SolarWinds hack affected six EU agencies
therecord.media/solarwinds-hack-affected-six-eu-agencies/ Six European Union institutions were hacked part of the SolarWinds supply chain attack, a top EU administration official said this week. CERT-EU officials said that only 14 EU institutions ran a version of the SolarWinds Orion IT monitoring platform, which was the conduit of SolarWinds supply chain attack.
FIN7 hacker sentenced to 10 years in prison
therecord.media/fin7-hacker-sentenced-to-10-years-in-prison/ A Ukrainian national was sentenced today to 10 years in prison for his role in a cybercrime syndicate known as FIN7, a group that has orchestrated major attacks against point-of-sale systems across Europe and the US.
Five signs ransomware is becoming an industry
www.kaspersky.com/blog/darkside-ransomware-industry/39377/ With a website that looks like it could represent an online service provider, DarkSide Leaks makes us wonder what cybercriminals’ other PR tricks might be. Not content with its innovative victim-pressuring tactics, the DarkSide ransomware gang has forged ahead with DarkSide Leaks, a professional-looking website that could well be that of an online service provider, and is using traditional marketing techniques. What follows are the five most illustrative examples of one gang’s transformation from an underground criminal group to an enterprise.
Celsius email system breach leads to phishing attack on customers
www.bleepingcomputer.com/news/security/celsius-email-system-breach-leads-to-phishing-attack-on-customers/ Cryptocurrency rewards platform Celsius Network has disclosed a security breach exposing customer information that led to a phishing attack. Today, Celsius CEO Alex Mashinsky stated that Celsius’ third-party marketing server was compromised, and threat actors gained access to a partial Celsius customer list.
Google backs new security standard for smartphone VPN apps
www.zdnet.com/article/google-backs-new-security-standard-for-smartphone-vpn-apps/ The Internet of Secure Things Alliance, an IoT security certification body (a.k.a. ioXt), has launched a new security certification for mobile apps and VPNs. The new ioXt compliance program includes a ‘mobile application profile’ a set of security-related criteria against which apps can be certified. The profile or mobile app assessment includes additional requirements for virtual private network (VPN) applications.
Biden Races to Shore Up Power Grid Against Hacks
threatpost.com/biden-power-grid-hacks/165428/ A 100-day race to boost cybersecurity will rely on incentives rather than regulation, the White House said. President Biden is putting the final details on a plan to encourage American electric utilities to strengthen their cybersecurity protections against hackers in the next 100 days, amid increasing cyberattacks.
Spring cleaning? Don’t forget about your digital footprint
www.welivesecurity.com/2021/04/16/spring-cleaning-dont-forget-digital-footprint You’ve probably heard the phrase “digital footprint” before, but do you really know what it is? Your social media content, various online payment transactions, location history, emails sent, messages sent through instant messaging platforms, and passport usage these are just some of the data that makes up your digital footprint.