Intelligent CISO Issue 13 | Page 24

threat updates UK The Information Commissioner’s Office opened a consultation on 16 standards that online services must meet to protect children’s privacy. Age appropriate design: a code of practice for online services sets out the standards expected of those responsible for designing, developing or providing online services likely to be accessed by children and which process their data. When finalised, it will be the first of its kind and become an international benchmark. GLOBAL Bodybuilding.com announced it had become aware of a data security incident that may have affected certain customer information in its possession. In a statement, the business said it had no evidence that personal information was accessed or misused but it was directly notifying all current and former users and customers out of an abundance of caution. The information potentially accessed in the incident did not include full credit or debit card numbers, as those numbers are not stored by the company. GLOBAL Kaspersky Lab has uncovered a new advanced persistent threat (APT) campaign that has affected a large number of users through what is known as a supply chain attack. The cybersecurity company’s research found that threat actors behind Operation ShadowHammer have targeted users of the ASUS Live Update Utility by injecting a backdoor into it at least between June and November 2018. Kaspersky Lab experts estimate that the attack may have affected more than a million users worldwide. 24 Issue 13 | www.intelligentciso.com