October 21, 2022

FTC Hosts Event Regarding Children’s Experiences with Digital Advertising

On Wednesday, the Federal Trade Commission (“FTC”) hosted a virtual event on “Protecting Kids from Stealth Advertising in Digital Media.”  The event featured industry professionals, legal and child development experts, researchers, and consumer advocates to discuss the regulation of digital advertising to children.  Panelists examined the online advertising techniques children are exposed to, children’s capacity …

FTC Hosts Event Regarding Children’s Experiences with Digital Advertising Read More »

Colo. Privacy Rules Spotlight Emerging Patchwork Of Laws

By Allison Grande (October 21, 2022, 11:10 PM EDT) — Colorado’s attorney general has delivered much-needed clarity on how the state’s new privacy rules are likely to be enforced, while also highlighting areas of growing tension on topics like consent and consumer opt-outs that companies should focus on moving forward, experts say…. Read more

Parses audit/block events from the Windows Defender Attack Surface Reduction rules into PowerShell objects for easier troubleshooting during rollout

.td-post-sharing-classic { position: relative; height: 20px; } .td-post-sharing { margin-left: -3px; margin-right: -3px; font-family: ‘Open Sans’, ‘Open Sans Regular’, sans-serif; z-index: 2; white-space: nowrap; opacity: 0; } .td-post-sharing.td-social-show-all { white-space: normal; } .td-js-loaded .td-post-sharing { -webkit-transition: opacity 0.3s; transition: opacity 0.3s; opacity: 1; } .td-post-sharing-classic + .td-post-sharing { margin-top: 15px; /* responsive portrait phone */ …

Parses audit/block events from the Windows Defender Attack Surface Reduction rules into PowerShell objects for easier troubleshooting during rollout Read More »

EnergyAustralia Electricity company discloses security breach

Electricity company EnergyAustralia suffered a security breach, threat actors had access to information on 323 customers. Another Australian organization was hit by a severe cyber attack, this time the victim is the Electricity company EnergyAustralia. EnergyAustralia is the country’s third-largest energy retailer. The company confirmed that threat actors had access to information on 323 residential and …

EnergyAustralia Electricity company discloses security breach Read More »

IronNet joins Space ISAC to protect infrastructure essential to missions and exploration in space

IronNet was named the newest Gold member of the Space Information Sharing and Analysis Center (ISAC). Space ISAC members lead the global space community to identify and respond to threats and mitigating risks to the space mission. “Space is the next frontier with many unknowns and potential threats, including cybersecurity risks. That’s why the Space …

IronNet joins Space ISAC to protect infrastructure essential to missions and exploration in space Read More »

Using the CSA STAR Consensus Assessment Initiative Questionnaire (CAIQ) as a Procurement Tool

Introduction The CSA STAR Consensus Assessment Initiative Questionnaire (CAIQ) is an industry-wide initiative to standardize security and risk management assessments of cloud computing vendors. The CAIQ was developed to provide a consistent way for cloud service providers (CSPs), customers, and third-party assessors to conduct cloud security assessments. Through its use of standardized language and common …

Using the CSA STAR Consensus Assessment Initiative Questionnaire (CAIQ) as a Procurement Tool Read More »

9th Circ. Says Free Speech Won’t Protect Anti-Abortion Group

By Andrew Karpan (October 21, 2022, 10:04 PM EDT) — A Ninth Circuit panel on Friday largely rejected an appeal of a jury verdict that found an anti-abortion group broke state and federal laws when it secretly recorded Planned Parenthood’s clinics and abortion providers, with one judge warning that “invoking journalism and the First Amendment does …

9th Circ. Says Free Speech Won’t Protect Anti-Abortion Group Read More »

A ProPublica Reporter’s Investigation Into the Scamming World

This story was originally published on ProPublica by Brooke Stephenson. When the federal government enacted the CARES Act in March 2020, it boosted jobless aid and expanded the benefits to include people who weren’t typically covered, like gig workers. The legislation was designed to cushion workers against the massive blow of a partial economic shutdown …

A ProPublica Reporter’s Investigation Into the Scamming World Read More »

Challenges in the Space Domain are Becoming ‘More Technologically Focused,’ Experts Say

Space as a frontier is becoming increasingly important to the intelligence community, according to government experts that spoke at a panel hosted by the Professional Services Council on Thursday. The panelists noted that the U.S. must think about its priorities, including those in space, as the nation works on intelligence efforts, while also considering the …

Challenges in the Space Domain are Becoming ‘More Technologically Focused,’ Experts Say Read More »

Brief: Killnet Involvement in Darknet Markets

5 minute read ZeroFox Intelligence collected the following information regarding Killnet involvement in darknet markets and has released the following brief as of October 19, 2022. Executive Summary Killnet has been one of the most vocal threat actor groups since the start of Russia’s invasion of Ukraine. The pro-Russian hacktivist collective, identified as early as …

Brief: Killnet Involvement in Darknet Markets Read More »

TransUnion Cites 5th Circ. Ruling In Bid To Escape CFPB Suit

By Jon Hill (October 21, 2022, 9:02 PM EDT) — Companies fighting for dismissal of Consumer Financial Protection Bureau enforcement actions have begun invoking support from the Fifth Circuit’s recent bombshell decision that the agency is unconstitutionally funded, with credit reporting giant TransUnion among the first to brandish the ruling…. Read more

ESW #293 – Martin Roesch, Edward Wu

Paul’s Security Weekly Fri, 21 Oct 2022 21:00:00 +0000 Fri, 21 Oct 2022 21:05:43 +0000 Libsyn WebEngine 2.0 http://securityweekly.com/ en http://securityweekly.com/ production@securityweekly.net (production@securityweekly.net) https://ssl-static.libsyn.com/p/assets/2/3/1/7/231716b9da792464/PSW_1400x1400.png Paul’s Security Weekly paul@securityweekly.com hacking,security false production@securityweekly.net episodic no ESW #293 – Martin Roesch, Edward Wu Fri, 21 Oct 2022 21:00:00 +0000 02:10:18 false podcast full Read more

Experts warn of CVE-2022-42889 Text4Shell exploit attempts

Wordfence researchers warn of exploitation attempts targeting the recently disclosed flaw in Apache Commons Text dubbed Text4Shell. Experts at WordPress security firm Wordfence reported exploitation attempts targeting the recently disclosed flaw in Apache Commons Text dubbed Text4Shell. GitHub’s threat analyst Alvaro Munoz this week disclosed a remote code execution vulnerability, tracked as CVE-2022-42889 (CVSS score 9.8), in the open-source Apache Commons …

Experts warn of CVE-2022-42889 Text4Shell exploit attempts Read More »

FBI warns of ‘hack-and-leak’ operations from group based in Iran

The FBI released an alert this week warning of hack-and-leak operations targeting organizations in the U.S. and Israel by a group based in Iran.  The alert centers on Emennet Pasargad — an Iranian company U.S. law enforcement agencies have previously spotlighted for its role in efforts to interfere with the 2020 U.S. presidential election. On …

FBI warns of ‘hack-and-leak’ operations from group based in Iran Read More »

A 23 year old hacker who stole unreleased songs from Ed Sheeran and other 89 musicians sold them on the dark web has been jailed for 18 months

Sheeran’s music and 12 tracks by the rapper Lil Uzi Vert were exchanged for bitcoin by Adrian Kwiatkowski. The 23-year-old Ipswich resident was able to access them by breaking into the artists’ online accounts. The New York District Attorney was informed by the management of many singers that a hacker going by the online handle …

A 23 year old hacker who stole unreleased songs from Ed Sheeran and other 89 musicians sold them on the dark web has been jailed for 18 months Read More »

CrowdStrike Advances to Research Partner with MITRE Engenuity Center for Threat-Informed Defense to Help Lead the Future of Cyber Defense

CrowdStrike is deepening its commitment to advancing the security ecosystem leading the future of protection by becoming a top-tier partner in the MITRE Center for Threat-Informed Defense research program. CrowdStrike’s adversary-centric approach and technology leadership can help change the game on adversaries, turning state-of-the-art threat defense into a state of practice. CrowdStrike is now a …

CrowdStrike Advances to Research Partner with MITRE Engenuity Center for Threat-Informed Defense to Help Lead the Future of Cyber Defense Read More »