Security News

Officials from the EU and US are nearing a solution in long-running negotiations over transatlantic data sharing. Previous legal arrangements for sharing data between the two jurisdictions, the so-called Privacy Shield, were struck down by the EU Court of Justice in what became known as the Schrems II ruling in 2020.

Around half of businesses surveyed are spending more on "Cyber attacks" than they used to, it said, while a similar number reckon their C-suites don't know what "Cyber risk management" means - possibly something about ensuring monitors are firmly bolted to desks. "Low C-suite engagement combined with increased investment suggests a tendency to 'throw money' at the problem rather than develop an understanding of the cybersecurity challenges and invest appropriately," intoned Trend Micro.

The Federal Communications Commission has revoked China Unicom Americas' license, one of the world's largest mobile service providers, over "Serious national security concerns." China Unicom Americas is the largest foreign subsidiary of China Unicom, a Chinese state-owned telecom company.

A US Department of Defense staffer with top-secret clearance stole the identities of dozens of people from a work IT system to fraudulently apply for loans totaling nearly a quarter of a million dollars. Lee, who worked for Uncle Sam's Defense Contract Management Agency as an analyst, raided the organization's Microsoft SharePoint system for people's private data to pull off his greedy scheme.

A newly released Federal strategy wants the US government to adopt a "Zero trust" security model within the next two years to defend against current threats and boost cybersecurity defenses across federal agencies. The executive order initiated a government-wide effort to migrate toward zero trust and modernize the nation's defenses against cyberattacks.

In South Africa, you get an IRP5 at the end of the tax year - an archaic term that we are guessing is short for Inland Revenue/Personal, Form #5, even though the South African tax office hasn't been called the Inland Revenue for nearly 25 years. Here at Naked Security, we know the names of these forms, amongst numerous others, because they often show up in tax scam emails, presumably to give those messages an air of realism.

The U.S. Treasury Department announced today sanctions against Volodymyr Oliynyk, a former Ukrainian official, for collecting and sharing info on critical Ukrainian infrastructure with Russia's Federal Security Service."As in previous Russian incursions into Ukraine, repeated cyber operations against Ukraine's critical infrastructure are part of Russia's hybrid tactics to threaten Ukraine."

President Joe Biden signed a national security memorandum on Wednesday to increase the security of national security systems part of critical US government networks used in military and intelligence activities when storing or transferring classified info. "Modernizing our cybersecurity defenses and protecting all federal networks is a priority for the Biden Administration, and this National Security Memorandum raises the bar for the cybersecurity of our most sensitive systems," the White House said.

The Cybersecurity and Infrastructure Security Agency urges U.S. organizations to strengthen their cybersecurity defenses against data-wiping attacks recently seen targeting Ukrainian government agencies and businesses.CISA is now urging business leaders and U.S. organizations to take the following steps to prevent similar destructive attacks on their networks.

A phishing campaign seen by email security provider Inky tries to trick its victims by inviting them to submit bids for alleged government projects. A phishing email that appears to come from an official government entity is especially deceptive as it carries an air of authority.