Security News > 2023 > May

Fundamentally, the General Data Protection Regulation's right-to-privacy focus - giving people provenance over their data - allows individuals to dictate how companies, including data brokers, use their personally identifiable information. GDPR - a set of data privacy regulations throughout the European Union - has extra-territorial scope, meaning platforms and websites outside of the EU that traffic in the PII of those inside the EU must also comply with its directives.

Microsoft has released a new Windows 11 dev build that adds a long-awaited feature allowing users to ensure that all windows are shown as individual items in the taskbar. The new never combined mode is rolling out to Windows Insiders in the Dev Channel, so it might take some time to reach all enrolled devices.

Malware designed to disrupt electric power grids was likely developed by a Russian contractor, according to Mandiant's threat intel team that discovered the malicious software and dubbed it CosmicEnergy. The team say it's likely a contractor created the malware as a red-teaming tool for simulated power disruption exercises hosted by Rostelecom-Solar, a Russian cybersecurity company.

Microsoft's warning on Wednesday that the China-sponsored actor Volt Typhoon attacked U.S. infrastructure put a hard emphasis on presentations by cybersecurity and international affairs experts that a global war in cyberspace is pitting authoritarian regimes against democracies. Microsoft's notification pointed out that Volt Typhoon - which hit organizations in sectors spanning IT, communications, manufacturing, utility, transportation, construction, maritime, government and education - has been pursuing a "Living off the land" strategy focused on data exfiltration since 2021.

If you are not aware that the Caller ID number that shows up on your phone is nothing more than a hint, that anybody can put in anything, and that anybody with your worst interests at heart who wants to stalk you can, for a modest monthly outlay, buy into a service that will help them do it automatically. If you don't know that that's the case, you're probably going to have your guard way, way down when that call comes through and says, "I'm calling from the bank. You can see that from the number. Oh dear, there's been fraud on your account", and then the caller talks you into doing a whole load of things that you wouldn't listen to for a moment otherwise.

Security researchers at Cisco Talos and the Citizen Lab have presented a new technical analysis of the commercial Android spyware 'Predator' and its loader 'Alien,' sharing its data-theft capabilities and other operational details. Predator is a commercial spyware for mobile platforms developed and sold by Israeli company Intellexa.

'Collaboration is key': Ukraine's cyber chief Outcome, not reactions, should drive security, WithSecure CEO says Outcome focus helps security drive corporate goals New module to secure cloud Collaboration is key: Ukraine's cyber chief. The company also announced several new products at the event, including Cloud Security Posture Management available for customers using WithSecure Elements, a cloud-based security platform.

Attackers are now using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts to steal Microsoft credentials in targeted phishing attacks designed to evade detection by email security gateways. RPMSG files are encrypted email message attachments created using Microsoft's Rights Management Services and offer an extra layer of protection to sensitive info by restricting access to authorized recipients.

D-Link has fixed two critical-severity vulnerabilities in its D-View 8 network management suite that could allow remote attackers to bypass authentication and execute arbitrary code.D-View is a network management suite developed by the Taiwanese networking solutions vendor D-Link, used by businesses of all sizes for monitoring performance, controlling device configurations, creating network maps, and generally making network management and administration more efficient and less time-consuming.

TechRepublic Premium Bring your own device policy PURPOSE The purpose of this Bring your own device policy from TechRepublic Premium is to provide requirements for BYOD usage and establish the steps that both users and the IT department should follow to initialize, support and remove devices from company access. These requirements must be followed as documented in order to protect company systems .....