Photo: Morrisons

Morrisons Not Liable for Breach Caused by Rogue Employee

Mathew J. Schwartz • April 2, 2020

Supermarket giant Morrisons is not liable for a data breach caused by a rogue employee, Britain's Supreme Court has ruled, bringing to a close the long-running case - the first in the country to have been filed by data breach victims.

►

Business Continuity Management / Disaster Recovery

Zoom Stops Transferring Data by Default to Facebook

Latest

Governance & Risk Management

Zoom Rushes Patches for Zero-Day Vulnerabilities

Apurva Venkat • April 2, 2020

The day after security researcher Patrick Wardle disclosed two zero-day vulnerabilities in the macOS client version of Zoom's teleconferencing platform, the company on Thursday rushed out patches for these flaws and one other.

Endpoint Security

Australian Kids' Smartwatch Maker Hit By Same Bug Again

Jeremy Kirk • April 2, 2020

An Australian company that sells a GPS tracking smartwatch for kids accidently exposed personal data a second time. But this time around, it has not notified users about the bug, which also could have been used to spoof the location of children.

Identity & Access Management

A CISO Conversation: Managing the Remote Workforce

Tom Field • April 1, 2020

As CISO of SoftBank Investment Advisers, Gary Hayslip is dealing with a familiar crisis management challenge: Supporting a remote workforce, with extra emphasis on secure identities. But he's also keeping a close eye on his team and the risks of burnout.

Fraud Management & Cybercrime

Zoom Contacts Feature Leaks Email Addresses, Photos

Jeremy Kirk • April 1, 2020

Popular teleconferencing software Zoom is continuing to fall under scrutiny as questions are raised over its privacy and security practices. The latest issue: a feature that inadvertently reveals strangers' email addresses and profile photos.

Endpoint Security

Alerts: Security Flaw in Medication, Anesthesia Systems

Marianne Kolbasuk McGee • April 1, 2020

A vulnerability in medication dispensing equipment and an anesthesia system from Becton Dickinson could enable an attacker to access and modify sensitive data, according to alerts issued Tuesday. Medical device security challenges are potentially heightened during the COVID-19 pandemic, experts say.

Account Takeover

FBI Alleges Russian Man Laundered Cybercriminals' Money

Ishita Chigilli Palli • April 1, 2020

The FBI has arrested a Russian national for allegedly helping an international cybercriminal gang launder its money by turning cash into bitcoin and other cryptocurrencies, according to court documents.

Business Email Compromise (BEC)

Nigerian BEC Scammers Increase Proficiency: Report

Akshaya Asokan • April 1, 2020

Nigerian cybercriminal gangs have become even more proficient in waging business email compromise attacks, according to an analysis from Palo Alto Network's Unit 42 that describes recent trends.

Cyberwarfare / Nation-State Attacks

Election Campaign Security Revisited

Tom Field • April 1, 2020

With the U.S. presidential election now seven months away, how have threats to the campaigns evolved, and what impact might be seen from COVID-19? Brigadier General (retired) Francis X. Taylor, a leader of the U.S. CyberDome election security effort, shares an update.

Cybercrime

FBI Warns of 'Kwampirs' Malware Supply Chain Attacks

Marianne Kolbasuk McGee • March 31, 2020

The FBI has issued an alert reminding the healthcare sector and other industries about the ongoing threat of Kwampir remote access Trojan attacks on the supply chain.

Business Continuity Management / Disaster Recovery

COVID-19 and the Human Side of Cybersecurity Leadership

Tom Field • March 30, 2020

When securing the remote workforce, it's important to be mindful of the human challenges - educating children, caring for elders and dealing with the barrage of COVID-19 news, says Microsoft's Diana Kelley, who shares insights on balancing cybersecurity and compassion.

Application Security

COVID-19 Crisis: How to Manage VPNs

Suparna Goswami • March 30, 2020

Security practitioners around the world are struggling to cope with the challenges posed by remote workers heavily relying on virtual private networks during the COVID-19 pandemic. Here's a look at steps to take to help enhance security.