News
![A gavel rests on open law book. [law / regulation / compliance / legal liability]](https://images.idgesg.net/images/article/2020/09/gavel_mallett_rests_on_open_law_book_legal_liability_risk_regulations_compliance_by_andreypopov_gettyimages-1021544574_2400x1600-100860121-small.3x2.jpg)
Defining data protection standards could be a hot topic in state legislation in 2021
Some states could follow the New York Shield Act’s lead and set clearer regulatory expectations for reasonable cybersecurity. Election security legislation likely not on the agenda.
Intel SGX users need CPU microcode patch to block PLATYPUS secrets-leaking attack
Attackers could use the vulnerability to access encryption keys from the Linux kernel's memory or Intel SGX enclaves.
![A group of anonymous hooded figures exist amid raining streams of binary code. [security threats]](https://images.idgesg.net/images/article/2020/09/group_of_anonymous_hooded_figures_hackers_bad_actors_security_threats_by_leo_lintang_gettyimages-1135437442_2400x1600-100858240-small.3x2.jpg)
Mercenary APT group CostaRicto hits organizations worldwide
This hacker-for-hire advanced persistent threat group uses its own custom malware and takes great effort to hide its activity.
Passage of California privacy act could spur similar new regulations in other states
Voters approved the California Privacy Rights and Enforcement Act (CPRA), which in part limits how organizations can use personal data. Legal experts expect other states to follow suit.
Supply chain attacks show why you should be wary of third-party providers
The weak link in your enterprise security might lie with partners and suppliers. Here’s how to understand and mitigate that risk.
Take part in the 2021 IT Salary Survey
Whether you’re scouting out a new job or looking to fill a key IT role, access to salary data is an important tool. Help us help you by taking our 10-minute IT Salary Survey.
US Treasury Department ban on ransomware payments puts victims in tough position
The Treasury Department's advisory warns companies not to pay ransoms to sanctioned entities. The move complicates ransomware incident response and might encourage insurance carriers to drop ransomware coverage.
US DOJ indictments might force Russian hacker group Sandworm to retool
Experts hope that indictments against six Russian military intelligence agents will make Russia rethink plans to disrupt the US election.
Late-game election security: What to watch and watch out for
Despite disruption of the Trickbot botnet network, last-minute leaks of stolen documents and post-election undermining of trust in the election system remain big concerns.
Financial crime group FIN11 pivots to ransomware and stolen data extortion
FIN11, believed to be Russia-based, follows a trend of cybercriminal groups expanding their operations beyond financial crime.
Half of all virtual appliances have outdated software and serious vulnerabilities
New study shows that even security vendors can use outdated and vulnerable virtual appliances. Top advice: Make sure your vulnerability management processes include virtual appliances.
Elusive hacker-for-hire group Bahamut linked to historical attack campaigns
The Bahamut group targets high-value victims and takes meticulous care with its own operational security.
How SilentFade group steals millions from Facebook ad spend accounts
SilentFade steals credentials and ad spend account information and sells the information to other bad actors. The group returned with improved malware after Facebook's initial mitigation efforts.
![Law enforcement coordination > A team of investigators collaborates. [detectives / FBI agents]](https://images.idgesg.net/images/article/2020/10/law_enforcement_coordination_team_of_investigators_collaboration_detectives_fbi_agents_by_south_agency_gettyimages-1173352754_2400x1600-100860807-small.3x2.jpg)
