Fraudsters Using GiftGhostBot Botnet to Steal Gift Card Balances

Gift cards have once again caused quite a headache for retailers, as cyber criminals are using a botnet to break into and steal cash from money-loaded gift cards provided by major retailers around the globe.

Dubbed GiftGhostBot, the new botnet special…

Gift cards have once again caused quite a headache for retailers, as cyber criminals are using a botnet to break into and steal cash from money-loaded gift cards provided by major retailers around the globe. Dubbed GiftGhostBot, the new botnet specialized in gift card fraud is an advanced persistent bot (APB) that has been spotted in the wild by cyber security firm Distil Networks.

Google Chrome to Distrust Symantec SSLs for Mis-issuing 30,000 EV Certificates

Google announced its plans to punish Symantec by gradually distrusting its SSL certificates after the company was caught improperly issuing 30,000 Extended Validation (EV) certificates over the past few years.

The Extended Validation (EV) status of al…

Google announced its plans to punish Symantec by gradually distrusting its SSL certificates after the company was caught improperly issuing 30,000 Extended Validation (EV) certificates over the past few years. The Extended Validation (EV) status of all certificates issued by Symantec-owned certificate authorities will no longer be recognized by the Chrome browser for at least a year until

US Senate Just Voted to Let ISPs Sell Your Web Browsing Data Without Permission

The ISPs can now sell certain sensitive data like your browsing history without permission, thanks to the US Senate.

The US Senate on Wednesday voted, with 50 Republicans for it and 48 Democrats against, to roll back a set of broadband privacy regulat…

The ISPs can now sell certain sensitive data like your browsing history without permission, thanks to the US Senate. The US Senate on Wednesday voted, with 50 Republicans for it and 48 Democrats against, to roll back a set of broadband privacy regulations passed by the Federal Communication Commission (FCC) last year when it was under Democratic leadership. In October, the Federal

Senate Republicans Vote To Overturn Internet Privacy Protections

By David Shepardson
WASHINGTON (Reuters) – The U.S. Senate on Thursday voted narrowly to repeal regulations requiring internet service providers to do…
Read more: Republican Politics, Senate, Google, Online Privacy, Party Lead…

By David Shepardson
WASHINGTON (Reuters) - The U.S. Senate on Thursday voted narrowly to repeal regulations requiring internet service providers to do...

Read more: Republican Politics, Senate, Google, Online Privacy, Party Leaders of the United States Senate, Online Advertising, Consumer Protection, Mobile Advertising, United States Senate, Federal Communications Commission, Federal Trade Commission, Politics News

Wikileaks Reveals How CIA Was Hacking Your iPhones And MacBooks

As part of its “Vault 7” series, Wikileaks — the popular whistle-blowing platform — has just released another batch of classified documents focused on exploits and hacking techniques the Central Intelligence Agency (CIA) designed to target Apple MacOS and iOS devices.

Dubbed “Dark Matter,” the leak uncovers macOS vulnerabilities and attack vectors developed by a special division of the CIA

As part of its "Vault 7" series, Wikileaks — the popular whistle-blowing platform — has just released another batch of classified documents focused on exploits and hacking techniques the Central Intelligence Agency (CIA) designed to target Apple MacOS and iOS devices. Dubbed "Dark Matter," the leak uncovers macOS vulnerabilities and attack vectors developed by a special division of the CIA

Senate Votes To Overturn Obama Broadband Privacy Rules

The U.S. Senate on Thursday voted narrowly to repeal regulations requiring internet service providers to do more to protect customers’ privacy than …

Read more: Barack Obama, Senate, Google, Online Privacy, Online Advertising, Consumer Protection, United States Senate, Mobile Advertising, Federal Communications Commission, Federal Trade Commission, Politics News

The U.S. Senate on Thursday voted narrowly to repeal regulations requiring internet service providers to do more to protect customers’ privacy than ...

Read more: Barack Obama, Senate, Google, Online Privacy, Online Advertising, Consumer Protection, United States Senate, Mobile Advertising, Federal Communications Commission, Federal Trade Commission, Politics News

Russian Hacker Pleads Guilty to Developing and Distributing Citadel Trojan

A Russian man accused of developing and distributing the Citadel Banking Trojan, which infected nearly 11 Million computers globally and caused over $500 Million in losses, has finally pleaded guilty to charges of computer fraud.

Mark Vartanyan, 29, w…

A Russian man accused of developing and distributing the Citadel Banking Trojan, which infected nearly 11 Million computers globally and caused over $500 Million in losses, has finally pleaded guilty to charges of computer fraud. Mark Vartanyan, 29, who was very well known as "Kolypto," pleaded guilty in an Atlanta courtroom on Monday to charges related to computer fraud and is now

Hackers Using Fake Cellphone Towers to Spread Android Banking Trojan

Chinese Hackers have taken Smishing attack to the next level, using rogue cell phone towers to distribute Android banking malware via spoofed SMS messages.

SMiShing — phishing attacks sent via SMS — is a type of attack wherein fraudsters use number spoofing attack to send convincing bogus messages to trick mobile users into downloading a malware app onto their smartphones or lures victims

Chinese Hackers have taken Smishing attack to the next level, using rogue cell phone towers to distribute Android banking malware via spoofed SMS messages. SMiShing — phishing attacks sent via SMS — is a type of attack wherein fraudsters use number spoofing attack to send convincing bogus messages to trick mobile users into downloading a malware app onto their smartphones or lures victims

EUROPE: Data and tech governance for the connected retail sector 2. Retailers as tech operators

In the previous post we discussed how sound personal data governance will help retailers to seize the opportunities provided by digital transformation. Retailers are aiming to grow globally, in part to offset the limited growth available in mature markets. Within such a wider perspective, governance should also address reputational risks with a holistic approach. Data …

Continue reading »

In the previous post we discussed how sound personal data governance will help retailers to seize the opportunities provided by digital transformation.

Retailers are aiming to grow globally, in part to offset the limited growth available in mature markets. Within such a wider perspective, governance should also address reputational risks with a holistic approach. Data governance should be linked to policies and procedures affecting specific business lines (including fraud, anti-money laundering sanctions, financial integrity and ethical sourcing), with adequate cross-business training programs.

In addition to traditional social media management policies, specific crisis management, incident response and investigations plans should be set out, to also mitigate class action risks.

In this new connected technology environment, retailers are also becoming “tech operators”. Partnerships with tech companies will have to be carefully devised, considering the role of all involved parties, including software developers, device manufacturers and connectivity providers.

Policies should also consider cybersecurity and contracting strategies, addressing cloud contracts, loss of data and responsibility for back-ups.

When dealing with connected devices and technologies, marketability standards have to be assessed: devices must meet the essential requirements and safety characteristics set out by the EU harmonization legislation, including for EU directives regulating radio frequency spectrum.

IPRs have to be carefully managed, including the underlying software policies and architectures. It should also be assessed which type (or portion) of open source software is used to ensure that there are no issues for future usages and that the same software is supported by an adequate community of developers (also for cybersecurity purposes).

Other intellectual property issues should be addressed, including copyright and/or patents infringements. In this respect, formal copyright assignments, prior patent searches and warranties from contributing developers are useful risk management practices.

The retail market is changing rapidly. A wide-ranging tech governance not only will allow grasping the benefit from the connected scenario, mitigating substantial risks, but also will help in fostering high quality services and protecting the image of the products being distributed, thus avoiding in certain cases unnecessary (vertical) restraints.

Let us know if you want to further discuss this topic!

@giangiolivi

Unpatchable ‘DoubleAgent’ Attack Can Hijack All Windows Versions — Even Your Antivirus!

A team of security researchers from Cybellum, an Israeli zero-day prevention firm, has discovered a new Windows vulnerability that could allow hackers to take full control of your computer.

Dubbed DoubleAgent, the new injecting code technique works on…

A team of security researchers from Cybellum, an Israeli zero-day prevention firm, has discovered a new Windows vulnerability that could allow hackers to take full control of your computer. Dubbed DoubleAgent, the new injecting code technique works on all versions of Microsoft Windows operating systems, starting from Windows XP to the latest release of Windows 10. What's worse? DoubleAgent

Canada – Important CASL changes in effect on July 1, 2017

Canada’s anti-spam law (CASL) came into effect on July 1, 2014. Almost three years later, Canadian businesses and their lawyers are still grappling with CASL compliance issues and trying to understand how CASL’s broad and often unclear provisions apply in practice. And, on July 1, 2017, two new things happen under CASL. Basis of implied …

Continue reading »

Canada’s anti-spam law (CASL) came into effect on July 1, 2014. Almost three years later, Canadian businesses and their lawyers are still grappling with CASL compliance issues and trying to understand how CASL’s broad and often unclear provisions apply in practice. And, on July 1, 2017, two new things happen under CASL.

Basis of implied consent to narrow when transition period ends

When CASL came into force in 2014, it included a 3-year transition period that allowed organizations to rely on deemed implied consent for sending commercial electronic messages (CEMs) in certain circumstances. If an organization had, as of July 1, 2014, an existing business or non-business relationship (as defined in CASL) with a person, and that relationship included the sending of CEMs, then the organization was deemed to have implied consent to send CEMs to that person for three years or until the person opted out. This transition period was meant to give organizations the chance to adapt to CASL and upgrade to express consents where possible.

That transition period, and the implied consent, expire on July 1, 2017. This means that organizations can no longer rely on this implied consent, and will have to remove recipients from their mailing lists by July 1, 2017 unless: (a) the organization obtained express consent from the recipient during the transition period; or (b) another exception such as implied consent under an existing business relationship has arisen during the transition period and hasn’t expired (and the recipient has not opted out).

CASL states that an organization sending CEMs has the onus of proving that it has the necessary consent (or that an exception properly applies) for each CEM that it sends. And the formal CASL enforcements to date demonstrate that CASL regulators are more than willing to find against an organization that cannot show a valid basis for sending CEMs.

Many organizations undertook careful pre-CASL preparations in 2014 to evaluate their commercial electronic communications and their recipient lists. If you did so, now is a good time to revisit those preparations and to confirm whether your organization is still sending CEMs in reliance on implied consent under CASL’s transition provisions. If it is, then before July 1, 2017 you should obtain express consent from those recipients or confirm whether there is another basis on which you can send CEMs.

CASL litigation expected to rise when private right of action comes in effect

CASL’s private right of action comes into effect on July 1, 2017, and many lawyers and commentators expect a flurry of CASL litigation (including perhaps class actions) to follow quickly.

CASL creates a statutory cause of action under which persons who allege that they are affected by a CASL breach can apply to court for an order against the alleged violator. Available remedies include compensation in an amount equal to the actual loss or damage suffered or expenses incurred, and additional amounts for different CASL violations (each with a maximum amount). For example, the court can award statutory damages of $200 per day for each breach of section 6 (the CEM obligations), not exceeding $1 million for each day on which a breach occurred.

As well, CASL imposes personal liability on officers, directors, agents and mandataries of a corporation that violates CASL if they directed, authorized, assented to, acquiesced in or participated in the violation, regardless of whether the corporation is proceeded against. Therefore any private right of action might well be brought against directors and officers, etc., personally.

The private right of action contains a limitation clause that says unless a court holds otherwise, no one can bring an application later than three years after the day on which the applicant first knew of the CASL violation in question. However, it is not entirely clear whether that provision is completely prospective, such that any violations before July 1, 2017 cannot be the basis for a private action, or whether as of July 1, 2017 organizations can be sued for violations that occurred before July 1, 2017. CASL regulators have indicated that they interpret the provision as entirely prospective, and that violations before July 1, 2017 cannot found a claim. However, it is not clear whether a court would take the same view.

CASL contains a due diligence defence that states that a person must not be liable for a violation if they establish that they “exercised due diligence” to prevent the violation. CASL does not set out what due diligence is sufficient, but CASL enforcements to date give some indication of what is required. Several organizations have entered into voluntary undertakings that require, among other things, implementing written policies and procedures regarding CASL compliance, implementing training programs for employees, tracking complaints and subsequent resolutions, and implementing monitoring and auditing mechanisms to assess and track CASL compliance.

The private right of action increases the potential downside of CASL non-compliance, as violations could result in legal claims (and the resulting reputational risk and costs of time and money) even if those violations have not caught the regulators’ attention. This is another good reason to revisit your CASL compliance measures before July 1, 2017.

Searching for Leaked Celebrity Photos? Don’t Blindly Click that Fappening Link!

Are you curiously googling or searching torrents for nude photos or videos of Emma Watson, Amanda Seyfried, Rose McGowan, or any other celebrities leaked in The Fappenning 2.0?

If yes, then beware, you should not click any link promising Fappenning ce…

Are you curiously googling or searching torrents for nude photos or videos of Emma Watson, Amanda Seyfried, Rose McGowan, or any other celebrities leaked in The Fappenning 2.0? If yes, then beware, you should not click any link promising Fappenning celebrity photos. Cybercriminals often take advantage of news headlines in order to trap victims and trick them into following links that may lead

FRANCE: The French Data Protection Authority (CNIL) Publishes 6-Step Methodology For Compliance With GDPR

By Carol A.F. Umhoefer (carol.umhoefer@dlapiper.com) and Caroline Chancé (caroline.chance@dlapiper.com)   On March 15, 2017, the CNIL published a 6-step methodology for companies that want to prepare for the changes that will apply as from May 25, 2018 under the EU the General Data Protection Regulation (“GDPR”). The abolishment under GDPR of registrations and filings with …

Continue reading »

By Carol A.F. Umhoefer (carol.umhoefer@dlapiper.com) and Caroline Chancé (caroline.chance@dlapiper.com)

 

On March 15, 2017, the CNIL published a 6-step methodology for companies that want to prepare for the changes that will apply as from May 25, 2018 under the EU the General Data Protection Regulation (“GDPR”).

The abolishment under GDPR of registrations and filings with data protection authorities will represent fundamental shift of the data protection compliance framework in France., which has been heavily reliant on declarations to the CNIL and authorizations from the CNIL for certain types of personal data processing. In place of declarations, the CNIL underscores the importance of “accountability” and “transparency”, core principles that underlie the GDPR requirements. These principles necessitate taking privacy risk into account throughout the process of designing a new product or service (privacy by design and by default), implementing proper information governance, as well as adopting internal measures and tools to ensure optimal protection of data subjects.

In order to help organizations get ready for the GDPR, the CNIL has published the following 6 step methodology:

 

Step 1: Appoint a data protection officer (“DPO”) to “pilot” the organization’s GDPR compliance program

Pursuant to Article 37 of the GDPR, appointing a DPO will be required if the organization is a public entity; or if the core activities of the organization require the regular and systematic monitoring of data subjects on a large scale, or if such activities consist of the processing of sensitive data on a large scale. The CNIL recommends appointing a DPO before GDPR applies in May 2018.

Even when a DPO is not required, the CNIL strongly recommends appointing a person responsible for managing GDPR compliance in order to facilitate comprehension and compliance in respect of GDRP, cooperation with authorities and mitigation of risks of litigation.

Step 1 will be considered completed once the organization has appointed a DPO and provided him/her with the human and financial resources needed to carry out his/her duties.

 

Step 2: Undertake data mapping to measure the impact of the GDPR on existing data processing

Pursuant to Article 30 of the GDPR, controllers and processors will be required to maintain a record of their processing activities. In order to measure the impact of the GDPR on existing data processing and maintain a record, the CNIL advises organizations to identify data processing, the categories of personal data processed, the purposes of each processing, the persons who process the data (including data processor), and data flows, in particular data transfers outside the EU.

To adequately map data, the CNIL recommends asking:

  • Who? (identity of the data controller, the persons in charge of the processing operations and the data processors)
  • What? (categories of data processed, sensitive data)
  • Why? (purposes of the processing)
  • Where? (storage location, data transfers)
  • Until when? (data retention period)
  • How? (security measures in place)

Step 2 will be considered completed once the organization has identified the stakeholders for processing, established a list of all processing by purposes and categories of data processed, and identified the data processors, to whom and where the data is transferred, where the data is stored and for how long it is retained.

 

Step 3: Based on the results of data mapping, identify key compliance actions and prioritize them depending on the risks to individuals

In order to prioritize the tasks to be performed, the CNIL recommends:

  • Ensuring that only data strictly necessary for the purposes is collected and processed;
  • Identifying the legal basis for the processing;
  • Revising privacy notices to make them compliant with the GDPR;
  • Ensuring that data processors know their new obligations and responsibilities and that data processing agreements contain the appropriate provisions in respect of security, confidentiality and protection of personal data;
  • Deciding how data subjects will be able to exercise their rights;
  • Verifying security measures in place.

In addition, the CNIL recommends particular caution when the organization processes data such as sensitive data, criminal records and data regarding minors, when the processing presents certain risks to data subjects (massive surveillance and profiling), or when data is transferred outside the EU.

Step 3 will be considered completed once the organization has implemented the first measures to protect data subjects and has identified high risk processing.

 

Step 4: Conduct a privacy impact assessment for any data processing that presents high privacy risks to data subjects due to the nature or scope of the processing operations

Conducting a privacy impact assessment (“PIA”) is essential to assess the impact of a processing on data subjects’ privacy and to demonstrate that the fundamental principles of the GDPR have been complied with.

The CNIL recommends to conduct a PIA before collecting data and starting processing, and any time processing is likely to present high privacy risks to data subjects. A PIA contains a description of the processing and its purposes, an assessment of the necessity and proportionality of the processing, an assessment of the risks to data subjects, and measures contemplated to mitigate the risks and comply with the GDPR.

The CNIL has published guidelines in 3 volumes to help organizations conduct PIAs (see here, here and here).

Step 4 will be considered completed once the organization has implemented measures to respond to the principal risks and threats to data subjects’ privacy.

 

Step 5: Implement internal procedures to ensure a high level of protection for personal data

According to the CNIL, implementing compliant internal procedures implies adopting a privacy by design approach, increasing awareness, facilitating information reporting within the organization, responding to data suject requests, and anticipating data breach incidents.

Step 5 will be considered completed once the organization has adopted good practices in respect of data protection and knows what to do and who to go to in case of incident.

 

Step 6: Document everything to be able to prove compliance to the GDPR

In order to be able to demonstate compliance, the CNIL recommands that organizations retain documents regarding the processing of personal data, such as: records of processing activities, PIAs and documents regarding data transfers outside the EU; transparency documents such as privacy notices, consent forms, procedures for exercising data subject rights; and agreements defining the roles and responsibilities of each stakeholder, including data processing agreements, internal procedures in case of data breach, and proof of consent when the processing is based on the data subject’s consent.

Step 6 will be considered completed once the organization’s documentation shows that it complies with all the GDPR requirements.

 

The CNIL’s methology includes several useful tools (template records, guidelines, template contract clauses, etc.) and will be completed over time to take into account the WP29’s guidelines and the CNIL’s responses to frequently asked questions.

 

For more information, please contact carol.umhoefer@dlapiper.com or caroline.chance@dlapiper.com

Better policy needed to protect privacy of smart TV viewers

Dutch and European policymakers should do more to protect media users’ privacy instead of leaving the matter entirely to data protection law and data protection authorities, recommend privacy experts.

Dutch and European policymakers should do more to protect media users’ privacy instead of leaving the matter entirely to data protection law and data protection authorities, recommend privacy experts.

Microsoft Started Blocking Windows 7/8.1 Updates For PCs Running New Processors

You might have heard the latest news about Microsoft blocking new security patches and updates for Windows 7 and Windows 8.1 users running the latest processors from Intel, AMD, Qualcomm, and others.

Don’t panic, this new policy doesn’t mean that all …

You might have heard the latest news about Microsoft blocking new security patches and updates for Windows 7 and Windows 8.1 users running the latest processors from Intel, AMD, Qualcomm, and others. Don't panic, this new policy doesn't mean that all Windows 7 and 8.1 users will not be able to receive latest updates in general because Microsoft has promised to support Windows 7 until 2020,

ITALY: Italian authorities send a message with EU’s highest data protection fine as GDPR looms

The Italian Data Protection Authority (Garante per la protezione dei dati personali, “Garante”) has this month imposed fines of more than €11 million on five companies operating in the money transfers sector for unlawful processing of personal data. This is the largest fine ever imposed by a European Data Protection Authority. Sigue Global Service Limited, …

Continue reading »

The Italian Data Protection Authority (Garante per la protezione dei dati personali, “Garante”) has this month imposed fines of more than €11 million on five companies operating in the money transfers sector for unlawful processing of personal data. This is the largest fine ever imposed by a European Data Protection Authority.

Sigue Global Service Limited, a UK web-based money transfer firm, and four companies operating as its agents in Italy, were found to have transferred large amounts of money to Chinese entrepreneurs in breach of Italian money laundering regulations and the provisions of the Legislative Decree 30 June 2003 no. 196 (Codice per la protezione dei dati personali, Italian Privacy Code).

Evidence collected by the Italian financial police showed that the transfers were made through multiple smaller operations that did not reach anti-money laundering thresholds and were therefore not detectable. These transfers were attributed to persons other than the actual senders to avoid linking their real names to the transactions.

The names and other personal data used to carry out such transfers were collected from a wide database created by one of the companies without providing any information to, or securing consent from, data subjects involved, who were unaware of the whole operation.

The size of the fines imposed on March 10 to the five companies involved reflects the significant number of data subjects who were impacted (more than a thousand people). In this respect, the case has similarities with the 2014 Google cars case, in which Google was fined €1 million for unlawfully processing a large amount of data to be pooled into a substantial database set up by Google in connection with its Street View service.

However, despite this obvious similarity, the cases represent two different applications of the same criterion. Besides the nature and gravity of the offense, the personality of the offender and its economic conditions, another crucial criterion generally taken into account by the Garante in determining the actual sanction is how cooperative the offender is in mitigating the consequences of its infringing behavior.

While in the Google case the Garante was positively influenced by Google’s prompt cooperation to redress its misconducts, in the cases involving Sigue and its agents the latter did not show any will to cooperate in the proceeding or remedy their misconducts. This attitude was reflected in the harsh sanctions (respectively, € 5,880,000 for Sigue and € 1,590,000, € 1,430,000, € 1,260,000 and € 850,000 for the agent companies, all such amounts being the sum of the single applicable sanctions for each data subject whose rights were violated).

This case at issue is very significant, as it confirms a trend of increasing data protection enforcement, in line with the new regime set forth by the General Data Protection Regulation becoming effective from May 2018. There is a clear message in view of the upcoming implementation of the GDPR: privacy compliance can no longer be taken lightly.

If you want to discuss the topic, feel free to contact our team!

@giangiolivi   @lallaborelli

 

Disable TELNET! Cisco finds 0-Day in CIA Dump affecting over 300 Network Switch Models

Cisco is warning of a new critical zero-day IOS / IOS XE vulnerability that affects more than 300 of its switch models.

The company identified this highest level of vulnerability in its product while analyzing “Vault 7” — a roughly 8,761 documents and files leaked by Wikileaks last week, claiming to detail hacking tools and tactics of the Central Intelligence Agency (CIA).

The vulnerability

Cisco is warning of a new critical zero-day IOS / IOS XE vulnerability that affects more than 300 of its switch models. The company identified this highest level of vulnerability in its product while analyzing "Vault 7" — a roughly 8,761 documents and files leaked by Wikileaks last week, claiming to detail hacking tools and tactics of the Central Intelligence Agency (CIA). The vulnerability

Rose McGowan Seeking Help From Department Of Justice After Nude Photo Hack

Rose McGowan is among the group of female celebrities who recently had her personal photos leaked online by hackers, and she’s not taking the situat…

Read more: Celebrities, Emma Watson, Online Privacy, Department of Justice, Rose McGowan, Entertainment News

Rose McGowan is among the group of female celebrities who recently had her personal photos leaked online by hackers, and she’s not taking the situat...

Read more: Celebrities, Emma Watson, Online Privacy, Department of Justice, Rose McGowan, Entertainment News

WikiLeaks Won’t Disclose CIA Exploits To Companies Until Certain Demands Are Met

It’s been over a week since Wikileaks promised to hand over more information on hacking tools and tactics of the Central Intelligence Agency (CIA) to the affected tech companies, following a leak of a roughly 8,761 documents that Wikileaks claimed belo…

It's been over a week since Wikileaks promised to hand over more information on hacking tools and tactics of the Central Intelligence Agency (CIA) to the affected tech companies, following a leak of a roughly 8,761 documents that Wikileaks claimed belonged to CIA hacking units. "We have decided to work with them, to give them some exclusive access to some of the technical details we have, so

The dark web: James Lyne goes inside the hacker’s playground for NBC News

The dark digital world facilitates massive hacks like the one that affected Yahoo. James Lyne, our global head of security research, walks NBC Nightly News reporter Tom Costello through this haven for hackers. The report comes hot on the heels of a two-part segment on the dark web and ransomware that aired on the Today […]


The dark digital world facilitates massive hacks like the one that affected Yahoo.

James Lyne, our global head of security research, walks NBC Nightly News reporter Tom Costello through this haven for hackers.

The report comes hot on the heels of a two-part segment on the dark web and ransomware that aired on the Today Show this week.


Filed under: Corporate Tagged: Dark Web, hackers, James Lyne, NBC Nightly News

Sony Is Working On Mobile-to-Mobile Wireless Charging Technology

So you are in a party with your friends, and your phone is running low on battery. Oops!

The ideal solution is to charge your phone using a charger or a power bank, but not everyone carries power banks or chargers with them all the time, especially in…

So you are in a party with your friends, and your phone is running low on battery. Oops! The ideal solution is to charge your phone using a charger or a power bank, but not everyone carries power banks or chargers with them all the time, especially in a party. What if you can charge your phone wirelessly using another phone when it runs out of battery? Isn't that great? Well, thanks to Sony,

US infrastructure is at ‘red alert’ for hacking, James Lyne warns on the Today Show

The recent WikiLeaks drop of CIA documents has raised awareness of the reality of cyber-threats and espionage, and how digital infrastructure in America and around the world is under threat thanks to hacking attacks and ransomware, James Lyne told Tom Costello on NBC’s Today show. In the two-part segment, James and Tom Costello talked about […]

The recent WikiLeaks drop of CIA documents has raised awareness of the reality of cyber-threats and espionage, and how digital infrastructure in America and around the world is under threat thanks to hacking attacks and ransomware, James Lyne told Tom Costello on NBC’s Today show.

In the two-part segment, James and Tom Costello talked about the threats and took a closer look at ransomware.

James Lyn is interviewed by NBC’s Tom Costello

US infrastructure is at ‘red alert’ for hacking, expert says

In Wednesday’s instalment of Today’s Hacking of America series, James Lyne explained to Tom Costello that it’s not just our personal privacy that’s at risk, but also the nation’s critical infrastructure. 

 

Hackers want to hold your data for ransom: how to stop them

And in the second instalment, James talked in more detail about ransomware with Tom and explained what you can do to keep your personal data safe. 

James has been on a roll of late. In January, he sat down with CNBC to discuss threats affecting devices that make up the so-called Internet of Things (IoT).

Want to know more about ransomware and the dark web?

Here’s a selection of Sophos research and explainer articles you might like:


Filed under: Corporate Tagged: digital threats, James Lyne, NBC, ransomware, TODAY Show

Linux Kernel Gets Patch For Years-Old Serious Vulnerability

Another dangerous vulnerability has been discovered in Linux kernel that dates back to 2009 and affects a large number of Linux distros, including Red Hat, Debian, Fedora, OpenSUSE, and Ubuntu.

The latest Linux kernel flaw (CVE-2017-2636), which exist…

Another dangerous vulnerability has been discovered in Linux kernel that dates back to 2009 and affects a large number of Linux distros, including Red Hat, Debian, Fedora, OpenSUSE, and Ubuntu. The latest Linux kernel flaw (CVE-2017-2636), which existed in the Linux kernel for the past seven years, allows a local unprivileged user to gain root privileges on affected systems or cause a denial

Famous Women’s Bodies Don’t Belong To You

In 2008, Emma Watson woke up the morning after 18th birthday to find paparazzi photos from her birthday party plastered all over tabloid covers and go…
Read more: Hate Speech, Photography, Female Artists, Health and Medicine, …

In 2008, Emma Watson woke up the morning after 18th birthday to find paparazzi photos from her birthday party plastered all over tabloid covers and go...

Read more: Hate Speech, Photography, Female Artists, Health and Medicine, Sex Crimes, Emma Watson, Pornography, Asian Celebrities, Online Privacy, Celebrity Children, Cyberbullying, Celebrity Relationships, Erotica, Celebrity Pregnancy, Celebrity Scandal, Women News

It’s Fappening Again! Private Photos of Emma Watson and Others Leaked Online

Are you clicking nude selfies? That is fine and not any criminal act, but this act can land you in trouble — here’s how!

Almost three years after a wave of private photographs of celebrities leaked online, “The Fappening 2.0” appears to be underway with the circulation of alleged naked pictures of female celebrities, including Emma Watson and Amanda Seyfried on Reddit and 4chan.

Back in 2014,

Are you clicking nude selfies? That is fine and not any criminal act, but this act can land you in trouble — here's how! Almost three years after a wave of private photographs of celebrities leaked online, "The Fappening 2.0" appears to be underway with the circulation of alleged naked pictures of female celebrities, including Emma Watson and Amanda Seyfried on Reddit and 4chan. Back in 2014,

Mischa Barton Takes Legal Action Over Revenge Porn Allegedly Peddled By Ex

Mischa Barton is taking legal action over nude images allegedly taken without her permission within the last year by an ex-partner who had offered the…
Read more: u.s. News , Sex Crimes, Online Privacy, Cyberbullying, Mischa B…

Mischa Barton is taking legal action over nude images allegedly taken without her permission within the last year by an ex-partner who had offered the...

Read more: u.s. News , Sex Crimes, Online Privacy, Cyberbullying, Mischa Barton, Entertainment News