Security News > 2020

A German privacy watchdog says it has opened an investigation into clothing retailer H&M amid evidence that the Swedish retailer had committed "Massive data protection breaches" by spying on its customer service representatives in Germany. Hamburg's data protection commissioner said in a statement Monday that a hard drive containing about 60 gigabytes of data revealed that superiors at the site in Nuremberg kept "Detailed and systematic" records about employees' health, from bladder weakness to cancer, and about their private lives, such as family disputes or holiday experiences.

Aleksei Burkov, an ultra-connected Russian hacker once described as "An asset of supreme importance" to Moscow, has pleaded guilty in a U.S. court to running a site that sold stolen payment card data and to administering a highly secretive crime forum that counted among its members some of the most elite Russian cybercrooks. Burkov, 29, admitted to running CardPlanet, a site that sold more than 150,000 stolen credit card accounts, and to being the founder and administrator of DirectConnection - a closely guarded underground community that attracted some of the world's most-wanted Russian hackers.

Facial recognition is a technology that can be used to identify people without their knowledge or consent. There is an entire industry of data brokers who make a living analyzing and augmenting data about who we are ­- using surveillance data collected by all sorts of companies and then sold without our knowledge or consent.

A US state that was struck by a ransomware attack last year is now proposing a local law that would ban possession of malicious software. Local news website the Baltimore Fishbowl reported that Maryland's Senate heard arguments on Senate Bill SB0030, a proposition that would "Label the possession and intent to use ransomware in a malicious manner as a misdemeanor" punishable with up to 10 years in prison and/or a $10,000 fine.

New York State may soon ban municipalities from paying ransomware demands in the event of a cyberattack. The bill, S.B. S7246, proposes a blanket policy in New York State that's aimed at removing the incentive for ransomware operators to keep targeting its agencies, towns and cities.

Three individuals suspected of being involved in Magecart online skimming attacks were arrested late last year in Indonesia. The arrests were made as part of an international effort called Operation Night Fury, which saw participation from Interpol's ASEAN Cyber Capability Desk and Indonesian Cyber Police, as well as private cybersecurity company Group-IB. Over the past couple of years, numerous hacking groups have been operating under the Magecart umbrella, infecting thousands of e-commerce websites with JavaScript code designed to steal customers' credit card data.

The Tampa Bay Times is the latest U.S. news organization hit with the Ryuk ransomware strain, the Florida newspaper acknowledges. The newspaper's parent organization, The Times Publishing Co., refused to pay the ransom the attackers demanded and is in the process of restoring systems through backups files and removing the malware from its infrastructure, the publication reports.

THE THREAT. THEN: U.S. intelligence agencies say Russia was the only nation that significantly interfered in the 2016 election. CYBERSECURITY IN THE STATES. THEN: Before the 2016 election, state election offices were mostly focused on ensuring orderly elections and that voting-related equipment functioned properly.

Dave DeWalt, former CEO of FireEye and McAfee, has been appointed vice chair of the board of Onapsis, a vendor focused on securing business-critical applications, such as ERP and CRM. In this exclusive interview with Information Security Media Group, DeWalt opens up on business application vulnerabilities, the evolution of the nation-state threat and technologies to watch in 2020. "When you look at business-critical applications, they have become one of the main areas of attack," DeWalt says.

A spear-phishing campaign targeted a U.S. government agency for several months last year using emails with content about North Korea geopolitics as a lure, according to an analysis from Palo Alto Networks' Unit 42. It targeted five employees at a U.S. government agency - which the report did not identify - as well as two foreign nationals who had professional ties to North Korea, according to the Unit 42 report.