NIBS (credit image/Pixabay/ Ryan McGuire)It was an interesting week with a mix of breaches, fines, new appointments and new products. One of the big stories was Uber getting slapped with a €290 million fine by the Dutch DPA for transferring data to the US without the right safeguards.

Hunters International said that it had breached the US Marshalls Service. On its Dark Web page, the group posted a list of documents it claimed to have stolen. However, there are questions about whether this is a new leak or data from over a year ago.

Promon has announced the appointment of Daniel Kollberg as Chief Executive Officer. Kolberg replaces Gustaf Sahlman, who resigned in April after 9 years leading the firm and nearly 15 years on the board.

Cloud security provider Wiz has signed a strategic deal with Rescana and Aspiration Japan. The three companies will collaborate to create a new security offering targeted at Japanese businesses.

Forescout

Forescout has published its Threat H1 2024 Report. It has some interesting findings, including how state-sponsored actors are using hacktivism as a cover when targeting Critical National Infrastructure. VPNs are also being heavily targeted as attackers seek ways into organisations with remote workforces.

The number of ransomware groups also expanded by 55%, although successful/reported attacks only increased by 6%. The company also reports that the US is the most targeted country for ransomware.

National Crime Agency

Three men who ran the OTP Agency have pleaded guilty to operating a website that enabled criminals to circumvent banking anti-fraud checks. They charged criminals a monthly subscription fee. It allowed them to socially engineer bank account holders into disclosing genuine one-time-passcodes and personally identifiable information.

A basic package was £30 a week and allowed multi-factor authentication to be bypassed on platforms such as HSBC, Monzo, and Lloyds. For £380, an elite plan gave access to Visa and Mastercard verification sites.

NOYB

noyb has lodged a complaint with the Austrian data protection authority against the credit reference agency KSV1870 and the energy supplier ‘Unsere Wasserkraft’. New customers creating a contract with Unsere Wasserkraft, are being subjected to a fully automated credit check by KSV.

Importantly, customers are not asked for consent. If the score comes back as insufficient, Unsere Wasserkraft automatically rejects the customer. The European Court of Justice has already ruled that this approach is unlawful.

ThreatQuotient

ThreatQuotient’s Threat Intelligence Platform (TIP) is now available in the AWS Marketplace. It makes it easy for AWS customers to access and purchase the TIP.

Haig Colter, Director of Alliances, ThreatQuotient, said, “By accessing ThreatQuotient’s Threat Intelligence Platform in AWS Marketplace, customers will be able to minimize time-to-value of their investment.”

Xalient

Xalient has published a blog titled Identity Governance: Balancing Cost Reduction with Effective Risk Management. It explains some of the benefits of having an effective identity governance solution and why a wider Identity Security Framework is needed.

Security news from the week beginning 19 August 2024

LEAVE A REPLY

Please enter your comment!
Please enter your name here