The FCA has extended the deadline for the implementation of strong customer authentication (SCA) for online purchases by a further six months. “Previously merchants had until 14 September 2021 to ensure that all ecommerce transactions in the UK were compliant with the SCA customer identity verification regulation, but this deadline has now been put back until 14 March 2022”. “This further six-month extension is to ensure minimal disruption to merchants and consumers, and recognises ongoing challenges facing the industry to be ready by the previous 14 September 2021 deadline, The new 14 March 2022 deadline is the latest we expect full SCA compliance…
ISBuzz Team
In a rare move, VMware published a blog post calling out ransomware groups as being adept at leveraging flaws like this post-compromise after having gained access to a network via other means such as spearphishing.
Russian-language dark web marketplace Hydra has pulled in a huge $1.37 billion worth of cryptocurrencies in 2020, up from $9.4 million in 2016. The growth in annual transaction volumes marks a staggering 624% year-over-year jump over a three-year period from 2018 to 2020.
BACKGROUND: It has been reported that the UK Government Communications Headquarters (GCHQ) used bulk interception to unlawfully breach citizens’ privacy and free expression rights, Europe’s highest human rights court has ruled. The ruling is the culmination of three lawsuits that had accused the GCHQ’s bulk interception regime of being incompatible with the right for people to have privacy, which arose in 2013 following revelations from Edward Snowden that the GCHQ was running a bulk interception operation to tap into and store huge volumes of data, which included people’s private communications.
Bose Corporation (Bose) has disclosed a data breach following a ransomware attack that hit the company’s systems in early March. The Attorney General of Bose released the below statement: “experienced a sophisticated cyber-incident that resulted in the deployment of malware/ransomware across” its “environment.”
News broke yesterday that insurance giant CNA paid $40 million in ransom after the attack it suffered in March – but that’s not the real news. Just a few days ago, CNA denied that it was a targeted attack…so why the payment? And what are the implications of giving the bad guys your money?
New Q1 DDoS Attack Report report released by Radware finds that while the number of attacks held steady in Q1 (down 2% from Q4 2020), attack volumes increased by 31%. The largest attack recorded was 295Gbps up from 260gbps in Q4 2020 and the occurrence of major attacks of 10Gbps or more tripled in Q1 2021 v Q4 2020. Radware’s new quarterly report series produced by Pascal Geenens, the director of threat intelligence at Radware, provides an overview of the global attack activity by industries, applications and on-premise vs. cloud. Follow the link to the report and the media alert follows. Please find an…
BACKGROUND: Air India has disclosed that the data of around 4.5 million of its passengers was stolen following a cyber attack on global aviation industry IT supplier SITA three months ago, in a statement by the airline. The breach involved personal data spanning almost 10 years, from 26 August 2011 to 3 February 2021, including name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data, and credit card data. No frequent flyer passwords or CVV/CVC data were stolen, however, as this information was not held by SITA. While the SITA cyber attack…
BACKGROUND: Researchers analyzing Android apps have discovered serious cloud misconfigurations leading to the potential exposure of data belonging to over 100 million users. In a report published on Thursday by Check Point Research, the cybersecurity firm said no less than 23 popular mobile apps contained a variety of “misconfigurations of third party cloud services.” According to CPR, the 23 Android apps examined — including a taxi app, logo maker, screen recorder, fax service, and astrology software — leaked data including email records, chat messages, location information, user IDs, passwords, and images. In 13 cases, sensitive data was publicly available in…
As GDPR approaches its third anniversary, it’s important to look at the uncertainty Covid-19 has caused and how it has forced businesses to adapt their data rules.