Entries by govanguard

United States: President signs NDAA introducing prohibitions on Chinese semiconductor products

On December 23, 2022, President Biden signed into law the National Defense Authorization Act for Fiscal Year 2023 (“FY2023 NDAA”). Section 5949 of FY2023 NDAA (“Section 5949”) would prohibit executive agencies from procuring or contracting with entities to obtain any electronic parts, products, or services that include covered semiconductor products or services from certain Chinese […]

Source

Experian Glitch Exposing Credit Files Lasted 47 Days

On Dec. 23, 2022, KrebsOnSecurity alerted big-three consumer credit reporting bureau Experian that identity thieves had worked out how to bypass its security and access any consumer's full credit report — armed with nothing more than a person's name, address, date of birth, and Social Security number. Experian fixed the glitch, but remained silent about […]

Source

United States: Department of Justice tweaks Criminal Division Corporate Enforcement Policy

In brief On January 17, 2023, the US Department of Justice (DOJ or the “Department“) issued a revised version of its Corporate Enforcement Policy (CEP). The CEP sets out the Department’s approach to resolving criminal cases with corporations. In particular, it addresses how the Department will credit companies which voluntarily disclose criminal conduct and cooperate […]

Source

Power of the Portfolio

By Robert Booker, Chief Strategy Officer, HITRUST HITRUST Focus on Continuous Improvement HITRUST has been dedicated to measuring and improving security maturity with accuracy, consistency, and integrity for over 15 years. We have done this by working closely with thousands of companies, their partners, regulators and trading partners, and security assessors. Cybersecurity threats and risks […]

Source

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Denis Emelyantsev, a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. The plea comes just months after Emelyantsev was extradited from Bulgaria, where he told investigators, “America is looking […]

Source

KomplettFritid – 139,401 breached accounts

In January 2023, the online Norwegian store KomplettFritid was reported as having had a data breach dating back to February 2021. The incident exposed 140k customer records including physical, email and IP addresses, names, phone numbers and passwords. Most passwords were stored as bcrypt hashes with a small number appearing in plain text. Source

Source

Autotrader – 20,032 breached accounts

In January 2023, 1.4M records from the Autotrader online vehicle marketplace appeared on a popular hacking forum. Autotrader stated that the “data in question relates to aged listing data that was generally publicly available on our site at the time and open to automated collection methods”. The data contained 20k unique email addresses alongside physical […]

Source

Zurich – 756,737 breached accounts

In January 2023, the Japanese arm of Zurich insurance suffered a data breach that exposed 2.6M customer records with over 756k unique email addresses. The data was subsequently posted to a popular hacking forum and also included names, genders, dates of birth and details of insured vehicles. The data was provided to HIBP by a […]

Source