Security News

A bill introduced in the House of Representatives this week could allow United States citizens to seek monetary damages if cyber-attacks by foreign threat actors harm them in any way. Per the bill, Americans would be able to make claims in federal or state courts if they are in any way affected by cyber-attacks that foreign states have conducted against them.

Recent service disruptions at the Pan-American Life Insurance Group were likely caused by a cyberattack conducted by a threat actor known for using the REvil ransomware. The official website of PALIG currently only displays some contact information and the following message: "Pan-American Life Insurance Group is currently experiencing a disruption to some of our services and we are working to restore them. To facilitate communication during this time, we have created temporary email accounts as an official communication channel."

While it's logical to assume seniors would be primary targets, a new report revealed that millennials were actually the most targeted demographic group of the more than 50 billion spam calls made in 2020. The increase in calls has enabled scammers to go ham on the unsuspecting, as they steal money and damage trust.

A Comparitech report found that Japan and the UAE have the most expensive identities available on illicit marketplaces at an average price of $25. Personal information from US citizens found on the Dark Web-ranging from Social Security numbers, stolen credit card numbers, hacked PayPal accounts, and more-is worth just $8 on average, according to a new report from tech research firm Comparitech. "After a data breach or successful phishing campaign, much of the stolen personal information is sold on black markets. Many such marketplaces reside on the dark web. The median credit limit on a stolen credit card is 24 times the price of the card. The median account balance of a hacked PayPal account is 32 times the price on the dark web," Comparitech's Paul Bischoff wrote.

A report from NordVPN finds disagreement on which political leader does better on privacy issues, whether disinformation should be banned, and what the biggest cyberthreat is. VPN service provider NordVPN has released the results of a Politics and Digital Privacy Study conducted on US citizens, finding party line divisions on many issues, but general agreement on others, such as whether Big Tech should be liable for its use of personal data or whether a policy similar to the proposed EU Digital Services Act should be enacted in the US. The study surveyed 1,000 American adults and focused on questions about privacy issues and disinformation on the internet with the aim of determining opinions on who should regulate those issues in the American market.

United States President Donald Trump has signed an executive order banning eight Chinese apps considered to be a threat to US national security, economy, and foreign policy. Moving to ban the apps is designed to secure the country's information and communications technology, as well as the services supply chain which is considered a national emergency according to Executive Order 13873, signed on May 15, 2019.

A threat actor has posted data of 10,000 American Express credit card holders on a hacker forum for free. In the same forum post, the actor claims to sell even more data of Mexican banking customers of American Express, Santander, and Banamex.

The United States Department of Homeland Security has published a guide to the terrifying risks that businesses will expose themselves to if they use tech created in the Peoples' Republic of China or engage in any business activity with the Middle Kingdom. The fifteen-page "Data Security Business Advisory" [PDF] opens by warning "Businesses expose themselves and their customers to heightened risk when they share sensitive data with firms located in the PRC, or use equipment and software developed by firms with an ownership nexus in the PRC.".

A new global report on phishing attempts shows how the workforce has responded to security threats since COVID-19, and the new vulnerabilities that have resulted from the remote work landscape. Terranova Security's new "2020 Gone Phishing Tournament," part of its Phishing Benchmark Global Report, looks at the impact of phishing attacks on the remote workforce, citing an increase in phishing simulation clicks, as well as compromised data.

More than fifty networks in the North American region suddenly burst to life after being dormant for a long period of time, Spamhaus reveals. The organization noticed last week that 52 dormant networks in the ARIN area were resurrected concurrently, and that each of them has been announced by a different autonomous system number, also inactive for a significant period of time.