Featured Story
Meta Fined €1.2bn for Violating GDPR
Meta (Facebook’s parent company) has been fined €1.2 billion by the Irish Data Protection Commission (DPC) for transferring user data from the EU to the US without appropriate safeguards, in breach of GDPR. The fine is nearly double the previous record under the regulation.
While SCCs (Standard Contractual Clauses) are still valid, the case reinforces the need for businesses to carefully assess their data governance strategies and cross-border transfer mechanisms.
GDPR compliance is more important than ever. This fine highlights the importance of having proper data transfer mechanisms and documentation. Our Privacy & Data Governance team is ready to help organizations align with GDPR and strengthen their privacy posture.
Other Stories
Google’s .zip and .mov Domains Could Aid Phishing Attacks
New top-level domains (.zip and .mov) are raising concern among security professionals. These domains can be used to disguise malicious links and trick even tech-savvy users into visiting phishing or malware-dropping sites.
These domains currently lack legitimate business use. We advise blacklisting .zip and .mov domains unless required. We also offer awareness campaigns to help users identify and avoid phishing tactics.
93% of Ransomware Attacks Target Backup Repositories
Veeam’s 2023 Ransomware Trends Report reveals that in nearly every ransomware incident (93%), attackers also target backups. 75% of victims lose some backup data, and 39% lose it all. The study also found that 85% of organizations have suffered at least one attack in the past year.
Backups are the last line of defense. Protect them with immutability, segmentation, and separate credentials. Our CSIRT team helps organizations with ransomware prevention, response, and backup validation strategies.
Barracuda ESG Exploited via Zero-Day Vulnerability
Barracuda has patched a zero-day vulnerability (CVE-2023-2868) in its Email Security Gateway appliances. The flaw was actively exploited and resided in the module responsible for attachment scanning. Patches were deployed rapidly after discovery in May 2023.
Even security tools aren’t immune to vulnerabilities. A zero-trust approach ensures that any single tool isn’t a point of failure. Our CISO-as-a-Service offering helps define layered defenses and technology governance.
Sextortion Scam Still Active – Over 3,000 Reports in One Week
Safeonweb received nearly 3,000 reports of sextortion scams in a single week. The emails falsely claim to have recorded compromising videos and demand payment in cryptocurrency. Users are urged not to respond or pay.
These scams rely on panic and embarrassment. Ignore and report them. You can forward messages to:
- verdacht@safeonweb.be
- suspect@safeonweb.be
- suspicious@safeonweb.be
Our SOC analysts can help verify and respond to such threats if needed.
