Dutch data protection authority investigate on GDPR compliance progress of government bodies
The Dutch data protection authority (AP) reported on a press release that from the initial list of 400 public sector organizations, 4% of them had not yet appointed a Data Protection Officer (DPO) by the deadline of June 1, 2018, noting that “almost all audited public sector organizations have already notified a DPO to the AP.” The 400 hundred institutional bodies audited included municipalities, provinces, water boards, ministries and a number of independent administrative bodies. The AP is supervising the progress made since the introduction of the General Data Protection Regulation (GDPR) in May 2018. Under the GDPR, all authorities and public organizations must appoint an independent DPO to guaranty compliance with the privacy legislation. The AP also announced it will broaden its audit to the private sector and begin verifying whether companies such as health insurers and hospitals have appointed DPOs or are keeping a register of processing activities, as required by the GDPR.Link to the press release of the Dutch Autoriteit Persongegevens (AP) (Dutch language)
Personal data for sale in China
In late August, Reuters published an article stating that "personal data has become widely available in China" for insurance companies, banks, and scammers alike. The report warns of the ease of acquiring such information through illegal means, stating that companies can purchase information illegally from the department of motor vehicles, car licensing authorities, car sellers, or even police stations.
Even though China issued in May 2018 more stringent data privacy laws, there still exists a large market for selling and buying personal information. According to local experts interviewed, there remains an imbalance between the economic benefits of the trade compared to the relatively low sanctions for violating relevant laws.Read the Reuters’ full report here
Lazarus cybercriminals targeted the MacOS platform
The North Korean cybercrime group, Lazarus, appeared lately with a new campaign, coined “AppleJeus” by the Kaspersky Lab, whose aim may have been to not only infiltrate a cryptocurrency exchange but also to inject malware into the MacOS platform. The Kaspersky Lab’s Global Research and Analysis Team discovered that the cybercrime group used a Trojanized cryptocurrency trading software to target the MacOS platform, among others. This is the first case in which Kaspersky Lab researchers have observed the Lazarus group distributing malware targeting the MacOS software and its users, and cautioned all users. The team's concern is that MacOS machines and users may be less prepared to deal with malware stating, “This should be a lesson to all of us and a wake-up call to businesses relying on third-party software. Do not automatically trust the code running on your systems. Neither good looking website[s], nor solid company profile nor the digital certificates guarantee the absence of backdoors.”Find the Kaspersky expert's related blogpost here
Facebook continues to struggle to protect customer data
Facebook is still striving to control the companies that use its data, even after the recent Cambridge Analytica scandal. The social media giant announced in late August that myPersonality, an app active primarily pre-2012, has been banned by Facebook for sharing data in a manner that inadequately protected users’ rights to privacy. Facebook stated that it would inform the roughly 4 million affected users that their data may have been misused. Since the beginning of its investigation in March 2018, Facebook has detected and suspended more than 400 apps for similar reasons.Find the Facebook announcement here
Rapid7’s second quarter 2018 cyber threat report identifies finance, professional and information sectors as primary target of cybercrime.
According to the latest cyber threat report from the security firm Rapid7, the finance, professional and information sectors are the most targeted by malicious activity in the second quarter of 2018. The report identifies remote access as the top method for stealing information and mining cryptocurrency, while the most common systems of access were through credential theft, credential dumping and brute force. There are also common breach tactics between the different sectors, such as credential threat campaigns, breached network access, account leaks and impersonation or suspicious link attempts. The report also expects incident growth in the coming months across all industries.Find out this and more information inside the Rapid 7 report here