Privacy watchdogs in Europe have imposed fines totaling more than $330 million since the EU's General Data Protection Regulation went into full effect in May 2018, according to law firm DLA Piper. Over the past year, regulators received 121,000 data breach notifications, up 19% from the year before.
The U.S. Capitol siege and the impeachment of President Trump are being exploited for disinformation purposes ahead of Inauguration Day by Russia, Iran and China, a U.S. joint threat assessment reportedly warns. But in terms of violence, domestic extremists are the principal threat.
The governor of New Zealand's Reserve Bank says he "personally owns" responsibility for a data breach that exposed private and sensitive stakeholder information. The breach came after a serious vulnerability was disclosed in December in Accellion's File Transfer Appliance, which the bank uses.
Many of the insurrectionists who marched on the Capitol on Jan. 6 and violently forced their way into the building livestreamed their activities or boasted about them via social media. Those self-identifying actions have helped law enforcement authorities identify some of the more than 70 individuals charged.
The Scottish Environment Protection Agency says a ransomware attack last month continues to cause serious outages and warns that ransom-demanding attackers also stole some data. The Conti ransomware-as-a-service operation has claimed credit for the attack and begun to leak the stolen data.
Organizations with largely remote workforces must strengthen their dynamic authentication processes to enhance security, says Sridhar Sidhu, senior vice president and head of the information security services group at Wells Fargo.
The NSA has released guidance on how organizations can adopt encrypted domain name system protocols to prevent eavesdropping and manipulation of DNS traffic. Although the agency's report is geared toward the military and defense contractors, its recommendations can be adopted in all sectors.
The latest edition of the ISMG Security Report describes new details emerging from the SolarWinds supply chain hack investigation. Also featured: A discussion of why security education is so crucial in 2021 and tips on how to retain security and operations center analysts.
President Donald Trump has been impeached by the House of Representatives on a charge of inciting an insurrection after a riot at the U.S. Capitol led to the deaths of five people. Many experts don't believe the impeachment will have a direct impact on cybersecurity, but adversaries do look for opportunity in chaos.
Email security provider Mimecast says hackers compromised a digital certificate that encrypts data that moves between several of its products and Microsoft's servers, putting organizations at risk of data loss.
The new year has kicked off with a flurry of data security company acquisition activity; five deals have already been announced. Companies making acquisitions are striving to improve their secure access service edge - or SASE - posture, enter new markets or bolster their technology portfolios.
The "Sunburst" backdoor deployed in the breach of SolarWinds' Orion network monitoring tool uses some of the same code found in the "Kazuar" backdoor, which security researchers have previously tied to Russian hackers, the security firm Kaspersky reports.
The Reserve Bank of New Zealand disclosed Sunday that hackers infiltrated its network after compromising its file-sharing system from Accellion. The nation's central bank says the attack may have exposed commercial and consumer information, and other Accellion customers also had systems compromised.