Insiders have elevated access to an organization s data. (Photo: Pixabay)
Russian-Dutch e-commerce company Yandex sustained a data breach in which 4,887 customer accounts were compromised after an employee gave unauthorized access to attackers.
In an alert published Friday, the company said the breach was discovered following screening by Yandex’s security team. The employee involved was one of three system administrators who had access rights to provide technical support for the service, Yandex says. An internal investigation revealed the suspect employee had been providing unauthorized access to users’ mailboxes for personal gain.
Yandex, which is based in Moscow, describes itself as one of Europe’s largest internet companies and the leading search and ride-hailing provider in Russia. It offers 70 internet-related products and services, which include a search engine, email and information services and online advertising.
Misinformation is an issue that has come firmly to the fore over recent years, fuelled by increased access to the internet throughout the world. While higher internet usage provides enormous benefits, enabling people to stay more informed and interconnected, the scourge of fake news is a significant side effect. A variety of perpetrators, ranging from cyber-criminals intent on scams to nation state actors aiming to create discord in rival countries, are increasingly taking advantage of the ability to post unfiltered content to mislead people about crucial issues. This is hugely damaging for democracy and society at large. “The first thing to grasp is that it isn’t about making up completely fake news. It is more focused on exaggerating real issues in society and sowing divide between groups,” explained Lisa Forte, partner, Red Goat Cyber Security.
China Steals Personal Data of 80% of US Adults
The Chinese government may have stolen personal data from 80% of adults in the United States, according to a
60 Minutes report that aired yesterday on American television and radio network CBS.
In the report, former director of the US National Counterintelligence and Security Center, Bill Evanina, warned that the PRC is actively working to gather and exploit Americans DNA and other health information.
Evanina described how Chinese company BGI Group had approached six different states with offers to construct and operate coronavirus testing labs. The company accompanied the offers with promises to make additional donations to the states.
BankInfoSecurity
Compliance
March 29, 2021
Compliance Twitter
Part of the malicious domain used in recent Trickbot campaign (Source: Menlo Security)
The Trickbot botnet appears to be making a comeback this month with a fresh campaign that is targeting insurance companies and legal firms in North America, according to an analysis published Friday by Menlo Security.
While the phishing campaign that started Jan. 12 contains some of the hallmarks of a Trickbot campaign, Vinay Pidathala, director of security research at Menlo Security, says more analysis is needed to fully confirm that that botnet is active again and able to target new victims. We are pretty confident that this is Trickbot, Pidathala says. We haven t yet completed the full analysis on the dropped binary and the obfuscated JavaScript, which would increase our confidence, but we are pretty certain that it is Trickbot based on open source intelligence and the command-and-control infrastructure.