IT Security & Privacy

A sophisticated and large-scale phishing campaign utilizing the EvilProxy phishing-as-a-service (PhaaS) infrastructure has been targeting Microsoft 365 users for the past six months, leading to numerous successful account takeovers. The campaign, which impacted over 100 organizations globally, predominantly focused on senior executives, with threat actors sending more than 120,000 phishing emails between March and June 2023.

Foreign companies operating within China are grappling with mounting concerns as the deadline looms for compliance with the Data Security Law (DSL) and the Personal Information Protection Law (PIPL). Since the enactment of these regulations two years ago, foreign firms have been reevaluating their positions due to the introduction of stricter rules concerning international personal data transfers and increased government access to data stored within the country.

Zoom, the widely used video conferencing platform, is facing scrutiny over recent changes to its terms of service (TOS) that grant the company the right to scrape customer accounts for AI data collection. While Zoom has made partial concessions in response to user backlash, experts are questioning whether the new terms may still be in violation of European Union (EU) regulations governing data privacy.

The rapid rise of connected vehicles has led to a new era of convenience and functionality in the automotive industry, but it has also ignited a debate over data privacy. With the proliferation of internet-enabled features in cars, concerns are mounting that personal information collected by car manufacturers may potentially violate California's strict privacy laws.

The European Parliament has released an extensive briefing on the Network and Information Security (NIS) Directive's successor, the NIS2 Directive. The briefing, published on August 2nd, outlines the key provisions and objectives of the NIS2 Directive, marking a crucial step in fortifying the EU's cybersecurity framework.

In a joint effort to enhance cybersecurity awareness and preparedness, the cybersecurity authorities of the Five Eyes (FVEY) intelligence alliance, including the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the NSA, have released a list of the top 12 most exploited vulnerabilities throughout 2022. This publication sheds light on cybercriminals' preference for targeting older unpatched security flaws to carry out their malicious activities.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has introduced its comprehensive Cybersecurity Strategic Plan for the fiscal years 2024-2026, outlining a new vision for fortified cybersecurity that emphasizes collaboration, innovation, and accountability. The plan is aligned with the National Cybersecurity Strategy and embedded within CISA's 2023-2025 Strategic Plan, establishing a roadmap for the agency to navigate towards a future marked by infrequent cyber intrusions, bolstered organizational security and resilience, and technology products designed and default-secured for safety.