| |
|
|
| |
Thursday, July 10, 2025
Compliance Roundup - July 10, 2025
Compliance Roundup - July 10, 2025
Top 2 Critical Compliance Alerts
- Annual Compliance Conference summary: Keynote Speaker Session with Baroness Margaret Hodge (Former Chair, Public Accounts Committee; Anti-Corruption Champion) — Baroness Hodge provided insights on the UK's challenges in tackling economic crime, tax avoidance, and illicit finance. Read more
- Annual Compliance Conference summary: US and UK Enforcement in the Current Climate – Strategic Shifts and Global Implications — Discussion on the evolving enforcement landscape in the UK, US, and Latin America, focusing on strategic priorities and inter-agency cooperation. Read more
Anti-Corruption
- Annual Compliance Conference summary: Keynote Speaker Session with Baroness Margaret Hodge (Former Chair, Public Accounts Committee; Anti-Corruption Champion) — Baroness Hodge provided insights on the UK's challenges in tackling economic crime, tax avoidance, and illicit finance. Read more
- Annual Compliance Conference summary: US and UK Enforcement in the Current Climate – Strategic Shifts and Global Implications — Discussion on the evolving enforcement landscape in the UK, US, and Latin America, focusing on strategic priorities and inter-agency cooperation. Read more
Anti-bribery
- Annual Compliance Conference summary: Keynote Speaker Session with Baroness Margaret Hodge (Former Chair, Public Accounts Committee; Anti-Corruption Champion) — Baroness Hodge provided insights on the UK's challenges in tackling economic crime, tax avoidance, and illicit finance. Read more
- Annual Compliance Conference summary: US and UK Enforcement in the Current Climate – Strategic Shifts and Global Implications — Discussion on the evolving enforcement landscape in the UK, US, and Latin America, focusing on strategic priorities and inter-agency cooperation. Read more
Corruption
- Annual Compliance Conference summary: Keynote Speaker Session with Baroness Margaret Hodge (Former Chair, Public Accounts Committee; Anti-Corruption Champion) — Baroness Hodge provided insights on the UK's challenges in tackling economic crime, tax avoidance, and illicit finance. Read more
- Annual Compliance Conference summary: US and UK Enforcement in the Current Climate – Strategic Shifts and Global Implications — Discussion on the evolving enforcement landscape in the UK, US, and Latin America, focusing on strategic priorities and inter-agency cooperation. Read more
Europe
- Annual Compliance Conference summary: Keynote Speaker Session with Baroness Margaret Hodge (Former Chair, Public Accounts Committee; Anti-Corruption Champion) — Baroness Hodge provided insights on the UK's challenges in tackling economic crime, tax avoidance, and illicit finance. Read more
- Annual Compliance Conference summary: US and UK Enforcement in the Current Climate – Strategic Shifts and Global Implications — Discussion on the evolving enforcement landscape in the UK, US, and Latin America, focusing on strategic priorities and inter-agency cooperation. Read more
North America
- Annual Compliance Conference summary: Keynote Speaker Session with Baroness Margaret Hodge (Former Chair, Public Accounts Committee; Anti-Corruption Champion) — Baroness Hodge provided insights on the UK's challenges in tackling economic crime, tax avoidance, and illicit finance. Read more
- Annual Compliance Conference summary: US and UK Enforcement in the Current Climate – Strategic Shifts and Global Implications — Discussion on the evolving enforcement landscape in the UK, US, and Latin America, focusing on strategic priorities and inter-agency cooperation. Read more
UK
- Annual Compliance Conference summary: Keynote Speaker Session with Baroness Margaret Hodge (Former Chair, Public Accounts Committee; Anti-Corruption Champion) — Baroness Hodge provided insights on the UK's challenges in tackling economic crime, tax avoidance, and illicit finance. Read more
- Annual Compliance Conference summary: US and UK Enforcement in the Current Climate – Strategic Shifts and Global Implications — Discussion on the evolving enforcement landscape in the UK, US, and Latin America, focusing on strategic priorities and inter-agency cooperation. Read more
USA
- Annual Compliance Conference summary: Keynote Speaker Session with Baroness Margaret Hodge (Former Chair, Public Accounts Committee; Anti-Corruption Champion) — Baroness Hodge provided insights on the UK's challenges in tackling economic crime, tax avoidance, and illicit finance. Read more
- Annual Compliance Conference summary: US and UK Enforcement in the Current Climate – Strategic Shifts and Global Implications — Discussion on the evolving enforcement landscape in the UK, US, and Latin America, focusing on strategic priorities and inter-agency cooperation. Read more
Privacy Insights Digest - July 10, 2025
Privacy Insights Digest - July 10, 2025
Top 5 Critical Privacy Alerts
- ICE Is Searching a Massive Insurance and Medical Bill Database to Find Deportation Targets — ICE is using a health and car insurance claims database to track down individuals for deportation. Read more
- Google Settles Privacy Class Action Over Period Tracking App — Google settled a class action alleging it surreptitiously collected sensitive health data from users of the Flo period tracking app. Read more
- Franklin, Tennessee Resident Sentenced to 30 Months in Federal Prison on Multiple Cyber Stalking Charges — A Tennessee resident was sentenced to 30 months in federal prison for cyberstalking fourteen victims. Read more
- Department of Justice Subpoenas Doctors and Clinics Involved in Performing Transgender Medical Procedures on Children — The DOJ has sent subpoenas to doctors and clinics involved in performing transgender medical procedures on children. Read more
Privacy Laws & Regulations (GDPR, CPRA, CCPA, AI Acts)
- ICE Is Searching a Massive Insurance and Medical Bill Database to Find Deportation Targets — ICE is using a health and car insurance claims database to track down individuals for deportation. Read more
Regulatory Fines & Enforcement Actions
- Google Settles Privacy Class Action Over Period Tracking App — Google settled a class action alleging it surreptitiously collected sensitive health data from users of the Flo period tracking app. Read more
- Franklin, Tennessee Resident Sentenced to 30 Months in Federal Prison on Multiple Cyber Stalking Charges — A Tennessee resident was sentenced to 30 months in federal prison for cyberstalking fourteen victims. Read more
Security Threat Summary - July 10, 2025
Security Threat Summary - July 10, 2025
Top 5 Critical Security Alerts
- Microsoft Patches 130 Vulnerabilities, Including Critical Flaws in SPNEGO and SQL Server — Microsoft addressed 130 vulnerabilities, including critical flaws in SPNEGO and SQL Server. Read more
- New AI Malware PoC Reliably Evades Microsoft Defender — A new AI malware proof-of-concept uses targeted reinforcement learning to evade Microsoft Defender. Read more
- Gold Melody IAB Exploits Exposed ASP.NET Machine Keys for Unauthorized Access to Targets — Gold Melody IAB exploits leaked ASP.NET machine keys to gain unauthorized access to organizations. Read more
- An NVIDIA Container Bug & Chance to Harden Kubernetes — A container escape flaw in the NVIDIA Container Toolkit could allow access to AI datasets. Read more
- Smashing Security podcast #425: Call of Duty: From pew-pew to pwned — "Call of Duty: WWII" is weaponized, allowing hackers to hijack PCs; scammers target the recently incarcerated. Read more
Threat Intelligence
- AiLock ransomware: What you need to know — The AiLock ransomware gang threatens to report victims to regulators, email competitors, and leak data if they don't pay within five days. Read more
- DoNot APT Expands Operations, Targets European Foreign Ministries with LoptikMod Malware — DoNot APT is targeting European foreign affairs ministries using LoptikMod malware to harvest sensitive data. Read more
- North American APT Uses Exchange Zero-Day to Attack China — Researchers have identified a North American APT exploiting a Microsoft Exchange zero-day to attack a Chinese entity. Read more
- U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme — The U.S. sanctioned a North Korean hacker from the Andariel group for involvement in a fraudulent IT worker scheme. Read more
- Chinese Hacker Xu Zewei Arrested for Ties to Silk Typhoon Group and U.S. Cyber Attacks — A Chinese national was arrested in Italy for ties to the Silk Typhoon group and cyberattacks against U.S. organizations. Read more
Security Tools & Best Practices
- Setting up Your Own Certificate Authority for Development: Why and How. — Setting up an internal certificate authority can support strong authentication and provide flexibility for developers. Read more
- How To Automate Ticket Creation, Device Identification and Threat Triage With Tines — Tines library offers pre-built workflows for security automation, including a standout workflow for malware alerts with CrowdStrike, Oomnitza, GitHub, and PagerDuty. Read more
Emerging Security Technologies
- Rubio Impersonator Signals Growing Security Threat From Deepfakes — An impostor posing as a secretary of state demonstrates the growing security threat from deepfakes. Read more
[CVE] 1 change on Microsoft
| |
|
|
| |
Wednesday, July 9, 2025
Compliance Roundup - July 9, 2025
Compliance Roundup - July 9, 2025
Critical Compliance Alert
- Regulatory Pullback Amplifies Need for Strategic Risk Controls — Deregulatory environments can mask growing hidden risks from shareholder litigation to reputational damage. Read more
Compliance Frameworks
- Outsourced Compliance: A Strategic Response to Regulatory Strain — Outsourced compliance services provide access to experienced professionals with regulatory knowledge and operational capacity, offering industry perspective that internal teams may lack. Read more
Policy & Governance Updates
- An Ounce of Prevention is Worth a Pound of Cure: 4 Powerful Examples of Ethical Decision-Making — Ethical management is challenging in gray areas. This article explores test cases illustrating the importance of ethical decision-making. Read more
Third-Party Risk & Due Diligence
- Regulatory Pullback Amplifies Need for Strategic Risk Controls — Deregulatory environments can mask growing hidden risks from shareholder litigation to reputational damage. Read more
Privacy Insights Digest - July 9, 2025
Privacy Insights Digest - July 9, 2025
Top 3 Critical Privacy Alerts
- District Court Enjoins Privacy Rule Modifications Regarding Reproductive Health Care — Texas court halts Biden Administration's changes to HIPAA Privacy Rule concerning reproductive health information. Read more
- Texas Age Verification Law Upheld: U.S. Supreme Court Balances Free Speech and Child Protection in the Digital Age — Supreme Court validates Texas law mandating age verification for sites with substantial sexually explicit content. Read more
- FERC Finalizes New Internal Network Security Monitoring Requirements for Bulk Electric Systems — FERC approves CIP-015-1, mandating internal network security monitoring for bulk electric systems. Read more
Privacy Laws & Regulations (GDPR, CPRA, CCPA, AI Acts)
- Texas Age Verification Law Upheld: U.S. Supreme Court Balances Free Speech and Child Protection in the Digital Age — Supreme Court validates Texas law mandating age verification for sites with substantial sexually explicit content. Read more
Regulatory Fines & Enforcement Actions
- District Court Enjoins Privacy Rule Modifications Regarding Reproductive Health Care — Texas court halts Biden Administration's changes to HIPAA Privacy Rule concerning reproductive health information. Read more
Security Threat Summary - July 9, 2025
Security Threat Summary - July 9, 2025
Top 5 Critical Security Alerts
- Microsoft Patch Tuesday, July 2025 Edition — Microsoft released updates to fix 137 security vulnerabilities, including 14 critical ones that could allow attackers to seize control of Windows PCs. Read more
- Microsoft Patch Tuesday for July 2025 — Snort rules and prominent vulnerabilities — Microsoft's monthly security update includes 132 vulnerabilities, with 14 marked as critical. Read more
- CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation — CISA added four actively exploited vulnerabilities to its KEV catalog, including a buffer overflow in Multi-Router Looking Glass (MRLG). Read more
Threat Intelligence
- Malicious Open Source Packages Spike 188% YoY — Data exfiltration was the most common malware, with over 4,400 packages designed to steal secrets and credentials. Read more
- Suspected Hacker Linked to Silk Typhoon Arrested in Milan — The alleged Chinese state-sponsored hacker faces charges including wire fraud and unauthorized access. Read more
- Hackers Use Leaked Shellter Tool License to Spread Lumma Stealer and SectopRAT Malware — Hackers are exploiting a leaked license of the Shellter red teaming tool to distribute stealer malware. Read more
- Hackers 'Shellter' Various Stealers in Red-Team Tool to Evade Detection — Campaigns spreading Lumma, Arechclient2, and Rhadamanthys malware leverage key features of the AV/EDR evasion framework. Read more
- RondoDox Botnet Exploits Flaws in TBK DVRs and Four-Faith Routers to Launch DDoS Attacks — A new botnet called RondoDox is exploiting security flaws in TBK DVRs and Four-Faith routers. Read more
- Researchers Uncover Batavia Windows Spyware Stealing Documents from Russian Firms — An ongoing campaign targets Russian organizations with a previously undocumented Windows spyware called Batavia. Read more
- TAG-140 Targets Indian Government Via 'ClickFix-Style' Lure — Threat actors trick victims into opening a malicious script, leading to the execution of the BroaderAspect .NET loader. Read more
Security Breaches & Incidents
- South Korean Government Imposes Penalties on SK Telecom for Breach — A breach at SK Telecom exposed 27 million records, leading to penalties and regulatory requirements. Read more
- 5 Ways Identity-based Attacks Are Breaching Retail — Major retailers like Adidas and Victoria's Secret have been breached through cracks of trust and access. Read more
- BaitTrap: Over 17,000 Fake News Websites Caught Fueling Investment Fraud Globally — A large-scale scam operation uses fake news websites to deceive users into online investment fraud. Read more
Security Tools & Best Practices
- 4 Critical Steps in Advance of 47-Day SSL/TLS Certificates — IT teams need to plan for shorter certificate lifespans by 2029 to avoid operational disruptions. Read more
Emerging Security Technologies
- The AI Fix #58: An AI runs a shop into the ground, and AI's obsession with the number 27 — Podcast discusses AI headphones, Microsoft's "medical superintelligence," and AI's fascination with the number 27. Read more
Tuesday, July 8, 2025
Privacy Insights Digest - July 8, 2025
Privacy Insights Digest - July 8, 2025
Critical Privacy Alert
- Senate Nixes State AI Enforcement Moratorium, For Now — Senate rejects federal legislation to pause state AI regulations by stripping the measure from the budget reconciliation package. Read more
Security Threat Summary - July 8, 2025
Security Threat Summary - July 8, 2025
Top 5 Critical Security Alerts
- Ransomware Attack Triggers Widespread Outage at Ingram Micro — Disruption of customer ordering and services due to a ransomware attack. Read more
- Chrome Store Features Extension Poisoned With Sophisticated Spyware — A popular color picker extension is hijacking sessions and redirecting users to malicious sites. Read more
- Bert Blitzes Linux & Windows Systems — A new ransomware strain uses aggressive multithreading and cross-platform capabilities. Read more
- SEO Poisoning Campaign Targets 8,500+ SMB Users with Malware Disguised as AI Tools — Malvertising delivers Oyster malware loader via trojanized versions of legitimate tools. Read more
- Employee arrested after Brazil's central bank service provider hacked for US $140 million — Approximately US $140 million was stolen from the reserve accounts of six financial institutions after a cyber attack hit a service provider. Read more
Threat Intelligence (APT, malware, ransomware)
- Bert Blitzes Linux & Windows Systems — A new ransomware strain uses aggressive multithreading and cross-platform capabilities. Read more
- DPRK macOS 'NimDoor' Malware Targets Web3, Crypto Platforms — North Korean threat actors are targeting cryptocurrency and Web3 platforms with malicious Zoom meeting requests. Read more
- 'Hunters International' RaaS Group Closes Its Doors — The ransomware-as-a-service group is reportedly rebranding to a data theft outfit called World Leaks. Read more
- SEO Poisoning Campaign Targets 8,500+ SMB Users with Malware Disguised as AI Tools — Malvertising delivers Oyster malware loader via trojanized versions of legitimate tools. Read more
- TAG-140 Deploys DRAT V2 RAT, Targeting Indian Government, Defense, and Rail Sectors — A hacking group with ties to Pakistan targets Indian government organizations with a modified remote access trojan. Read more
Security Breaches & Incidents
- Ransomware Attack Triggers Widespread Outage at Ingram Micro — Disruption of customer ordering and services due to a ransomware attack. Read more
- Employee arrested after Brazil's central bank service provider hacked for US $140 million — Approximately US $140 million was stolen from the reserve accounts of six financial institutions after a cyber attack hit a service provider. Read more
Security Tools & Best Practices
- Manufacturing Security: Why Default Passwords Must Go — CISA urges manufacturers to eliminate default passwords after Iranian hackers breached a US water facility. Read more
- What's My (File)Name?, (Mon, Jul 7th) — Article discusses anti-debugging and anti-analysis features in modern malware and suggests renaming suspicious files to avoid detection during analysis. Read more
Endpoint Security
- Chrome Store Features Extension Poisoned With Sophisticated Spyware — A popular color picker extension is hijacking sessions and redirecting users to malicious sites. Read more
Monday, July 7, 2025
Privacy Insights Digest - July 7, 2025
Privacy Insights Digest - July 7, 2025
Critical Privacy Alert
- On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android — Gemini AI may override privacy settings on Android, gaining access to texts and WhatsApp. Read more
AI Acts
- On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android — Gemini AI may override privacy settings on Android, gaining access to texts and WhatsApp. Read more
Data Minimization & User Consent
- On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android — Gemini AI may override privacy settings on Android, gaining access to texts and WhatsApp. Read more
Sunday, July 6, 2025
Privacy Insights Digest - July 6, 2025
Privacy Insights Digest - July 6, 2025
Critical Privacy Alert
- German court awards Facebook user €5,000 for data protection violations — Leipzig court finds Meta breached GDPR via Business Tools, setting a precedent for European privacy enforcement. Read more
Regulatory Fines & Enforcement Actions
- German court awards Facebook user €5,000 for data protection violations — Leipzig court finds Meta breached GDPR via Business Tools, setting a precedent for European privacy enforcement. Read more
Security Threat Summary - July 6, 2025
Security Threat Summary - July 6, 2025
Top 3 Critical Security Alerts
- Taiwan NSB Alerts Public on Data Risks from TikTok, Weibo, and RedNote Over China Ties — Taiwan's National Security Bureau warns about data risks from China-developed apps due to excessive data collection and transfer. Read more
- Alert: Exposed JDWP Interfaces Lead to Crypto Mining, Hpingbot Targets SSH for DDoS — Attackers are exploiting exposed Java Debug Wire Protocol interfaces to deploy cryptocurrency miners. Read more
- Infocon: green — ISC Stormcast For Thursday, July 3rd, 2025. Read more
Subscribe to:
Posts (Atom)