Security News

Chile's Comisión para el Mercado Financiero has disclosed that their Microsoft Exchange server was compromised through the recently disclosed ProxyLogon vulnerabilities. "The analyzes carried out by the information security and technology area of the CMF, together with external specialized support, have so far dismissed the presence of a ransomware and indicate that the incident would be limited to the Microsoft Exchange platform," disclosed the Comisión para el Mercado Financiero.

The European Banking Authority, a key EU financial regulator, says it has fallen victim to a hack of its Microsoft email system which the US company blames on a Chinese group. Microsoft said last week that a state-sponsored group operating out of China was exploiting previously unknown security flaws in its Exchange email services to steal data from business and government users, believed to number in the tens of thousands so far.

The Australian Securities and Investments Commission on Monday disclosed a security incident that involved Accellion software. An independent commission of the Australian government, ASIC is the national corporate regulator, overseeing enterprise and financial services and also tasked with the enforcement of laws designed to protect consumers, creditors, and investors in Australia.

The Australian Securities and Investments Commission has revealed that one of its servers has been accessed by an unknown threat actor following a security breach. ASIC is an independent Australian government commission tasked with the regulation of insurance, securities, and financial services, as well with consumer protection as Australia's national corporate regulator.

The European Union's drug regulator said Friday that COVID-19 vaccine documents stolen from its servers by hackers have been not only leaked to the web, but "Manipulated." The European Medicines Agency said that an ongoing investigation showed that hackers obtained emails and documents from November related to the evaluation of experimental coronavirus vaccines.

The Scottish Environment Protection Agency confirmed on Thursday that some of its contact center, internal systems, processes and internal communications were affected following a ransomware attack that took place on Christmas Eve. "SEPA confirms ongoing ransomware attack likely to be by international serious and organised cyber-crime groups intent on disrupting public services and extorting public funds," the agency said.

Britain's Telecommunications Security Bill will allow anyone to sue their telco if they suffer "Loss or damage" as a result of a system breach - but only if they get Ofcom's permission. Buried in the details away from the China-bashing stuff is a potentially heavy stick to be wielded by telco regulator Ofcom, pitting baying crowds against telecoms operators.

India's Securities and Exchange Board appears to have sent a circular to stock exchanges that calls for market participants to upgrade information security as bad actors seek to take advantage of the financial services industry's move to working from home. SEBI appears not to have made its document public, but India's National Stock Exchange - the nation's largest - plus the Bombay Stock Exchange and Multi Commodity Exchange of India all late last week published the same 14-point security guidelines that say SEBI has called for market participants to implement a security baseline on the computers their staff use when working from home.

The world's biggest social media companies may have to put more of a priority on security now that a New York state financial watchdog is calling for the creation of a designated regulator tasked with monitoring their cyber defense. The New York State Department of Financial Services made the determination in a lengthy report on the Twitter hack in July after the Justice Department said two teenagers and a 22-year-old took over more than 100 prominent Twitter accounts, including the accounts of former President Barack Obama and former Vice President Joe Biden.

Irish privacy regulators have opened two investigations into Instagram over the social media site's handling of young people's personal data. Data scientist David Stier said last year that his analysis found users, including those under 18, who switched their account types to business accounts also had their contact information displayed on their profile.