New Zealand's Parliament House in Wellington (Photo: Michael Klajban via Wikipedia/CC)

New Zealand's Refreshed Privacy Act Takes Effect

Jeremy Kirk • December 1, 2020

New Zealand's refreshed Privacy Act, which came into effect Tuesday, introduces breach notification requirements and civil penalties. It also holds data handlers to higher responsibilities to counter new threats to personal data. But the law doesn't impose financial penalties as severe as the EU's GDPR.

Business Continuity Management / Disaster Recovery

Bill Looks to Close Federal Cybersecurity Loopholes

Latest

Business Continuity Management / Disaster Recovery

Conti Ransomware Gang Posts Advantech's Data

Doug Olenick • December 1, 2020

The gang behind the Conti ransomware variant has posted data to its darknet website that it says it stole during a ransomware attack on industrial IoT chipmaker Advantech last month. The company reportedly confirmed the attack on Monday.

Cybercrime

Researchers Find Updated Variants of Bandook Spyware

Akshaya Asokan • December 1, 2020

Check Point Research has identified new variants of the long-dormant Bandook spyware that are being used for espionage campaigns across the world targeting government, financial, energy, food industry, healthcare, education, IT and legal organizations.

Breach Notification

Data Breach Affects 300,000 Mental Health Clinic Patients

Marianne Kolbasuk McGee • December 1, 2020

A recent data breach at a Colorado-based mental health clinic that exposed data on nearly 300,000 individuals is the latest of several in the mental health sector this year.

Fraud Management & Cybercrime

Fresh MacOS Backdoor Variant Linked to Vietnamese Hackers

Prajeet Nair • December 1, 2020

Trend Micro researchers have uncovered a macOS backdoor variant - designed to bypass security tools - that's linked to an advanced persistent threat group operating from Vietnam.

Fraud Management & Cybercrime

Sizing Up Synthetic DNA Hacking Risks

Marianne Kolbasuk McGee • November 30, 2020

Could hackers inject malicious code that compromises the synthetic DNA supply chain and ultimately tricks bioengineers into inadvertently developing dangerous viruses or toxins? A new research report says that's a growing concern and calls for robust security measures.

Fraud Management & Cybercrime

'Return to Office' Phishing Emails Aim to Steal Credentials

Prajeet Nair • November 30, 2020

Researchers at Abnormal Security have uncovered a credential-stealing phishing campaign that spoofs internal company memos concerning returning to the office.

Critical Infrastructure Security

CISA Warns of Password Leak on Vulnerable Fortinet VPNs

Akshaya Asokan • November 28, 2020

CISA is warning about a possible password leak that could affect vulnerable Fortinet VPNs and lead to further exploitation. The latest agency notice comes just days after hackers began publishing what they claim are leaked passwords on underground forums, according to researchers.

Cybercrime

EU Law Enforcement Prevents $47.5 Million in Payment Fraud

Akshaya Asokan • November 27, 2020

Europol, along with the other law enforcement agencies in Europe, prevented payment fraud losses of $47.5 million by targeting fraudsters who were selling stolen card data on darknet websites known as card shops.

Cyberwarfare / Nation-State Attacks

UK Ramps Up Capabilities to Deter Nation-State Hackers

Tony Morbin • November 27, 2020

The U.K. is moving to improve its ability to combat online attacks via the establishment of an information warfare network named @HutEighteen. The move, announced by the Defense Academy of the United Kingdom, follows fresh EU sanctions against nation-state hackers and the U.K. standing up a National Cyber Force.

Cybercrime

Rise of the Bots: Criminal Attacks Grow More Automated

Mathew J. Schwartz • November 27, 2020

Criminals continue to rely on automated bots for phishing attacks, web scraping, credential stuffing and more. But while gangs previously needed to amass large, powerful botnets to be effective, now they need relatively few devices, says Group-IB CTO Dmitry Volkov.

Business Continuity Management / Disaster Recovery

COVID-19 Latest: 'We Are Really Struggling'

Tom Field • November 27, 2020

It took 100 days for the world to record its first 1 million COVID-19 infections. A week ago, 1 million cases were added in just over one day. In advance of the Thanksgiving break, pandemic expert Regina Phelps shares insights on the virus, testing and how soon we might see vaccines.

3rd Party Risk Management

Government Watchdog Calls for 5G Cybersecurity Standards

Prajeet Nair • November 27, 2020

The U.S. Government Accountability Office is urging policymakers to adopt coordinated cybersecurity monitoring of 5G networks, to ensure a safe rollout of the new technology.