The latest edition of the ISMG Security Report digs into the WhatsApp flaw that paved the way for spyware installation. Also: Microsoft patches old operating systems and a 'virtual CISO' sizes up security challenges.
Data localization would increase costs to cloud service providers and change the services available for consumers, says Venkatesh Krishnamoorthy, country manager, India, for BSA, who calls for minimizing regulatory burdens.
Keeping organizations safe from attackers and staying one step ahead of them is a tough proposition, and hence identifying threats accurately with integrated user behavioral analytics and artificial intelligence makes tremendous sense as this can save invaluable investigation time.
Law enforcement agencies in the U.S. and Europe have disrupted a malware attack platform called GozNym. Six suspects have been arrested in four countries and face local prosecution on fraud, money laundering or malware-writing charges. Five Russian suspects remain at large.
U.S. President Donald Trump on Wednesday signed a long-expected executive order that bans the purchase of telecommunication equipment from nations deemed to pose a spying risk. Also, Huawei was banned by the Commerce Department from buying U.S. components without obtaining a license first.
European privacy authorities have received nearly 65,000 data breach notifications since the EU's General Data Protection Regulation went into full effect in May 2018. Privacy regulators have also imposed at least $63 million in GDPR fines.
Newly discovered microarchitectural data sampling flaws in Intel processors - collectively dubbed "ZombieLoad" - could be exploited to steal private data from PCs and servers, including shared cloud environments. Intel, Microsoft, Apple and others have begun to ship patches designed to help mitigate the problems.
Microsoft has taken the extraordinary step of issuing patches for its old XP, Windows 2003, Windows 7 and Windows Server 2008 operating systems. The problem is an easy-to-exploit Remote Desktop Services vulnerability that could be turned into a worm.
Fast Retailing, the parent company of several of Japan's biggest retail clothing chains, is warning customers of an attack that exposed email addresses and partial credit card information of more than 460,000 of the company's customers. The attackers apparently used credential stuffing techniques.
ScarCruft, a Korean-speaking APT group that has been targeting organizations mainly in Southeast Asia over the past three years, is developing new malware that targets Bluetooth-enabled devices, according to Kaspersky Lab.
Facebook is warning users of its WhatsApp messaging app to update immediately to fix a flaw that is being used to remotely install Pegasus surveillance software from Israel's NSO Group. WhatsApp says a "select number" of targets were hit by the attacks, which it has blamed on "an advanced cyber actor."
Researchers report finding a vexing vulnerability in Cisco routers that could invisibly undermine device integrity and allow attackers to take full control of a router, if combined with a second exploit. Unfortunately, hardware design flaws could complicate Cisco's efforts to safeguard users.
Over the past two years, the number of ransomware attacks against state and local government agencies has increased. But at the same time, these victims are paying less to attackers. A new analysis by threat intelligence firm Recorded Future asks: Why the discrepancy?