Users of the Parler social media platform who participated in the riots last week at the U.S. Capitol are reportedly uneasy following the announcement that several activist hackers archived posts as they were happening in real time during the riots, and that they will release the posts publicly to assist law enforcement with investigations. Another
Hacking
Further Fall-Out from Russian Hacking of SolarWinds
U.S. intelligence agencies, including the FBI, the Office of the Director of National Intelligence, the National Security Agency and the Cybersecurity and Infrastructure Security Agency, have confirmed that Russia was behind the SolarWinds hack. It is reported that the FBI is investigating whether Russia hacked into project management software JetBrains’ TeamCity DevOps tool to originally…
Cyber Intelligence Facility in Port of Los Angeles to Thwart Maritime Threats
The maritime industry is an enticing target for hackers. The Port of Los Angeles (the Port) alone facilitated about $276 billion in trade last year, and the International Chamber of Shipping estimated that the total value of world shipping was around $14 trillion in 2019. The Port has plans to construct a multi-million-dollar cyber intelligence…
Proposed New Breach Notification Rule for the Banking Industry
The Office of the Comptroller of the Currency, Treasury (OCC), the Board of Governors of the Federal Reserve System (Board), and the Federal Deposit Insurance Corporation (FDIC) recently announced a “Notice of Proposed Rulemaking for the Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers.” This new rule would require a banking…
A Hackers ‘Shipageddon’ Has Set Sail: Beware of Fake Shipping Messages
As the holiday shopping season comes to end, consumers should still be aware that hackers are sending fake delivery notifications appearing to come from companies like FedEx and UPS, especially as the last few days of package arrivals pass by. The hackers’ messages prompt consumers to enter their personal information like credit card information to…
FireEye Attacked by State-Sponsored Hacking Group
To file in the “no one is immune from a sophisticated attack,” category, well-known and respected security firm FireEye publicly announced this week that it has experienced an attack by a state-sponsored (which means a foreign government) hacking group, which successfully obtained its “red team tools.” This is very concerning, as the red team tools…
Embraer Data Leaked on Darkweb Website
Brazilian airplane manufacturer Embraer’s data have reportedly been uploaded on a dark web website hosted by ransomware group RansomExx (a.k.a. Defray 777) after Embraer reportedly refused to pay a ransom following a ransomware attack last month.
According to ZDNet, the hackers uploaded company files containing “samples of employee details, business contracts, photos of flight…
Home Depot Settles Data Breach Multi-state Enforcement Action for $17.5 Million
Home Depot has agreed to settle a multi-state enforcement action by 46 U.S. states and Washington, D.C. arising from the data breach that occurred in 2014. Home Depot has agreed to pay $17.5 million to put the enforcement action behind it. The investigation was led by the Attorneys General of Connecticut, Illinois and Texas.
The…
Privacy Tip #261 – Online Shopping Tips for the Holidays
I have done more online shopping this year than ever before, and I know that I am not alone. With the holidays approaching, this will only increase because of the pandemic, and hackers and fraudsters know it.
A recent report by GBG entitled “GBG State of Digital Identity: 2020,” states that 47 percent of individuals…
UK National Cyber Security Centre Issues Security Alert for SharePoint Vulnerability
The UK National Cyber Security Centre (NCSC) issued an alert on October 16, 2020, to raise awareness “of a new remote code execution vulnerability (CVE – 2020 – 16952)”, which affects Microsoft’s SharePoint product. According to the alert, “successful exploitation of this vulnerability would allow an attacker to run arbitrary code and to carry out…