After the pandemic, there have been new cyber breaches across the globe. Given the sensitivity of data that is being used daily, it is a must for every business to keep adapting to cybersecurity.
Even a lot of developing countries are adapting to cyber security.
Find the latest CyberNews for this week below
REvil ransomware is back in full attack mode and leaking data
The REvil ransomware gang has fully returned and is once again attacking new victims and publishing stolen files on a data leak site.
Since 2019, the REvil ransomware operation, aka Sodinokibi, has been conducting attacks on organizations worldwide where they demand million-dollar ransoms to receive a decryption key and prevent the leaking of stolen files.
While in operation, the gang has been involved in numerous attacks against well-known companies, including JBS, Coop, Travelex, GSMLaw, Kenneth Cole, Grupo Fleury, and others.
REvil’s disappearance act
REvil shut down their infrastructure and completely disappeared after their biggest caper yet – a massive attack on July 2nd that encrypted 60 managed service providers and over 1,500 businesses using a zero-day vulnerability in the Kaseya VSA remote management platform.
REvil then demanded $50 million for a universal decryptor for all Kaseya victims, $5 million for an MSP’s decryption, and a $44,999 ransom for individual file encryption extensions at affected businesses.
This attack had such wide-ranging consequences worldwide that it brought the full attention of international law enforcement to bear on the group.
REvil returns with new attacks
After their shutdown, researchers and law enforcement believed that REvil would rebrand as a new ransomware operation at some point.
However, much to our surprise, the REvil ransomware gang came back to life this week under the same name.
On September 7th, almost two months after their disappearance, the Tor payment/negotiation and data leak sites suddenly turned back on and became accessible. A day later, it was once again possible to log in to the Tor payment site and negotiate with the ransomware gang.
source: bleepingcomputer.com
China: Comprehensive personal information protection regime established
On 20 August 2021, the Standing Committee of the National People’s Congress passed the Personal Information Protection Law of the PRC (PIPL), after deliberating two draft versions and seeking public comment in a ten-month span. The passage of the PIPL signifies that China is stepping into a more robust and comprehensive personal information protection regime by establishing a unified, cross-sector legislation, as the EU does with the aid of the General Data Protection Regulation (GDPR).
The PIPL, in general, establishes a regime similar to the GDPR, although the requirements may not be entirely the same, with the PIPL imposing stricter requirements in some areas. For instance, the PIPL imposes heightened requirements in terms of details to be disclosed to individuals for processing of sensitive personal information and cross-border provision of personal information (pursuant to the PIPL, the name and contact details of each and every foreign recipient must be disclosed), and requires separate consent from individuals to the same. Also, the PIPL mandates controllers to conduct security impact assessments under a number of processing scenarios. Further, the PIPL imposes a data localization requirement on operators of critical information infrastructure and controllers that process an over-the-threshold volume of personal information (the threshold will likely be set at one million personal information subjects). In addition, the PIPL exerts more rigid control over cross-border data transfers.
Being GDPR-compliant does not warrant being PIPL-compliant. Companies are advised to take actions as soon as practically feasible to ensure that their China-related privacy practices are compliant with the requirements prescribed under the PIPL, as the PIPL will soon take effect from 1 November 2021. We recommend that companies:
- Develop a data governance framework and an in-house data compliance program.
- Conduct data mapping and data inventory check, system profiling as well as security risk identification and profiling.
- Review and update existing privacy notices that apply to Chinese residents by measuring against the requirements (especially taking into account the heightened notification and separate consent requirements) under the PIPL.
- Develop and update internal policies, protocols, standard operating procedures, and response mechanisms in regard to protection of personal information, including, among others, conducting security impact assessments and establishing a channel of responding to requests of personal information subjects.
- Review and prepare for data localization to the extent applicable.
- Review and prepare for cross-border data transfers, restrictions and formalities.
- Maintain and document appropriate contractual, technical, organizational and physical privacy and security measures for China, including the performance of due diligence of vendors, the management of vendor agreements, the monitoring of vendor compliance, and the administration of regular data privacy and security training for personnel.
With the enactment of the PIPL, the Chinese legislature has promulgated all of the “Three Horse Carriages” for data protection and cybersecurity regimes of the new age, namely: (i) the Cybersecurity Law of the PRC, governing the construction, operation, maintenance, use and security of (cyber) network in the PRC territory; (ii) the Data Security Law of the PRC, principally dealing with data security, governance and trading, with a focus on data other than personal information; and (iii) the PIPL, which regulates personal information and related matters. Going forward, cybersecurity, non-personally-identifiable data, and personal information will be regulated under these three principal laws separately.
source: globalcompliancenews.com
Cyber arms dealer exploits new Apple iPhone software vulnerability; affects most versions
The vulnerability exploited by the Israeli firm, named NSO Group, defeats security systems designed by Apple in recent years.
A cyber surveillance company based in Israel has developed a tool that can break into Apple iPhones with a never-before-seen technique for at least six months, internet security watchdog group Citizen Lab said on Monday.
The discovery is important because of the critical nature of the vulnerability, which affects all versions of Apple’s iOS, OSX, and watchOS, except for those updated on Monday.
The vulnerability exploited by the Israeli firm, named NSO Group, defeats security systems designed by Apple in recent years.
Apple said it fixed the vulnerability in Monday’s software update, confirming Citizen Lab’s finding. However, an Apple spokesperson declined to comment regarding whether the hacking technique came from NSO Group.
source: ciso.in