February 26, 2024 at 07:50AM The UK’s data protection watchdog issued an enforcement notice to halt Serco’s use of facial recognition and fingerprint scanning at leisure centers it operates, finding the company unlawfully processed biometric data of over 2,000 employees. The ICO instructed Serco to destroy non-legally required biometric data. The watchdog emphasized the risks … Read more
February 23, 2024 at 12:15PM The FTC fined Avast $16.5 million for allegedly selling consumer browsing data to third parties through its subsidiaries, despite claiming to protect users’ privacy. The FTC accused Avast of collecting and storing browsing data without consent, then selling it to over 100 third parties. Avast is now required to compensate … Read more
February 23, 2024 at 10:06AM Summary: The Open Cybersecurity Schema Framework (OCSF) aims to address data interoperability issues in security by providing a standard for collecting and managing security data across different tools. To achieve widespread adoption, industry collaboration, customer engagement, vendor cooperation, federal support, and promotion of enterprise use cases are essential. This initiative … Read more
February 22, 2024 at 02:56PM Law enforcement’s disruption of the LockBit ransomware crew revealed they were developing a new variant. Unlike competitors, LockBit chose .NET and CoreRT instead of Rust for its latest locker. The in-development variant aimed to counter code leaks with a new expiry date but lacked some capabilities of previous versions. The … Read more
February 22, 2024 at 12:51AM The U.S. State Department offers up to $15 million in rewards for identifying LockBit ransomware leaders. The UK’s National Crime Agency disrupted the Russia-linked gang, with a history of extorting companies. Affiliates carry out attacks using LockBit’s software, and LockBit is known for scaling up and solidifying its control through … Read more
February 20, 2024 at 09:01AM A new security advisory cautions Salesforce users with customized instances to be wary of common programming errors and misconfigurations. The advisory emphasizes the vulnerability of the Apex programming language, citing instances where leaked data and vulnerable sites were identified. Recommendations include avoiding certain configurations and conducting thorough security assessments of … Read more
February 20, 2024 at 08:51AM The UK’s National Crime Agency seized LockBit’s source code and intelligence in Operation Cronos, arresting two actors and freezing 200 cryptocurrency accounts. The agency dismantled servers, retrieved decryption keys, and took control of LockBit’s services to disrupt its criminal enterprise. LockBit, known for its ransomware attacks, made over $120 million … Read more
February 19, 2024 at 12:20PM Wyze addressed a security incident affecting thousands of users, attributing it to a third-party caching client library that struggled to handle a surge in camera activity after an outage. This led to users seeing others’ video feeds. Wyze has taken steps to enhance security and prevent reoccurrence, but hasn’t disclosed … Read more
February 19, 2024 at 08:03AM The BlackCat and Alphv ransomware group has claimed responsibility for cyberattacks on financial firms LoanDepot and Prudential Financial. Despite the data breach impacting millions of people, Prudential stated no evidence of customer data theft. The US government offered rewards for information on the group and its affiliates. The ransomware group … Read more
February 15, 2024 at 01:57PM RansomHouse’s new tool ‘MrAgent’ automates deploying its data encrypter across multiple VMware ESXi hypervisors. This ransomware targeting large organizations maximizes impact by compromising critical applications and services. Custom configurations include scheduling an encryption event and altering the hypervisor’s monitor message. The tool’s adaptation for Windows systems demonstrates intent to extend … Read more