A US government contractor is the latest victim to be taken down by a ransomware attack. Electronic Warfare Associates (EWA) have the Department of Defense, Department of Homeland Security and the Department of Justice listed among clients that they serve, describing the company as a veteran-owned business with a track record dating back over the last four decade.

Hackers are selling the payment card details of more than 30 million Americans and over 1 million foreigners on Joker's Stash, the internets largest payment card forum. This card dump which occurred on Monday was advertised as "BIGBADABOOM-III", but Gemini Advisory found that the card details traced back to Wawa, an East Coast convenience store chain.

As we enter a new year and a new decade, 2020 will be a critical year for businesses and governments around the globe as they deal with a more complex and evolving cyber threat landscape. NNT’s cybersecurity evangelists, CEO Mark Kerrison and CTO Mark Kedgley, have investigated the current state of the industry and identified key cybersecurity predictions and recommendations to help you improve your cybersecurity defenses in 2020.

A study by PAS Global recently discovered over 10,000 industrial endpoints that are affected by over 380,000 known security vulnerabilities. Industrial Control Systems (ICS) are used across the oil and gas industry, power generation, refining and chemical production, pulp and paper manufacturing, and mining industries. While advantageous for various reasons, these systems also pose a serious threat to security.

Detailed information about the job performance of more than 900 Regus employees was accidentally published online after the co-working space provider conducted a review of its sales staff. Regus owner IWG commissioned the mystery shopping business, Applause, to audit its sales staff through covert filming using "spy pens" fitted with miniature cameras.

Last week the National Institute of Standards and Technology (NIST) announced version 1.0 of its new Privacy Framework, a resource designed to help organizations manage privacy risks. A preliminary version of the Privacy Framework was released in September 2019, but the release of version 1.0 was not officially announced until January 2016, 2020.

Data protection regulators have issues €114 million in fines so far under the 2018 General Data Protection Regulation. The latest findings from DLA Piper found that over 160,000 data breach notifications have been reported across the European Union since the regulation came into effect on May 25, 2018. Geographically speaking, fines were the highest in France (€51m), Germany (€24.5m) and Austria (€18m).

New research has found that the Emotet malware strain has increasingly been targeting the United State's government and military. The malware that spreads via email has been infecting organizations across the globe since as far back as 2014, but researchers at Cisco Talos recently discovered that the US government is the latest victim to compromised. The discovery was made by closely examining the patterns of outbound email associated with the malware.

A Georgia court granted final approval for a settlement involving Equifax in a class-action lawsuit following the massive 2017 data breach. This week an Atlanta federal judge ruled this week that Equifax will pay $380.5 million to settle lawsuits relating to the 2017 data breach.

The Manor Independent School District is out $2.3 million after falling to an apparent phishing scam. Officials for the Texas school district claim that three separate fraudulent transactions took place in November 2019 following the phishing attack. The scammers carried out the attacks using a variety of tactics, including disguised email addresses, phone numbers, fake links, and more. The school district took to Facebook on January 10 to post that the incident was caused by a phishing email.

Travelex announced today it is restoring operations to process foreign exchange orders electronically, almost two weeks after cyber criminals took hold of its systems, leading to a global blackout of its online services.

Dixons Carphone has been issued the maximum possible fine amount under the pre-GDPR data protection regulation after the tills in its stores were compromised by a cyberattack back in 2017 that affected 14 million customers. The retailer discovered the breach last summer and an investigation into the incident by the Information Commissioner's Office (ICO) found that an attacker had installed POS malware on over 5,390 tills in the retailers' Currys PC World and Dixons Travel storefronts.

Alomere Health, a Minnesota-based hospital operator, has begun notifying patients of a data breach that impacts more than 49,351 patients. On October 31, 2019, a malicious attacker gained unauthorized access to an employee email account, then hijacked a second account days later on November 6. The details were recently published on the health providers' website.

The Austrian State Department's IT systems were hit by a cyberattack last Saturday and many believe that a "state actor" may be behind the attack. The attack, which was disclosed late Saturday night, is said to be "serious" and experts warn it could continue for several days, according to a joint statement from the Foreign Ministry (BMEIA) and the Ministry of the Interior (BMI).

The much anticipated California privacy law officially took place on Wednesday, January 1, a year and a half after it was passed and signed. The California Consumer Privacy Act (CCPA) is a state-wide law that requires organizations to notify users of the intent to monetize their data and provide them with a direct means to opt-out of said monetization. That goes for social networks, credit agencies and much more.