Internet Security Week - Issue 76

In the 76th edition of Internet Security Week , record fines for Amazon data breach, new phishing technique, internet security summary for the first half of 2021 and much more.

News

Only 40% of companies recognize that they are prepared for the LGPD

Fines under the General Data Protection Law (LGPD) came into effect on Sunday (1st), but many companies are still not prepared to comply with the new regulations. A survey by the Dom Cabral Foundation (FDC) indicates that almost 40% of the 207 organizations interviewed acknowledge that they are not fully compliant with the legislation.

By Roseli Andrion on Canaltech

68% of malware reaches organizations through cloud applications

According to a new semi-annual report from cybersecurity services provider Netskope, 68% of malware reaches organizations through cloud applications. This growth in this form of dissemination occurs amid a scenario of continued proliferation of cloud applications in companies, with adoption increasing 22% during the first six months of 2021.

In iPnews

Amazon has just broken another record—this time, however, the online retail giant has no reason to celebrate. It has just become the company to receive the largest fine under the General Data Protection Regulation (GDPR), the European data protection legislation. The company is being forced to pay, in euros, the equivalent of US$884 million (approximately R$4.5 billion at the current exchange rate).

By Ramon de Souza The Hack

New redirection technique to avoid blocking phishing links

To steal corporate email credentials from company employees, attackers must first bypass the anti-phishing solutions on the company's email servers. Typically, they use legitimate (and increasingly specialized) web services like Google Apps Script, a JavaScript-based platform. Scammers are using redirects through Google Apps Script to prevent email servers from blocking phishing links.

By Roman Dedenok on Kaspersky Blog

LemonDuck malware now removes security controls

In recent months, the LemonDuck malware, known primarily for its cryptocurrency mining activities, has become more sophisticated and has intensified its operations. In addition to its traditional botnet and mining activities, the malware now comes with a variety of capabilities that allow it to steal credentials and bypass security controls.

In CISO Advisor

Hacker group is recruiting insiders to breach corporate networks

The LockBit 2.0 ransomware gang is actively recruiting insiders to help them breach and encrypt networks. In return, the insider is promised millions of dollars in payments.

By Lawrence Abrams in Bleeping Computer

Internet Security: Summary of the first half of 2021

Numbers, statistics, and news related to data leaks on the internet give us an idea of the challenge of managing internet security. The first half of 2021 revealed alarming data and, compared to previous years, reached record levels both in attacks and in financial losses for companies affected by these crimes.

By Kelvin Zimmer on Lumiun Blog

New scam involving bank slips on LinkedIn and Twitter

Axur has identified the return of a scam that was very common a few years ago—using bills, but now in a new form, using simple yet ingenious techniques. The new scam, dubbed the "renegotiation scam" by the company, uses victims' CPF data, due to the massive leaks earlier this year.

In iPnews

Brazilian companies are the most affected by ransomware in Latin America

Brazil was the target of nearly half of the digital kidnapping (ransomware) attacks against companies in Latin America, making it one of the largest targets of this type of criminal activity in the country. Between January and March 2021, there were more than 3.2 billion attempts against Brazilian companies, part of a total of seven billion such scams recorded across the bloc.

By Felipe Demartini on Canaltech

New cyberattacks distort reality and manipulate time

VMware released the seventh edition of its Global Incident Response Threat Report at Black Hat USA 2021, which shows how threat actors are manipulating reality to reshape the cybersecurity landscape.

In CISO Advisor