1. INSTAGRAM RECEIVES RECORD FINE OF $400M FOR ABUSE OF CHILDREN'S DATA BY JOVI UMAWING

Following an investigation into how Instagram handles teens’ data on their platform, Ireland’s Data Protection Commissioner (DPC) has slapped the company with a near $402 million fine, marking the DPC’s highest fine to date. In response to the investigation and resulting fine, a spokesperson for Instagram said, "This inquiry focused on old settings that we updated over a year ago, and we've since released many new features to help keep teens safe and their information private. Anyone under 18 automatically has their account set to private when they join Instagram, so only people they know can see what they post, and adults can't message teens who don't follow them. We engaged fully with the DPC throughout their inquiry, and we're carefully reviewing their final decision." Read more about what led to the regulator’s final decision in the full story from Malwarebytes Labs.

Read more

2. CISA TO FORMALLY SOLICIT INDUSTRY FEEDBACK ON CYBERSECURITY INCIDENT REPORTING RULES BY SUZANNE SMALLEY

Jen Easterly, the current director of CISA, noted this week that federal cyber officials will formally ask industry leaders for feedback for the regulatory structure for cyber incident reporting. This decision comes months after President Biden signed a new bill, the Consolidated Appropriations Act, into law, which requires critical infrastructure owners and operators to report major cyberattacks to CISA within 72 hours and ransomware attacks within 24. According to Easterly, “this will finally allow us a much better understanding what’s going on across the ecosystem… We don’t want to burden industry and we don’t want to burden the federal government with noise either.” Read more to find out why she thinks “defense needs to be the new offense” when it comes to cybersecurity.

Read more

3. DEV BACKDOORS OWN MALWARE TO STEAL DATA FROM OTHER HACKERS BY BILL TOULAS

Cybercriminals using Prynt Stealer, a type of info-stealing malware used to steal cryptocurrency wallet information, sensitive info stored in web browsers, VPN account data, cloud gaming account details, and more, has been backdoored so that any information stolen by the cybercriminal is also routed to the malware’s developer via Telegram. Read the full story from BleepingComputer to find out more about how Prynt Stealer works and which other malware families it may be related to.

Read more

4. TIKTOK USERS WERE VULNERABLE TO A SINGLE-CLICK ATTACK BY DAN GOODIN

Microsoft stated recently that it discovered a vulnerability in TikTok’s Android app this past February, tracked as CVE-2022-28799, that could have allowed cybercriminals to hijack accounts after users clicked an errant link. According to researchers, “the vulnerability allowed the app’s deep link verification to be bypassed… Attackers could force the app to load an arbitrary URL to the app’s WebView, allowing the URL to then access the WebView’s attached JavaScript bridges and grant functionality to attackers.” Microsoft says there is no evidence the vulnerability was actively exploited in the wild.

Read more

5. UKRAINE IS UNDER ATTACK BY HACKING TOOLS REPURPOSED FROM CONTI CYBERCRIME GROUP BY DAN GOODIN

As Ukraine continues to fight against Russian invasion, hackers with ties to the notorious Conti ransomware group have been repurposing tools to use in attacks against hotels, non-government organizations, and others in the war-torn country. But according to a researcher in Google’s Threat Analysis, "the attacker has recently shifted their focus to targeting Ukrainian organizations, the Ukrainian government, and European humanitarian and non-profit organizations," indicating that the attackers’ intentions may align with those of the Kremlin. Read the full story from Ars Technical for a full breakdown of recent incidents that have been linked back to these cybercriminals.

Read more