California Attorney General Xavier Becerra and Assemblymember Marc Levine (D-San Rafael) unveiled AB 1130, legislation to strengthen California’s data breach notification law to protect consumers. The bill closes a loophole in the state’s existing data breach notification law by requiring businesses to notify consumers of compromised passport numbers and biometric information. “Knowledge is power, and all Californians deserve the power to take ...
Read More »Cyber Security News
Microsoft Edge secretly whitelisted sites running Flash Player for Facebook
Facebook has found itself involved in another controversy, this time a cybersecurity researcher has revealed Microsoft Edge allows Flash Player content to be played on Facebook without notifying the user. Google Project Zero’s Ivan Fratric came across what is essentially a secret whitelist and reported it on November 26, 2018 and waited the usual 90 days before making his discovery public. ...
Read More »An unprotected server exposed almost 2.7 million call recording for six years
Of the 2.7 million exposed call recordings, almost 57,000 call recordings have filenames containing the telephone numbers of those who called the helpline. Researchers noted that the unprotected server available at nas.applion.se might have been impacted by almost 23 vulnerabilities with CVEs assigned between 2013 and 2018. A storage server containing real-time call recordings made to the 1177 Swedish Healthcare ...
Read More »Russian cyberattackers are in and gone in less than 20 minutes
Russian threat actors are almost eight-times faster at taking advantage of a compromised system compared to other nation-state actors, a tribute to their operational tradecraft, according to Crowdstrike’s 2019 Global Threat report. An analysis of what Crowdstrike calls “breakout time” shows the Russians are quicker, by a factor of eight, at moving laterally through a system and accomplishing their primary objectives then ...
Read More »Lockheed Martin, UCF Open $1.5 Million Cyber Lab in Orlando
Lockheed Martin and the University of Central Florida (UCF) celebrated the grand opening of a Cyber Innovation Lab on UCF’s campus that will help meet the growing local and national need for cybersecurity talent. “This lab will serve as the campus’ primary hub for students to develop and expand their information security skills, preparing them to enter this high demand field and ...
Read More »RUSSIA PLANS TO BRIEFLY DISCONNECT FROM THE INTERNET TO SEE WHAT HAPPENS
Russia is planning to disconnect itself from the internet as part of a planned experiment designed to protect the country from state-backed cyber attacks. Internet service providers in the country are working with the Russian government in preparation for the test, which comes in response to a proposed new law that will see all internet traffic pass through Russian servers. When it is ...
Read More »Google Play announces 2019 malicious app crackdown
Google Play announced it will continue its crackdown on malicious apps into 2019 by focusing more on user privacy, developer integrity and harmful app contents and behavior. Google said it plans to introduce additional policies for device permissions and user data throughout the year, according to a Feb. 13 blog post. “In addition to identifying and stopping bad apps from entering ...
Read More »8 Cybersecurity Risks That May Impact Organizations in 2019
Aon’s 2019 Cyber Security Risk Report features eight risks that may impact organizations in the next 12 months, no matter where they are on their digital journey. “In 2018 we witnessed that a proactive approach to cyber preparation and planning paid off for the companies that invested in it, and in 2019, we anticipate the need for advanced planning will only further ...
Read More »(ISC)2 Announces New Professional Development Institute to Train Cyber Professionals
(ISC)² has launched its Professional Development Institute (PDI) to combat the global shortage of skilled and trained cybersecurity professionals. PDI is provided as a free portfolio of course offerings to (ISC)2 members and associates. It will help enhance their skills and abilities by providing access to rich continuing professional education (CPE) opportunities that augment the knowledge they’ve gained throughout their careers. The multi-year strategy ...
Read More »Ransomware attackers exploit old plug-in flaw to infect MSPs and their clients
Researchers are warning that hackers are exploiting a plug-in vulnerability to infect MSPs and their customers with GandCrab ransomware. The bug, CVE-2017-18362, dates back to 2017, and is found in unpatched versions of the ConnectWise ManagedITSync integration plug-in tool, explains a Feb. 8 blog post by Chris Bisnett, security researcher at Huntress Labs. This plug-in is designed to sync data between the ConnectWise Manage ...
Read More »