Security News

Now the industry's biggest player, Carnival Corporation, has also come down with a case of ransomware. The company on Tuesday issued a regulatory filing [PDF] in which it admitted: "On August 15, 2020, Carnival Corporation and Carnival plc... detected a ransomware attack that accessed and encrypted a portion of one brand's information technology systems. The unauthorized access also included the download of certain of our data files."

The flaws could also have helped attackers obtain usernames, phone numbers, voice history, and installed skills, says Check Point Research. Silently installed skills and apps on a user's Alexa account.

UPDATE. Vulnerabilities in Amazon's Alexa virtual assistant platform could allow attackers to access users' personal information, like home addresses - simply by persuading them to click on a malicious link. Researchers with Check Point found several web application flaws on Amazon Alexa subdomains, including a cross-site scripting flaw and cross-origin resource sharing misconfiguration.

iProov announced its partnership with self-sovereign identity specialists, Evernym. Evernym is the market leader in SSI, working with over 100 organizations in the technology, government, nonprofit, finance, insurance, communications, and healthcare sectors to issue, accept and verify portable digital identity credentials.

Video conference users should not post screen images of Zoom and other video conference sessions on social media, according to Ben-Gurion University of the Negev researchers, who easily identified people from public screenshots of video meetings on Zoom, Microsoft Teams and Google Meet. While there have been many privacy issues associated with video conferencing, the BGU researchers looked at what types of information they could extract from video collage images that were posted online or via social media.

Hackers infiltrated Collabera, siphoned off at least some employees' personal information, and infected the US-based IT consultancy giant's systems with ransomware. Collabera identified malware in its network system consistent with a ransomware attack.

Rather than simply knocking the law firm out of action temporarily, the ransomware crooks are said to have stolen personal data from a laundry list of celebrity clients, too - allegedly more than 750GB in total including contracts, contact information and "Personal correspondence". In other words, the financial extortion is no longer just a "Kidnap ransom" to get your files back, but also a blackmail demand to stop the crooks leaking your data - or, worse still, your customers' data - to the world.

The Terbium team reckons that these guides, which help newbie crooks through the process of things like setting up bank fronts, crafting phishing emails and stealing money out of victim accounts, make up just under half of all data transactions on the store. "What they have in common is detailed information on how to export an organization's current policies," Terbium Labs said of the guides.

TransArmor Personal Data Protection from Fiserv, which incorporates industry-leading data security technology from Protegrity, helps businesses secure consumers' personal data. For the first time, when used alongside TransArmor Data Protection, Fiserv merchants will be able to tokenize and encrypt all payment card data and personal information throughout the entire customer and transaction lifecycle.

Traditionally compliance with regulations was the top driver for deploying encryption, but has dropped in priority since 2017, indicating that encryption is transitioning from a requirement to a proactive choice to safeguard critical information. With the proliferation of data from digital initiatives, cloud use, mobility, IoT devices and the advent of 5G networks, data discovery continues to be the biggest challenge in planning and executing a data encryption strategy, with 67% of respondents citing this as their top concern.