Insurance company paid $40 million in ransom after march cyberattack
www.bloomberg.com/news/articles/2021-05-20/cna-financial-paid-40-million-in-ransom-after-march-cyberattack CNA Financial paid $40 million in late March to regain control of its network after a ransomware attack. The payment is bigger than any previously disclosed payments to hackers.
Microsoft Warns of Data Stealing Malware StrRAT That Pretends to Be Ransomware
threatpost.com/email-campaign-fake-ransomware-rat/166378/ On Thursday Microsoft warned of a massive email campaign that’s pushing malware to steal confidential data from infected systems while disguising itself as a ransomware infection. See also: https://twitter.com/MsftSecIntel/status/1395138347601854465
UK Recruitment Firm Leaked Sensitive Applicant Data
www.websiteplanet.com/blog/fasttrack-breach-report/ Researchers found 21000 exposed files containing applicant data, including passports, citizen ID cards, driver’s licenses on an open AWS S3 bucked owned by FastTrack Reflex Recruitment (now Team Resourcing Ltd). Directly identifiable data contained names, email addresses, phone numbers and home addresses.
How to Tell a Job Offer from an ID Theft Trap
krebsonsecurity.com/2021/05/how-to-tell-a-job-offer-from-an-id-theft-trap/ One of the oldest scams around the fake job interview that seeks only to harvest your personal and financial data is on the rise, the FBI warns.
Android 12 will give you more control over how much data you share with apps
android-developers.googleblog.com/2021/05/android-security-and-privacy-recap.html New Android release will give users more transparency around the data being accessed by apps. Android is also investing in reducing the scope of permissions so that apps only have access to the data they need for the features they provide. Let’s look at some of these important changes we’ve made in Android 12 to protect user privacy.
Foreign cyber mercenaries breached Russian federal agencies
therecord.media/fsb-nktski-foreign-cyber-mercenaries-breached-russian-federal-agencies/ Hackers have breached and stolen information from Russian federal executive bodies, the Russian government said. To breach Russian federal agencies, Rostelecom and NKTsKI said the attackers used a broad set of entry vectors that included spear-phishing, exploiting vulnerabilities in web applications, and hacking the IT infrastructure of government contractors.
Chinese governments has warned 222 apps to remove data slurping code
therecord.media/chinese-governments-has-warned-222-apps-to-remove-data-slurping-code/ The new Personal Information Protection Law was drafted last fall and approved earlier this year in March, entering into effect on May 1, 2021. The law follows a simple principlenamely that an app or website must collect only the user information they strictly need to achieve their primary functions. Any collected data that is not used to deliver an app or website feature is considered unnecessary and opens the door for the Chinese government to impose giant GDPR-like fines of up to 50 million yuan ($7.77 million) or 5% of a company’s annual revenue.
Valvira – Psykoterapiakeskus Vastaamo laiminlöi velvollisuuksiaan
www.tivi.fi/uutiset/tv/da6a8b2f-d171-4cb9-b6cc-cce8e294b523 Valvira katsoo, että Vastaamo laiminlöi yksityisestä terveydenhuollosta annetun lain mukaisia velvollisuuksiaan. Puutteita oli erityisesti terveydenhuollon palveluista vastaavalle johtajalle säädettyjen tehtävien hoitamisessa, kuten työntekijöiden perehdyttämisessä potilasasiakirjojen laatimiseen ja käsittelyyn. Puutteita oli myös toiminnan omavalvonnassa.