News:

Researchers at Russian cybersecurity firm Kaspersky today revealed that they identified a small number of cryptocurrency-focused firms as at least some of the victims of the 3CX software supply-chain attack that’s unfolded over the past week. Kaspersky declined to name any of those victim companies, but it notes that they’re based in “western Asia.”

Security firms CrowdStrike and SentinelOne last week pinned the operation on North Korean hackers, who compromised 3CX installer software that’s used by 600,000 organizations worldwide, according to the vendor. Despite the potentially massive breadth of that attack, which SentinelOne dubbed “Smooth Operator,” Kaspersky has now found that the hackers combed through the victims infected with its corrupted software to ultimately target fewer than 10 machines­—at least as far as Kaspersky could observe so far—­and that they seemed to be focusing on cryptocurrency firms with “surgical precision.”

Read More

The ICO said TikTok failed to provide proper information on how data is collected, used and shared

Read More

Trust assurance platform TrustCloud has announced the release of the TrustRegister application to help software companies identify risks and understand risk-related revenue/business impact. TrustRegister is the newest addition to the TrustCloud platform and is built to automatically assign, notify, and prioritize tasks and remediation plans to help businesses elevate governance, risk management, and compliance (GRC) processes in line with frameworks such as SOC 2 and ISO 27001, the vendor said. The release comes as organizations and GRC teams face significant challenges amid the ongoing advancement of technology, changing regulations, and the increased interconnection of enterprises.

To read this article in full, please click here

Read More