Daily News Digest

Stay current on the global cyber threat landscape and industry developments with CCOE’s daily digest and library of cybersecurity news and articles.

  • Dunkin’ Donuts Will Pay Over Half a Million Dollar Fine After Data Breach Lawsuit

    • Dunkin Donuts has agreed to pay $650,000 as penalty settlement costs for the lawsuit over its failure to respond to credential stuffing attacks that compromised customer accounts between 2015 and 2019.
    • According to the New York Attorney General’s Office, Dunkin’ franchisor of Dunkin’ Donuts, “failed to notify these customers of unauthorized access to their accounts, reset their account passwords to prevent further unauthorized access or freeze their DD cards.”
    • The company must upgrade its security protocols to avoid future unauthorized access and follow data breach notification procedures in any future incidents.
    - Alina Bizga | September 22, 2020
  • China-linked lending apps on government’s radar amid potential data breach threat

    • Recent developments have had significant questions being asked on the grounds of national security, both by the Indian and American governments, regarding apps with ties to China (that’s what the entire TikTok fiasco is), jeopardising user data to aid the Chinese government.
    • The Indian government has now turned its focus on to fintech organizations with direct links to China, in an attempt to check for a potential data breach.
    • A recent search has shown that many fintech apps and organizations operating within the country have direct links to Chinese officials and have Chinese nationals as their company directors.
    The Tech Portal - Sanjoy Ghosh | September 22, 2020
  • Securing privileged access can reduce the risk of data breach

    • Accounts that have privileged access are a problem when it comes to data breaches, so securing them effectively is essential.
    • But things are complicated by the fact that where privileged access was once designated only for system administrators it has now been expanded to HR, finance, legal and many more parts of the organization, as well as to non-human users like machines and applications.
    • The recent cyber attack on Twitter provides a good example of why attackers covet privileged access. It was reported that more than 1,000 Twitter employees had privileged access to the admin tool that was used to, 'change user account settings and hand control over to others.'
    - Ian Barker | September 22, 2020
  • Activision shoots down data breach claims

    • Reports of a widespread hack affecting thousands of Activision player accounts surfaced on 20 September and were traced to a – now suspended – Twitter account that claimed the cyber attack was “worse than the notorious PS3 hack”, a reference to a 2011 incident.
    • However, in a statement circulated by Activision’s support team on Twitter, the firm said this was not the case.
    • “Given the profile of Call of Duty end-users, predominantly young male adults who may not be security conscious and/or aware, Activision now has a great opportunity to consider rolling out access control training and awareness through its platform as well as implement strong access control into its platform.”
    - Alex Scroxton | September 22, 2020
  • Cyberattacks often leading to major data breaches

    • If cybercriminals successfully dispossess a company of sensitive information or payment data, you can be sure they will attempt to use it for fraudulent activities.
    • This is according to a new report from Which? that claims almost half (46 percent) of people whose data was stolen by hackers then went on to experience fraud. Almost a quarter (23 percent) of respondents said their data had been compromised following a breach.
    - Sead Fadilpašić | September 22, 2020
  • Hackers Exploit Known VA Cybersecurity Weaknesses In Massive Data Breach

    • The Department of Veterans Affairs admitted by press release that 46,000 veterans were victims of an agency data breach while withholding details that fired up some in Congress.
    • The news preceded a curiously timed GAO report reminding everyone and their mom that VA still has not addressed “persistent” IT problems exposing veterans to risk.
    • There is no significant penalty for data breaches by US government agencies right now.
    | September 21, 2020
  • The Real Cost of a Data Breach for Your Brand (and How to Best Protect Yourself)

    • A data breach can be a backbreaker for any brand. There’s the immediate scramble to stop the bleeding, but well past the initial clean-up, the ripple effects can cripple a company for years.
    • Being proactive against this threat is pivotal to any brand’s survival in the 21st century.
    • Data has become a valuable currency in itself, and just like the money it represents, it requires its own version of an alarm system before would-be robbers reach the vault.
    • By being aware of the risks and fortifying your brand’s defenses well before they are tested, you can avoid or endure a data breach without it being the end of your brand.
    - Tom Popomaronis | September 21, 2020
  • Activision Accounts Hacked? 500,000 Call Of Duty Players Could Be Affected

    • According to reports, more than 500,000 Activision accounts may have been hacked with login data being compromised.
    • The credentials to access these accounts are, Dexerto said, being leaked publicly, and account details changed to prevent easy recovery by the rightful owners.
    • Activision accounts are mostly used by players of the hugely popular Call of Duty franchise.
    • You should also activate two-factor authentication (2FA) if you hadn't before. However, it appears that this isn't an option on Activision accounts.
    - Davey Winder | September 21, 2020
  • University of Tasmania IT bungle leads to mass student data breach

    • Nearly 20,000 University of Tasmania (UTAS) students have had their personal information exposed to the entire campus after a major IT bungle.
    • The mistake was blamed on security settings on shared files which were "unintentionally configured incorrectly" which had "made the information visible and accessible to unauthorised users".
    • UTAS said the data that was breached "is used to inform the ways the university supports students in their studies".
    - Mark Saunokonoko | September 21, 2020
  • Iranian Hackers Can Now Beat Encrypted Apps, Researchers Say

    • Iranian hackers, most likely employees or affiliates of the government, have been running a vast cyberespionage operation equipped with surveillance tools that can outsmart encrypted messaging systems — a capability Iran was not previously known to possess.
    • The hackers have successfully infiltrated what were thought to be secure mobile phones and computers belonging to the targets, overcoming obstacles created by encrypted applications such as Telegram and even gaining access to information on WhatsApp.
    - Ronen Bergman and Farnzaz Fassihi | September 18, 2020