Friday Five 9/25

Insider data breaches, COVID contact tracing apps, and FBI indictments - catch up on the week's news with the Friday Five!

SEC Looks to Tamp Down Credential Stuffing

The SEC's compliance arm is encouraging banks and financial institutions to remain vigilant in the face of an uptick in credential stuffing attacks.

Shopify Acknowledges Insider Breach of 200 Stores

A breach at the popular e-commerce site was linked back to two "rogue" support team employees.

Georgia Clinic Pays $1.5M to Settle HIPAA Noncompliance

An investigation by HHS OCR at this clinic uncovered "longstanding, systemic noncompliance with the HIPAA Privacy and Security Rules."

CISA Asks Federal Agencies to Patch 'Zerologon' Vulnerability ASAP

In a rare emergency directive, CISA asked all federal agencies to immediately deploy last month's Windows Security Update to remediate a critical vulnerability in Netlogon.

Friday Five 9/18

Campaign app bugs, VA data breaches, and IoT legislation - catch on the week's news with the Friday Five!

DOJ Charges Two Iranians in Cyber Intrusion Campaign

For years, the hackers infiltrated systems and targeted intellectual property and national security data.

How to Comply with Accountability in Data Protection

A new framework published by the UK Information Commissioner's Office can help organizations comply with the GDPR's accountability requirements.

Exploit Code for Patched Windows Zerologon Vulnerability Released

Details on Friday came out around a severe privilege escalation vulnerability Microsoft patched last month in Netlogon. Now exploit code for the vulnerability, Zerologon, is making the rounds online.

CISA Breaks Down Recent Chinese Nation State Cyber Activity

A new advisory from CISA outlines recent tactics, techniques, and procedures (TTPs) used by Chinese nation state hackers to target US agencies; it also includes ATT&CK Framework TTPs.