Staff Send 130+ Emails Per Week to Wrong Recipient Staff in large enterprises send 136 emails per week to the wrong person, according to new data from Tessian released to coincide with today’s Data Protection Day. The annual event was launched 13 years by the Council of Europe to recognize the date in 1981 that signatures were invited for Convention …

UK’s IoT Law Hopes to Drive Security-by-Design The UK government has unveiled a new consumer IoT law designed to prohibit the sale of smart products that fail to meet three strict security requirements. Drawn up by the Department for Digital, Culture, Media and Sport (DCMS), the proposals would ensure all IoT kit sold in the UK allows users to set …

US Rolls Out New Bill to Reform NSA Surveillance US senators have proposed a bill that would drastically reform the surveillance practices of the National Security Agency (NSA) and increase oversight of government surveillance. Titled The Safeguarding Americans’ Private Records Act, the bill was introduced on Thursday by Senators Ron Wyden, Zoe Lofgren, Pramila Jayapal, Warren Davidson, and Steve Daines.  According to a statement on …

Major Canadian Military Contractor Compromised in Ransomware Attack A Canadian construction company that won military and government contracts worth millions of dollars has suffered a ransomware attack.  General contractor Bird Construction, which is based in Toronto, was allegedly targeted by cyber-threat group MAZE in December 2019. MAZE claims to have stolen 60 GB of data from the company, which landed 48 contracts …

US Space Industry to Launch Cybersecurity Portal Spring 2020 will see the launch of a new US cybersecurity resource designed to protect the space industry.  Space News reported last Thursday that the Space Information Sharing and Analysis Center, or Space ISAC, is currently in the process of setting up an unclassified portal where companies can share and analyze information on cybersecurity threats. …

Royal Yachting Association Resets Passwords After Breach The Royal Yachting Association (RYA) is forcing a password reset for all online users after warning some that their data may have been compromised by a third party. The UK’s national body for all things nautical appears to have moved quickly in response to the discovery. “We have recently become aware that an unauthorized …

Chrome and Firefox Clamp Down on Suspicious Behavior Both Chrome and Firefox administrators have had to take action recently to halt the spread of malware via extensions and add-ons. Google developer advocate Simeon Vincent explained over the weekend that the Chrome Web Store team detected an increase in fraudulent activity earlier in the month attempting to exploit users of the …

Citrix Flaw Exploited by Ransomware Attackers Reports have emerged of multiple attempts to exploit a Citrix vulnerability, delivering ransomware to enterprise victims including a German car manufacturer. Citrix began patching the CVE-2019-19781 bug in its Application Delivery Controller (ADC) and Citrix Gateway products last week. If successfully exploited, it could allow an unauthenticated attacker to perform arbitrary code execution. At …

Russian Pleads Guilty to Running Online Criminal Marketplace A Russian man has pleaded guilty to running an illegal online marketplace that sold stolen payment card credentials to criminals, who used them to make over $20m in fraudulent purchases. Before a United States court, Aleksei Burkov admitted operating the Cardplanet website, which sold card data acquired through illegal computer intrusions. Many of the cards …