September 2, 2021 (Photo: Hubert Lamela via Flickr) Cryptocurrency exchange Coinbase faces potential user trust challenges after a system error led it to send out false automated…
On Wednesday, the Federal Trade Commission announced it had banned spyware maker SpyFone and its CEO Scott Zuckerman from the surveillance business. The commission called SpyFone a “stalkerware app company” that allegedly harvested and shared data about people’s movements, phone use, and online activity via a hidden device hack. “The company’s apps sold real-time access…
A former credit union employee is facing a decade behind bars after pleading guilty to destroying large amounts of corporate data in revenge for being fired. Juliana Barile, 35, of Brooklyn, submitted the plea at a federal court in Brooklyn on Tuesday, admitting to one count of computer intrusion arising from her “unauthorized intrusion into,…
The Singapore Government Technology Agency (GovTech) on Tuesday introduced a new Vulnerability Rewards Programme (VRP) on HackerOne that offers bug bounty rewards of up to $150,000. GovTech already runs a Government Bug Bounty Programme (GBBP) and a Vulnerability Disclosure Programme (VDP), but aims to further expand its cybersecurity capabilities to better protect the Government’s Infocomm…
Governance & Risk Management , Government , Incident & Breach Response OMB Memo Describes Steps Agencies Must Take to Report Cyber Incidents Scott Ferguson (Ferguson_Writes) • August 31, 2021 Acting OMB Director Shalanda Young (Photo: U.S. Senate Banking Committee) The White House is ordering U.S. agencies to improve their logging capabilities to better…
Breach Notification , Legislation & Litigation , Security Operations Bill Would Require Reporting of Critical Infrastructure Attacks Within 72 Hours Scott Ferguson (Ferguson_Writes) • September 1, 2021 Reps. Yvette Clarke and John Katko are supporting the Cyber Incident Reporting for Critical Infrastructure Act of 2021 The House began debate Wednesday on legislation that…
Image: Microsoft Microsoft issued guidance on securing Azure accounts that may be impacted by a recently addressed Cosmos DB critical vulnerability, giving attackers full admin rights to users’ data without authorization. The flaw, dubbed ChaosDB, impacts Microsoft Azure Cosmos DB, a globally distributed NoSQL database service used by a wide assortment of high-profile customers, including Exxon-Mobil, Mercedes…
Technical details have emerged on a serious vulnerability in Microsoft Exchange Server dubbed ProxyToken that does not require authentication to access emails from a target account. An attacker can exploit the vulnerability by crafting a request to web services within the Exchange Control Panel (ECP) application and steal messages from a victim’s inbox. Delegation confusion…
Fraud Management & Cybercrime , Next-Generation Technologies & Secure Development , Ransomware Before Labor Day, Agency Cites Recent Attacks Centered on Holiday Weekends Doug Olenick (DougOlenick) • September 1, 2021 Citing damaging ransomware attacks that it, along with the FBI, has observed over recent holidays, the Cybersecurity and Infrastructure Security Agency issued an…
Check Point Software Technologies has agreed to buy rising star Avanan to deliver cloud email malware protection and expand security to SaaS collaboration suites. The US-based platform security vendor said the combined Check Point-Avanan offering will be the only unified tool on the market to protect the remote workforce from malicious files, URLs and phishing…
