LATEST POST
Vendor Management from a U.S. Data Privacy Perspective
Given the increasing number of data privacy laws in the U.S., entering into appropriate data processing agreements (“DPAs”) with vendors has now become a critical component of vendor management. It can also be one of the most time-consuming and complex aspects of data privacy compliance. This article discusses when an organization should enter into a […]
Vivendi Ticketing US (“See Tickets”) notifying 323,498 consumers of payment card breach
Vivendi Ticketing US d/b/a See Tickets is notifying 323,498 consumers of a data security incident that compromised consumers’ payment card information. In a notification letter being sent this week, the ticket broker states that in May, they became aware of unusual activity on some of their e-commerce sites. Forensic specialists determined that unauthorized individuals had […]
FTC Finalizes Order with 1Health.io Over Charges it Failed to Protect Privacy and Security of DNA Data and Unfairly Changed its Privacy Policy
The Federal Trade Commission finalized an order with 1Health.io that settles charges that the genetic testing firm left sensitive genetic and health data unsecured, deceived consumers about their ability to get their data deleted, and changed its privacy policy retroactively without adequately notifying consumers and obtaining their consent. In a complaint first announced in June 2023, the […]
Cuba Ransomware Deploys New Tools: Targets Critical Infrastructure Sector In The U.S. And IT Integrator In Latin America
The Cuba ransomware gang, who are thought to be in Russia, have changed things up a bit and recently attacked U.S. critical infrastructure — something most gangs have avoided after DarkSide attacked Colonial Pipeline in 2021. Read more of this article at BlackBerry.
Spies And Hackers Are Targeting The US Space Industry: Report
In other defense-related news, U.S. intelligence agencies have issued a warning about foreign spies targeting the American space industry as well as cyberattacks against the nation’s satellite infrastructure. Read more of this article by Brett Tingley at Space.com.
Carderbee: APT Group Use Legit Software In Supply Chain Attack Targeting Orgs In Hong Kong
A supply-chain attack that has hit about 100 victims has been linked to a previously unidentified hacking group called “Carderbee. Read more of this article at Threat Intelligence.
New HiatusRAT malware attacks target US Defense Department
In a new HiatusRAT malware campaign, threat actors targeted a U.S. Department of Defense server in a reconnaissance attack. Read more of this article by Sergiu Gatlan at Bleeping Computer.
New Acoustic Attack Steals Data From Keystrokes With 95% Accuracy
You’re on a call with someone and they can hear you keyboarding. Can they figure out what you typed or steal any passwords you typed in while on the call? Read more of this article by Bill Toulas at Bleeping Computer.