Security News > 2020 > June

For years, a China-linked threat actor named Cycldek has been exfiltrating data from air-gapped systems using a previously unreported, custom USB malware family, Kaspersky reports. Both malware versions were used to target diplomatic and government entities, but each was focused on a different geography, Kaspersky believes.

To meet the demands of a dynamic business environment, many organizations are finding that SD-WAN is ideal for providing fast, scalable, and flexible connectivity between different network environments. With the proper SD-WAN solution in place, organizations can quickly support digital transformation objectives while ensuring business continuity across an expanding remote workforce with minimum IT staff and infrastructure resources.

Aimed at SMBs, educational facilities, and software companies, the ransomware leverages Java to encrypt server-based files, according to BlackBerry and KPMG. Cybercriminals are always looking for new tricks and techniques to target potential victims without being caught. That's especially true of ransomware attackers who need to stealthily invade an organization's network to encrypt the sensitive files they plan to hold hostage.

Depending on your platform, you might have to install third-party software to encrypt externally-attached drives, such as USB drives and memory cards. I want to walk you through the steps of encrypting an SD card using only the included software on a MacBook Pro, running macOS 10.15.5.

Open Rights Group has instructed lawyers to lodge a complaint with the UK's data watchdog over the rollout of the Test and Trace system because it says the system breaches the General Data Protection Regulation. The complaint to the ICO relates to the failure by the NHS and Public Health England, which runs the Test and Trace programme, to conduct a Data Protection Impact Assessment, which is required under the GDPR before processing of data in high-risk situations.

These extreme changes have escalated another war, a war against cyber threats, with exposure to new cybersecurity risks that threat actors choose to exploit. While serving as a Supreme Allied Commander during WWII, Dwight D. Eisenhower said, "In preparing for battle I have always found that plans are useless, but planning is indispensable." Planning for rapid response will help ensure you have a foundation in place during times of crisis to work more effectively with your peers to mitigate risk and to answer questions from management about the organization's resilience to the latest threats.

College Park, MD-based phish prevention firm INKY has raised $20 million in a Series B funding round led by Insight Partners. The firm brings artificial intelligence in the form of machine learning and computer vision technology to the recognition and handling of phishing emails.

The San Francisco Employees' Retirement System this week disclosed a data breach that impacted over 70,000 of its members. According to the vendor, while it has no evidence that any data pertaining to SFERS members was removed from the server, it cannot confirm that the perpetrators did not access or copy the data.

Sophos has placed 100 staff at risk of redundancy and is said to be shutting down its Naked Security blog, sources have told The Register - although the private equity-owned biz denied this. Sophos spokeswoman Tilly Travers told The Register: "We can assure you that Naked Security is fully functioning and will remain that way."

Google faces a $5 billion class-action lawsuit over claims that it has been collecting people's browsing information without their knowledge even when using the incognito browsing mode that's meant to keep their online activities private. The lawsuit, filed in the federal court in San Jose, California, alleges that Google compiles user data through Google Analytics, Google Ad Manager and other applications and website plug-ins, including smartphone apps, regardless of whether users click on Google-supported ads, according to a report in Reuters.