Daily NCSC-FI news followup 2019-07-27

New York Passes Law to Update Data Breach Notification Requirements www.bleepingcomputer.com/news/security/new-york-passes-law-to-update-data-breach-notification-requirements/ New York Governor Andrew M. Cuomo signed the Stop Hacks and Improve Electronic Data Security (SHIELD) Act into law, with the new consumer privacy policy being designed to protect New Yorkers’ private data and strengthen the state’s data breach policies.. The signed legislation, sponsored […]

Read More

Daily NCSC-FI news followup 2019-07-26

Stock Trading Service Robinhood Admits To Storing Some Passwords in Cleartext www.zdnet.com/article/robinhood-admits-to-storing-some-passwords-in-cleartext/ “On Monday night, we discovered that some user credentials were stored in a readable format within our internal system,” the company said.. “We resolved the issue, and after thorough review, found no evidence that this information was accessed by anyone outside our response […]

Read More

Daily NCSC-FI news followup 2019-07-25

The Unsexy Threat to Election Security krebsonsecurity.com/2019/07/the-unsexy-threat-to-election-security/ Much has been written about the need to further secure our elections, from ensuring the integrity of voting machines to combating fake news. But according to a report quietly issued by a California grand jury this week, more attention needs to be paid to securing social media and […]

Read More

Daily NCSC-FI news followup 2019-07-24

Low Barr: Don’t give me that crap about security, just put the backdoors in the encryption, roars US Attorney General www.theregister.co.uk/2019/07/23/us_encryption_backdoor/ While speaking today in New York, Barr demanded eavesdropping mechanisms be added to consumer-level software and devices, mechanisms that can be used by investigators to forcibly decrypt and pry into strongly end-to-end encrypted chats, […]

Read More

Daily NCSC-FI news followup 2019-07-23

4 Practical Steps for Shift Left Security blog.paloaltonetworks.com/2019/07/4-practical-steps-shift-left-security/ Since the beginning of modern computing, security has largely been divorced from software development. Recent vulnerability research confirms this. Consider that over the past five years, out of all published vulnerabilities, 76% were from applications. Given this radical shift in attacker focus, its time to embed security […]

Read More

Daily NCSC-FI news followup 2019-07-21

Russia’s Secret Intelligence Agency Hacked: ‘Largest Data Breach In Its History’ www.forbes.com/sites/zakdoffman/2019/07/20/russian-intelligence-has-been-hacked-with-social-media-and-tor-projects-exposed/#56b83da66b11 Red faces in Moscow this weekend, with the news that hackers have successfully targeted FSBRussia’s Federal Security Service. The hackers managed to steal 7.5 terabytes of data from a major contractor, exposing secret FSB projects to de-anonymize Tor browsing, scrape social media, and […]

Read More

Daily NCSC-FI news followup 2019-07-20

Iran-Linked APT34 Invites Victims to LinkedIn for Fresh Malware Infections threatpost.com/iran-apt34-linkedin-malware/146575/ The group was posing as a researcher from Cambridge, and was found to have added three new malware families to its spy arsenal. A recent phishing campaign by Iran-linked threat actor APT34 made use of a savvy approach: Asking victims to join their social […]

Read More

Daily NCSC-FI news followup 2019-07-19

Security Lessons From a New Programming Language www.darkreading.com/application-security/security-lessons-from-a-new-programming-language/d/d-id/1335300?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple A security professional needed a secure language for IoT development. So he wrote his own, applying learned lessons about memory and resources in the process. It’s never good when ‘Magecart’ and ‘bulletproof’ appear in the same sentence, but here we are www.theregister.co.uk/2019/07/18/magecart_ukraine_hosting/ Researchers with security shop Malwarebytes […]

Read More

Daily NCSC-FI news followup 2019-07-18

Bulgarias biggest leak: Suspect arrested after cyber attack www.euronews.com/2019/07/17/bulgaria-s-biggest-leak-suspect-arrested-after-cyber-attack Bulgarian police said on Wednesday they have arrested a suspect for a cyber attack on the country’s National Revenue Agency (NRA), which led to the leak of personal and financial data of millions of people.. Also www.grahamcluley.com/security-researcher-arrested-after-data-on-every-adult-in-bulgaria-hacked-from-government-site/. “Bulgarian anti-virus veteran Vesselin Bontchev tweeted a screenshot of […]

Read More