Cybersecurity News

RSS

The Common Vulnerabilities and Exposures (CVE®) Program announced it is granting authority to the Cybersecurity and Infrastructure Security Agency (CISA) for managing the assignment of CVE Identifiers (IDs) for the CVE Program. 

Ninety-three percent of IT leaders surveyed said that their organization had suffered data breaches through outbound email in the last 12 months. On average, the Egress 2020 Outbound Email Data Breach Report found, an email data breach happens approximately every 12 working hours.

The time it takes to get engineers onsite (52% in the US and 42% globally), inadequate network monitoring (41% in the US and 36% globally) and a lack of in-house skill (40% in both the US and globally) are among the biggest challenges organizations face in resolving a network outage quickly, according to a recent study commissioned by Opengear, a Digi International company.

The Department of Commerce announced prohibitions on transactions relating to mobile applications (apps) WeChat and TikTok to safeguard the national security of the United States.

Digital Shadows has analyzed the cybercriminal marketplace landscape following the Empire Market exit scam. The company’s research has identified a number of currently available dark web marketplaces popular within the cybercriminal community. Noting the impact of the closure of Empire Market, some marketplaces, such as Icarus Market, have seen a major spike in listings, from 25,000 to 35,000 in the last month.

Google has updated its Play Store rules to impose a "formal" ban on stalkerware apps.

Shujinko announced the results of a survey of North American CISOs documenting the challenges facing security and compliance professionals preparing for a wave of upcoming audits. The survey, a joint effort between Shujinko and Pulse, found that calendars for security and compliance audits are largely unchanged despite COVID-19, yet the pandemic is straining teams as they work remotely.

New York Attorney General Letitia James announced a settlement with Dunkin’ Brands, Inc. (Dunkin’) — franchisor of Dunkin’ Donuts — resolving a lawsuit over the company’s failure to respond to successful cyberattacks that compromised tens of thousands of customers’ online accounts. 

The fallout from the Schrems II judgment continued with an announcement from Switzerland’s Federal Data Protection and Information Commissioner (FDPIC) that the Swiss-US Privacy Shield regime “does not provide an adequate level of protection for data transfer from Switzerland to the US pursuant to [Switzerland’s] Federal Act on Data Protection (FADP).”