Daily News Digest

Stay current on the global cyber threat landscape and industry developments with CCOE’s daily digest and library of cybersecurity news and articles.

  • After data breach, should Wawa bosses get the Target treatment?
    • What happens to executives of retail companies such as Wawa Inc. when they acknowledge a data breach that exposed customer data that should have stayed private?
    • Pennsylvania, where Wawa is based, has a more conditional data breach notification requirement: A company has to tell customers when it decides the loss of personal information is likely to "cause loss or injury" _ which potentially gave Wawa more time to delay disclosure, according to a data-management company founder who asked that he not be identified by name because he has business ties to Wawa.

      Reading Eagle - Joseph DiStefano | January 6, 2020
  • (readingeagle.com)
  • Accused of spying, popular Mideast app ToTok back on Google Play
    • The popular UAE-developed mobile application ToTok has returned to the Google Play Store after it was removed on claims it was being used for government spying, the company said Saturday.
    • Google and Apple removed the app from their online marketplaces last month after the New York Times reported ToTok allowed the UAE government to track the conversations, movements and other details of people who installed it on their phone.

      Asia One | January 6, 2020
  • (asiaone.com)
  • New phishing scam revealed, using date-based domains
    • A new variant of this attack seems to be using date-based domain names.
    • The message reads "EE: We were unable to process your latest bill. In order to avoid fees, update your billing information via https://ee.co.uk.billing-update-jan02.info"

      Reclaim the Net - Carl Sinclair | January 5, 2020
  • (reclaimthenet.org)
  • US on high alert for Iran-backed cyber attacks
    • The US public and private sector are on high alert for cyber retaliation from Iranian state-backed hackers following the killing of the country's top military commander Qassem Soleimani in a US drone strike last week.
    • Government officials and cyber security experts are anticipating this may come in the form of cyber attacks focused on disrupting anything from corporate and municipal IT systems to transit, logistics, healthcare or US military facilities.

      Financial Times - Hannah Murphy | January 5, 2020
  • (ft.com)
  • Data breach alert: Popular restaurant chains hit by card-stealing malware
    • When hackers attack a business, they're often after data that can put money in their pockets.
    • Typically, this comes in the form of the credit card data that passes through a business's point of sale system (POS) every day.
    • According to new reports from BleepingComputer, POSs belonging to the Landry's restaurant group were targeted in a large, coordinated malware attack between March 2019 and October 2019.

      Komando - James Gelinas | January 2, 2020
  • (komando.com)
  • Travelex forced to take down website after cyber-attack
    • Currency specialist says no customer data appears to have been compromised by virus.
    • Some observers pointed out on Twitter that, prior to news of the virus emerging, Travelex had posted messages on some of its websites claiming the reason services were unavailable was "due to planned maintenance".

      The Guardian - Rupert Jones | January 2, 2020
  • (theguardian.com)
  • The California Consumer Privacy Act officially takes effect today
    • California's much-debated privacy law officially takes effect today, a year and a half after it was passed and signed -- but it'll be six more months before you see the hammer drop on any scofflaw tech companies that sell your personal data without your permission.
    • The California Consumer Privacy Act, or CCPA, is a state-level law that requires, among other things, that companies notify users of the intent to monetize their data, and give them a straightforward means of opting out of said monetization.

      TechCrunch - Devin Coldewey | January 1, 2020
  • (techcrunch.com)
  • Enable Password Leak Detection in Google Chrome for Enhanced Security
    • Very recently, Google added this new security feature to Chrome known to be "Password Leak Detection" or "Password Protection".
    • This feature came as an official extension at first but was later added to Chrome as part of the browser's password manager.
    • If you come across any password which is known by Google that has been compromised, make sure to change it immediately.

      The Windows Club - Ankit Gupta | January 1, 2020
  • (thewindowsclub.com)
  • A huge security camera company just had a huge security breach
    • Wyze Labs lets consumers surveil their own homes -- and its huge data breach doesn't inspire trust.
    • The breach included information like WiFi network details and customer email addresses.
    • As security breaches accumulate, consumers are particularly at risk if they use the same passwords and login names on different sites, as many databases of breached usernames and passwords are already public.

      Salon - Nicole Karlis | January 1, 2020
  • (salon.com)
  • 2019 Data Breach Hall of Shame: These were the biggest data breaches of the year
    • The words "unsecured database" seemed to run on repeat through security journalism in 2019.
    • Calculating the hours and dollars spent by people trying to recover from the shameful negligence of some of these companies would be nearly impossible.

      C|Net - Rae Hodge | December 27, 2019
  • (cnet.com)