Search
Close this search box.

Global Cyber News Digest

Events

Cyber Insider Podcast

Press Room

Daily News Digest

Stay current on the global cyber threat landscape and industry developments with CCOE’s daily digest and library of cybersecurity news and articles.

  • Data breach at BigBasket hits 20 mn users’ privacy

    • Online grocer Bigbasket may have suffered a massive data breach following which details of more than 20 million users may have been leaked on the dark web.
    • Bigbasket.com, which is run by Innovative Retail Concepts Pvt Ltd, is one of India’s largest online food and grocery store and is valued at $2 billion.
    • Bigbasket has a robust information security framework that employs best-in-class resources and technologies to manage information, it said. “We will continue to proactively engage with best-in-class information security experts to strengthen this further," it said.
    • The online retailer has more than 18,000 products and 1,000 brands in its catalogue and services customers in more than 20 cities across India.
    - Sharan Poovanna | November 9, 2020
    hak-iq.us20.list-manage.comNovember 9, 2020

  • DDoS attacks fell by 73% in Q3 of 2020, says Kaspersky

    • The analysis of commands received from command and control servers also demonstrates this decline, said a DDoS Protection report from Kaspersky, adding that despite the overall stabilization of the DDoS market during the year, the quarter still saw a year-on-year rise, and the year’s highest number of attacks in a single day, totalling 323.
    • In Q3 2020, the company said that it detected 73 per cent fewer attacks than in the previous quarter. However, compared to the same period in 2019, this figure has seen a one-and-a-half times year-on-year increase.
    • This means that the decline observed during Q3 can mostly be explained by the abnormal rise of attacks in the second quarter.
    | November 5, 2020
    hak-iq.us20.list-manage.comNovember 5, 2020

  • Cyber-attack concerns behind Norfolk canceling virtual classes on Monday

    • Worries about a potential cyber-attack forced Norfolk Public Schools to cancel virtual classes earlier this week.
    • The school district initially said that virtual classes were canceled Monday due to a "computer network outage" and that it would resume on Wednesday.
    • In a new statement, an NPS spokesperson clarified that the reason for the outage was that they recently got word from Microsoft recently about cyber-attacks in the region that could affect schools.
    • The IT department disconnected everything just as a precaution, and canceled class on Monday.
    | November 5, 2020
    hak-iq.us20.list-manage.comNovember 5, 2020

  • Capcom hacked. Resident Evil game developer discloses cyber attack

    • The maker of such well-known video games as “Resident Evil” and “Street Fighter” disclosed in a short press release that in the early hours of Monday some of its networks “experienced issues” that affected access to email and file servers.
    • In response, the company has shut down some of its systems. However, in what must be a big relief to fans of Capcom video games, the attack is said not to have affected players’ online access to the firm’s video games and websites.
    • Even if no customer information has been stolen from Capcom’s internal servers and email accounts, there might have been other sensitive data stolen – such as intellectual property from the video game developer, or details of the firm’s plans for future video game releases.
    • Presently it is unclear how long it will take Capcom to return to its normal operations.
    - Graham Clueley | November 5, 2020
    hak-iq.us20.list-manage.comNovember 5, 2020

  • How to deal with the escalating phishing threat

    • For attackers, it’s almost a no-brainer: phishing is cheap and humans are fallible, even after going through anti-phishing training.
    • When something gets through and someone clicks on a malicious URL, defenders must be able to simultaneously block the attack and show the victim what the phisher was attempting to do.
    • Most CISOs assume phishing is a corporate email problem and their current line of defense is adequate, but they are wrong.
    • “You’ve got to take a comprehensive, multi-layer phishing defense approach outside the firewall, where your biggest user population is working remotely, and inside the firewall for your internal users. You need to protect mobile devices and PC/Mac endpoints, with end-to-end encryption (E2EE) deployed.”
    • “You also have to be mindful of corporate users’ personal side as their personal and business lives have converged, and many people use the same devices and same credentials across personal and business accounts."
    - Zeljka Zorj | November 4, 2020
    hak-iq.us20.list-manage.comNovember 4, 2020

  • Polls close on Election Day with no apparent cyber interference

    • After years of planning and worry, polls closed on Election Day 2020 without the country's having seen any substantial public cyberattack.
    • It's impossible to state for sure how much the lack of an apparent cyberattack was due to successful planning, a lack of a serious attempt from a dedicated adversary or pre-emptive cyberattacks from U.S. Cyber Command.
    • While polls appeared to have closed without a major hitch, CISA cautioned that the window for hackers to affect the perception of the election's integrity could be open for weeks.
    - Kevin Collier | November 3, 2020
    hak-iq.us20.list-manage.comNovember 3, 2020
  • California’s Proposition 24 – CCPA 2.0 Meets the California GDPR
    • Proposition 24 is known as the California Privacy Rights Act of 2020 (CPRA). It is on the ballot in California on November 3, and if it passes it will amend and expand certain provisions of the California Consumer Privacy Act (CCPA).
    • Two provisions in particular are very GDPR-like; specifically, the creation of the California Privacy Protection Agency (CPPA), which will become the regulator charged with implementing and enforcing both the CCPA and CPRA, and the expanded definition of sensitive personal information.
    • CPRA creates a new category of data, similar to GDPR, for sensitive personal information.
    • The CPRA requires businesses that sell or share personal information to provide notice to consumers and a separate link to the “Do Not Sell or Share My Personal Information” webpage and a separate link to the “Limit the Use of My Sensitive Personal Information” webpage or a single link to both choices.
    • The CPRA triples the fines set forth in CCPA for collecting and selling children’s private information and requires opt-in consent to sell personal information of consumers under the age of 16.
    • The CPRA expands the consumer’s private right of action to include a breach of a consumer’s email address and password/security question and answer.
    • The above is NOT ALL INCLUSIVE.
    JDSUPRA | October 30, 2020    hak-iq.us20.list-manage.comNovember 3, 2020

  • US City Fined Over Former Employee's Data Theft

    • New Haven, Connecticut, agreed to pay a $202,400 financial penalty to the Department of Health and Human Services’ Office for Civil Rights and adopt a corrective action plan that includes two years of monitoring to resolve a HIPAA (Health Insurance Portability and Accountability Act) violation case.
    • The OCR launched an investigation in May 2017 after receiving a data breach notification from New Haven in January of that year. OCR found that the city's health department had failed to remove the access rights of an employee who had been fired the previous summer during her probationary period.
    • The OCR stated: "Using her work key, the former employee entered her old office and locked herself and the union representative inside. While inside the office, the former employee logged into her old computer, with her user name and password, and downloaded information off of her computer onto a USB drive."
    • OCR investigators found that New Haven failed to conduct an enterprise-wide risk analysis and failed to implement termination procedures and access controls such as unique user identification.
    - Sarah Coble | November 2, 2020
    hak-iq.us20.list-manage.comNovember 2, 2020

  • Important Cybersecurity Lessons Learned During The Pandemic

    • Given the importance of the user domain in an IT infrastructure, at my company, we’ve maintained a reliable access control system internally during the pandemic that emphasizes training, segregation of duties and the principle of least privilege for all internal users and employees.
    • Training is vital to ensure security in the user domain.
    • Segregation of duties (also known as separation of duties) is an essential principle in cybersecurity that ensures that employees do not have access to systems that will lead to conflicts of interest, fraud or abuse.
    • A secure user domain has helped strengthen the detective and preventive security measures that we also have in place at our organization. Another connection to the lesson touches on proactive cybersecurity measures like the importance of patch management.
    - David Obasiolu | November 2, 2020
    hak-iq.us20.list-manage.comNovember 2, 2020

  • Alibaba's Lazada Suffers Data Breach Involving 1.1M Users

    • Singapore-based Lazada Group, an e-commerce company owned by Chinese tech giant Alibaba Group Holdings Ltd.
    • Lazada confirmed to CNBC that personal data was stolen but claimed the information affected was "more than 18 months out of date."
    • Despite claims that the company does not store credit card numbers and CVV details, Lazada told users to track any “unusual activity or suspicious transactions on your credit cards."
    • Alibaba gained a controlling interest in Lazada in April 2016 for $1 billion. Six months later, in November
    - Aditya Raghunath | November 2, 2020
    hak-iq.us20.list-manage.comNovember 2, 2020

451 A Street, Suite 500
San Diego, CA 92101

[email protected]

CONNECT WITH US

Linkedin Twitter

Cyber Center of Excellence is a San Diego-based nonprofit dedicated to growing the regional cyber economy and creating a more secure digital community for all.

JOIN US
Linkedin Twitter
Cyber Center of Excellence | Privacy Policy  |  Terms & Conditions
Linkedin Twitter
Privacy Policy  |  Terms & Conditions
© 2024 Cyber Center of Excellence