Security News

Schroader talks about the impact of exponential data growth on forensic practices, the role of AI in optimizing investigations, and emphasizes the need for professionals to adapt to the changing dynamics of digital investigations, along with cross-education in related fields. With the exponential growth in data volume, how do digital forensic experts manage and analyze large datasets effectively?

Growing environmental, social, and governance expectations and expanding global regulation are propelling organizations to consider implementing a stand-alone human rights policy, according to Gartner. "A dedicated human rights policy not only allows organizations to lay out comprehensive standards in response to expectations from ESG stakeholders and regulators, but also makes it easier for employees, suppliers, and other partners in the value chain to comprehend and comply with the guidance," said Dian Zhang, Senior Research Principal with the Gartner for Legal, Risk & Compliance Leaders practice.

The past year saw developments and updates to privacy regulations across the globe-from India's Personal Data Protection Bill to Brazil's General Data Protection Law, according to ISACA. However, only 34% of organizations say they find it easy to understand their privacy obligations and only 43% are very or completely confident in their organization's privacy team's ability to ensure data privacy and achieve compliance with new privacy laws and regulations. In addition to difficulty understanding the privacy regulatory landscape, organizations also face other data privacy challenges, including budget.

A former Trickbot developer has been sent down for five years and four months for his role in infecting American hospitals and businesses with ransomware and other malware, costing victims tens of millions of dollars in losses. Trickbot initially infected PCs to steal people's login details to their online bank accounts, so that funds could be siphoned.

Genetic testing provider 23andMe confirmed that hackers stole health reports and raw genotype data of customers affected by a credential stuffing attack that went unnoticed for five months, from April 29 to September 27. The credentials used by the attackers to breach the customers' accounts were stolen in other data breaches or used on previously compromised online platforms.

Zoho Vault is a business-focused password manager that provides convenient monitoring tools for administrators in large organizations. Figure D. While the password manager itself will work as advertised, I highly recommend also downloading Zoho Vault's browser extension.

A previously unknown advanced threat actor tracked as 'Blackwood' is using sophisticated malware called NSPX30 in cyberespionage attacks against companies and individuals. Researchers at cybersecurity company ESET discovered Blackwood and the NSPX30 implant in a campaign in 2020 and believe that the group's activities align with Chinese state interests.

Zoho Vault is a business-oriented password manager that shines in its security dashboards and reporting capabilities, which are perfect for larger organizations. Aside from password generation and storage, Zoho Vault comes with team-focused features that business managers will find useful.

Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the Trickbot malware used in attacks against hospitals, companies, and individuals worldwide. The initial indictment accused Dunaev and eight co-defendants of engaging in the development, deployment, administration, and financial gains from the Trickbot malware operation.

Numerous iOS apps are using background processes triggered by push notifications to collect user data about devices, potentially allowing the creation of fingerprinting profiles used for tracking. "Apps should not attempt to surreptitiously build a user profile based on collected data and may not attempt, facilitate, or encourage others to identify anonymous users or reconstruct user profiles based on data collected from Apple-provided APIs or any data that you say has been collected in an 'anonymized,' 'aggregated,' or otherwise non-identifiable way," reads a section of Apple App Store review guidelines.