Cyber Security News for 25May2020

/ Compliance, cyber security, cybersecurity, Privacy, Risk Management, Security / By
#security #cybersecurity #itsecurity #privacy #risk #compliance #gdpr #sinfulsite #suxxto #nulled #unc0ver #mazeransomware #maze #ransomware #veracode #opensource #cisco
Image by https://threatpost.com
  1. “May 25, 2020 marks the second anniversary of when the European Union’s General Data Protection Regulation (GDPR) took full effect. Undoubtedly, many organizations have succeeded in achieving compliance with the Regulation by now. But that raises some important questions.  What benefits have those organizations experienced in achieving compliance, for instance?  Have they encountered any drawbacks along the way?  And how can those organizations that remain non-compliant finally get over the finish line?” https://www.tripwire.com/state-of-security/featured/privacy-milestone-expert-thoughts-gdprs-2nd-anniversary/
  2. “The hacking forums whose databases got breached include Sinful SiteSUXX.TO and Nulled. All these hacking forums are based on general discussion and sharing of related resources. It is a place where users can find lots of great data leaks, hacking and cracking tools, software, tutorials, and much more.” https://cybleinc.com/2020/05/24/this-time-the-hacking-forums-got-targeted-massive-data-leak/
  3. “The hacking team behind the “unc0ver” jailbreaking tool has released a new version of the software that can unlock every single iPhone, including those running the latest iOS 13.5 version.  Calling it the first zero-day jailbreak to be released since iOS 8, unc0ver’s lead developer Pwn20wnd said “every other jailbreak released since iOS 9 used 1day exploits that were either patched in the next beta version or the hardware.”  https://thehackernews.com/2020/05/iphone-ios-jailbreak-tools.html
  4. “Maze ransomware operators have released credit card data stolen from the Bank of Costa Rica (BCR) threatening to leak other lots every week.” https://securityaffairs.co/wordpress/103732/cyber-crime/maze-ransomware-bcr-leak.html
  5. “A full 70 percent of applications being used today have at least one security flaw stemming from the use of an open-source library.  According to Veracode’s annual State of Software Security report, these open-source libraries – free, centralized code repositories that provide ready-made application “building blocks” for developers – are not only ubiquitous but also risky.” https://threatpost.com/70-of-apps-open-source-bugs/156040/
  6. “More than half of people haven’t changed their password in the last year – even after they’ve heard about a data breach in the news. That’s according to a recent survey, “Psychology of Passwords: The Online Behavior That’s Putting You At Risk,” that examined the online security and password behaviors of 3,250 global respondents – and found that people still employ an alarming number of very common and very risky habits, even though they know better.” https://threatpost.com/threatlist-people-know-reusing-passwords-is-dumb-but-still-do-it/155996/
  7. “James shares his views on the importance of being able to evaluate risk, and to do so with open eyes and a level head. He emphasizes the value in taking risks in the workplace, especially for younger workers looking to make their mark. He shares his thoughts on threat intelligence, and the challenges organizations face when trying to cut through all of the noise.” https://www.recordedfuture.com/podcast-episode-160/
  8. “More than two dozen SQL databases stolen from online shops in various countries are being offered for sale on a public website. In total, the seller provides over 1.5 million rows of records but the amount of stolen data is much larger. The attacker is hacking into insecure servers that are reachable over the public web, copies the databases, and leaves a note asking for a ransom in return of the stolen data.” https://www.bleepingcomputer.com/news/security/hacker-extorts-online-shops-sells-databases-if-ransom-not-paid/
  9. “Cisco has released several security patches, including one for a critical issue, tracked as CVE-2020-3280, in the call-center software Unified Contact Center Express.” https://securityaffairs.co/wordpress/103765/security/cisco-unified-contact-center-express-flaw.html

#security #cybersecurity #itsecurity #privacy #risk #compliance #gdpr #sinfulsite #suxxto #nulled #unc0ver #mazeransomware #maze #ransomware #veracode #opensource #cisco