InfoSecSherpa Newsletter — 23 June 2021
- China Releases Data Security Law: Some Expert Observations and Comments
(China Briefing, 23 June 2021)
China’s Data Security Law was published on June 10, 2021, and will be formally effective starting September 1, 2021.
- Using the cloud data life cycle to protect patient privacy
(Health Care IT News, 23 June 2021)
Trinity Health’s Dr. James Angle will present at HIMSS21 about the best ways to protect patient information via privacy engineering and risk assessments.
- Employees are valuable assets: Why you need to safeguard them
(Tech Republic, 23 June 2021)
Two experts suggest calling employees “insider threats” is counterproductive; employees are assets needing protection.
- EU Proposes Joint Cybersecurity Unit
(Gov Info Security, 23 June 2021)
The European Commission has proposed creating a Joint Cyber Unit to help EU member states respond to and prevent cyberattacks, especially those involving ransomware.
- How Big Tech created a data ‘treasure trove’ for police
(New York Post, 23 June 2021)
Data compiled by four of the biggest tech companies shows that law enforcement requests for user information — phone calls, emails, texts, photos, shopping histories, driving routes and more — have more than tripled in the US since 2015.
- Nemeroff to Direct International Cyber Policy at White House NSC
(MeriTalk, 23 June 2021)
Theodore N. Nemeroff has been named director for International Cyber Policy on the White House’s National Security Council (NSC). He will be responsible for expanding the U.S. government’s information and communications technology policy abroad.
- Report: S.C. residents 60 and older lost nearly $10M from cyber scams in 2020
(WMBF News, 23 June 2021)
U.S. Attorney M. Rhett DeHart, citing the FBI’s 2020 Elder Fraud Report, said 1,350 S.C. residents aged 60 or older fell victim to cyber scammers and reported losses of nearly $10 million.
- US Cyber Command exercise will help shape new tactics for changing threats
(C4ISRNET, 23 June 2021)
Cyber Flag, the command’s premier annual training event, is happening on the heels of Cyber Command’s budget request that proposes adding more teams and potentially altering their composition to adapt to a rapidly changing threat landscape.
- Two More Cyber Attacks on US Water Supply Highlights Concerns About Vulnerabilities, but Sensational Headlines Sometimes Overstate the Threat to Public Safety
(CPO Magazine, 22 June 2021)
In the past two years there have been two successful breaches of a United States municipal water supply, contributing to a general alarm about the state of security at the nation’s vital utility providers. Two new cyber attack attempts, one in the San Francisco Bay Area and another in Pennsylvania, will likely add fuel to that particular fire.
- Ursnif Leverages Cerberus to Automate Fraudulent Bank Transfers in Italy
(Security Intelligence, 23 June 2021)
IBM Trusteer researchers continually monitor the evolution and attack tactics in the banking sector. In a recent analysis, our team found that an Ursnif (aka Gozi) banking Trojan variant is being used in the wild to target online banking users in Italy with mobile malware.