Daily NCSC-FI news followup 2019-07-27

New York Passes Law to Update Data Breach Notification Requirements

www.bleepingcomputer.com/news/security/new-york-passes-law-to-update-data-breach-notification-requirements/ New York Governor Andrew M. Cuomo signed the Stop Hacks and Improve Electronic Data Security (SHIELD) Act into law, with the new consumer privacy policy being designed to protect New Yorkers’ private data and strengthen the state’s data breach policies.. The signed legislation, sponsored by State Senator Kevin Thomas, Chairman of Committee on Consumer Protection, expands “the scope of information subject to the current data breach notification law to include biometric information, and email addresses and their corresponding passwords or security questions and answers.”

In 80 Days, Google Will Require Chrome Extensions To Request ‘The Least Amount of Data’

www.pcmag.com/news/369714/google-to-minimize-the-data-collected-by-chrome-extensions The change addresses how the extensions generally need to request certain permissions from your browser in order to function. However, some of these permissions can be pretty powerful; they can include the ability to take desktop screenshots, capture audio from a microphone, and collect data from the local file system, among other things, which can open the door to potential abuse.. The risks prompted Google to work toward securing the 180,000+ Chrome extensions on the company’s official web store. “We’re requiring extensions to only request access to the least amount of data,” the company said in a Tuesday blog post. “While this has previously been encouraged of developers, now we’re making this a requirement for all extensions.”. See also:


UK made illegal copies and mismanaged Schengen travelers database

www.zdnet.com/article/uk-made-illegal-copies-and-mismanaged-schengen-travelers-database/#ftag=RSSbaffb68 EU officials indirectly confirm UK’s gross mismanagement detailed in an unconfirmed report last week.. Authorities in the United Kingdom have made unauthorized copies of data stored inside a EU database for tracking undocumented migrants, missing people, stolen cars, or suspected criminals.. Named the Schengen Information System (SIS), this is a EU-run database that stores information such as names, personal details, photographs, fingerprints, and arrest warrants for 500,000 non-EU citizens denied entry into Europe, over 100,000 missing people, and over 36,000 criminal suspects.

No More Ransom saves ransomware victims $108 million

www.scmagazine.com/home/security-news/ransomware/no-more-ransom-saves-ransomware-victims-108-million/ Europol marked the third anniversary of the No More Ransom initiative by rolling out a few statistics, the top being that the site has helped more than 200,000 people recover files after a ransomware attack.. Since its launch in July 2016, the site has registered 3 million visitors from 188 countries, and ended up stopping $108 million in ransom demands from ending up in criminals pockets. The portal added 14 new decryptor tools in 2019, bringing its total to 109.. “The efforts against GandCrab considered to be one of the most aggressive ransomware attacks last year, epitomizes such a success: Since the release of the first GandCrab tool in February 2018, nearly 40,000 people have successfully decrypted their files, saving roughly $50 million in ransom payments,” Europol wrote.. See also


Apple’s Siri records fights, doctors appointments, and sex (and contractors hear it)

arstechnica.com/gadgets/2019/07/siri-records-fights-doctors-appointments-and-sex-and-contractors-hear-it/ One of the contract workers told The Guardian that Siri did sometimes record audio after mistaken activations. The wake word is the phrase hey Siri, but the anonymous source said that it could be activated by similar-sounding words or with the noise of a zipper. They also said that when an Apple Watch is raised and speech is detected, Siri will automatically activate.. “There have been countless instances of recordings featuring private discussions between doctors and patients, business deals, seemingly criminal dealings, sexual encounters and so on,” the source said. “These recordings are accompanied by user data showing location, contact details, and app data.”

You might be interested in …

Daily NCSC-FI news followup 2021-07-11

Chinas Great Firewall is blocking around 311k domains, 41k by accident therecord.media/chinas-great-firewall-is-blocking-around-311k-domains-41k-by-accident/ In the largest study of its kind, a team of academics from four US and Canadian universities said they were able to determine the size of Chinas Great Firewall internet censorship capabilities. In a research project that lasted nine months, from April to […]

Read More

Daily NCSC-FI news followup 2019-07-18

Bulgarias biggest leak: Suspect arrested after cyber attack www.euronews.com/2019/07/17/bulgaria-s-biggest-leak-suspect-arrested-after-cyber-attack Bulgarian police said on Wednesday they have arrested a suspect for a cyber attack on the country’s National Revenue Agency (NRA), which led to the leak of personal and financial data of millions of people.. Also www.grahamcluley.com/security-researcher-arrested-after-data-on-every-adult-in-bulgaria-hacked-from-government-site/. “Bulgarian anti-virus veteran Vesselin Bontchev tweeted a screenshot of […]

Read More

Daily NCSC-FI news followup 2019-10-16

Phorpiex Botnet Sending Out Millions of Sextortion Emails Using Hacked Computers thehackernews.com/2019/10/phorpiex-botnet-sextortion-emails.html A decade-old botnet malware that currently controls over 450,000 computers worldwide has recently shifted its operations from infecting machines with ransomware or crypto miners to abusing them for sending out sextortion emails to millions of innocent people. Docker Containers Riddled with Graboid Crypto-Worm […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.