Security News > 2020 > June

People who don't take advantage of these added safeguards may find it far more difficult to regain access when their account gets hacked, because increasingly thieves will enable multi-factor options and tie the account to a device they control. Dennis soon learned the unauthorized Gmail address added to his son's hacked Xbox account also had enabled MFA. Meaning, his son would be unable to reset the account's password without approval from the person in control of the Gmail account.

As Australia reels under sustained cyber attacks following increased Chinese diplomatic hostility, the country's Lion brewery and dairy conglomerate has been hit for the second time. The Sydney Morning Herald reported that Lion told its staff today "It had been hit by a second cyber attack that had further disrupted its IT systems."

Today is the second day of the thirteenth Workshop on Security and Human Behavior. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself.

The United States Department of the Treasury's Office of Foreign Assets Control and the Department of Justice this week announced sanctions against six Nigerian nationals for their involvement in business email compromise and romance fraud schemes. The six, namely Richard Uzuh, Micheal Olorunyomi, Alex Ogunshakin, Felix Okpoh, Nnamdi Benson, and Abiola Kayode, engaged in BEC fraud schemes that resulted in American citizens losing over $6 million, the U.S. Treasury says.

France's highest administrative authority on Friday dismissed a challenge by Google against a fine of 50 million euros for failing to provide adequate information on its data consent policies. The fine was imposed in 2019 by France's data watchdog, the CNIL. It found at the time that Google made it too difficult for users to understand and manage preferences on how their personal information is used, in particular with regards to targeted advertising.

Malicious Chrome extensions employed in a massive global surveillance campaign have been downloaded by millions before removal, Awake Security reveals. Over the past three months, Awake identified 111 malicious or fake Chrome extensions that used GalComm domains for attacker command and control infrastructure and/or as loader pages.

For businesses preparing to comply with California's new data privacy law, the first challenge is figuring out how much data is covered by the law. Christine Lyon, a partner at Morrison & Foerster and a member of the firm's global privacy and data security group, said that the CCPA establishes a new right that US consumers have never had. She also said that the data protected by the CCPA includes much more than just email address and name.

Lindsey: Yeah, it kind of does put into question Google's kind of its policies and how it is able to use automated and manual analyses of different extensions, just because, you know, as you mentioned, we have, 106 Chrome browser extensions in question here. As Tom pointed out, maybe some of those devices have, you know, Google Chrome extensions that are malicious.

Despite this lack of security, a survey conducted by encryption security provider NordLocker found email the most popular way to share files. In a survey about file sharing and security directed toward 1,400 adults, NordLocker discovered that 58% of those in the US and 56% of those in UK use email as the most common method of sharing files.

Whonix is a Linux desktop dedicated to absolute security and privacy. If you've reached the point where you have tasks that require the most secure and private desktop you can find, where do you turn? You could give Whonix a try.