Virginia’s Consumer Data Protection Act signed into law Virginia governor Ralph Northam signed the act into law, set to take effect Jan. 1, 2023. Companies with data on 100,000 Virginia consumers or that make at least 50% of income on…

Gab user data leaked The group Distributed Denial of Secrets claims to have pulled 70 gigabytes of user data from the social network Gab through a SQL injection vulnerability, including public and private posts, as well as passwords. The group…

Microsoft and FireEye push for breach reporting rules The companies pushed for a new breach reporting requirement to the US Senate Intelligence Committee in written testimony regarding the SolarWinds supply chain attack. Microsoft President Brad Smith said, “We need to…

SHAREit fixes security holes The app’s publisher issued an update to the SHAREit Android apps to fix glaring security holes. We reported last week that  Trend Micro discovered the flaws months ago, but had not received any response from the…

SolarWinds attack launched from within the US This finding comes from a briefing given by Deputy National Security Advisor Anne Neuberger. Although not identifying specific victims, Neuberger also said that nine federal agencies and about 100 private-sector companies were compromised.…

France links Russian Sandworm hackers to hosting provider attacks France’s national cyber-security agency ANSSI linked a series of attacks dating back to 2017 to the group, breaching several entities using vulnerabilities in Centreon IT monitoring software. The attacks targeted Centreon…

SIM swapping gang targeting celebrities arrested Eight men were arrested by the UK National Crime Agency in the past week across England and Scotland as part of a coordinated crackdown against the group. This group targeted well-known sports stars, musicians,…

A look at Iranian spyware operations Researchers at Check Point recently outlined two Iranian surveillance operations, targeting more than 1000 dissidents across 13 countries including the US and the UK. The operators attempted to install novel malware on phones and…

Microsoft sees a rise in business email compromise attacks on schools The company said it saw a spike in email scams soliciting gift cards towards K-12 school teachers. These emails would pose as friends or colleagues asking the teacher to…

Another SolarWinds vulnerability used to hack National Finance Center Reuter’s sources say suspected Chinese threat actors used a novel SolarWinds Orion vulnerability to break into the federal payroll agency. Security researchers had previously warned that a separate group of attackers…