Global Cyber News Digest

Events

Cyber Insider Podcast

Press Room

Daily News Digest

Stay current on the global cyber threat landscape and industry developments with CCOE’s daily digest and library of cybersecurity news and articles.

  • Was it a Breach or Credential Stuffing? The Difference Matters

    • Breaches are expensive and time consuming. They usually spark a mad dash to shore up cybersecurity defenses, implement new security and access policies, and lock down sensitive data. And then there is the damage to the company’s brand and the trust of their customers.
    • But what if it wasn’t actually a breach? According to headlines, Zoom and Nintendo both suffered major breaches in 2020. In reality, they were never breached. Their customers were the victims of credential stuffing attacks.
    • A breach exploits the company’s failure to protect its data. A credential stuffing attack is the result of consumers’ failure to protect themselves.
    • Both breaches and credential stuffing attacks will continue to happen, and it’s important for victims – both the companies and their end users – to recognize the difference so they can respond appropriately.
    • Consumers have a role to play to protect themselves: Stop reusing passwords across multiple accounts. Millions of people do this, and it is a cyber-criminal’s dream come true. All a bad actor has to do is get your credentials from one account with weak security to have access to everything else.
    - Olivia Fryt | March 25, 2021
    hak-iq.us20.list-manage.comMarch 25, 2021

  • FatFace tells customers to keep its data breach ‘strictly private’

    • The company sent an email to customers this week disclosing that it first detected a breach on January 17. A hacker made off with customers’ name, email and postal address, and the last four digits of their credit card. “Full payment card information was not compromised,” the notice reiterated.
    • But despite going out to thousands of customers, the email said to “keep this email and the information included within it strictly private and confidential."
    • Under the U.K. data protection laws, a company must disclose a data breach within 72 hours of becoming aware of an incident, but there are no legal requirements on the customer to keep the information confidential.
    - Zack Whittaker | March 25, 2021
    hak-iq.us20.list-manage.comMarch 25, 2021

  • Business leaders must learn lessons from recent cyber attacks

    • “Although some top executives continue to view cybersecurity as a second-tier priority, business leaders are doing increasingly well in developing a basic technical understanding of cyber risk and recognizing the importance of robust cyber risk management,” says Eric Rosenbach
    • As a former Pentagon Chief of Staff [July 2015-January 2017], Rosenbach is familiar with the challenge of building an effective cybersecurity culture.
    • Building a strong culture involves showing why and how cybersecurity is essential to an organization’s mission.
    • 5 key principles: transparency; accountability, appropriate system knowledge, compliance with policy and procedure, and formal communication channels.
    • Identifying your most valuable digital assets is crucial.
    • The December 2020 attack on US software company SolarWinds highlights an important lesson: organizations cannot rely on ‘front door’ preventive security measures alone, but must also embed measures of detection, neutralization, and recovery into their cyber risk strategies.
    | March 24, 2021
    hak-iq.us20.list-manage.comMarch 24, 2021

  • All aboard the CMMC bandwagon!

    • Cybersecurity Maturity Model Certification (CMMC) is a program established by the US Department of Defense (DoD) to secure and protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) by requiring the certification of external contractors across 17 different domains.
    • The majority of the defense industry will likely require Level 3 certification for the IA domain, where MFA is a must-have. Requirements for Level 4 and 5 certification are still being defined. So, if you haven’t already adopted MFA for your workforce, you will need a solution that can be deployed quickly and effectively.
    • While the DoD was the catalyst for CMMC, it is now gaining traction across the Defense Industrial Base (DIB) including the Department of Homeland Security and other federal government departments and agencies across the US, especially since the SolarWinds attack.
    - Jenn Markey | March 24, 2021
    hak-iq.us20.list-manage.comMarch 24, 2021

  • Polk County Schools says student information may have been exposed in data breach

    • If you have a student who goes to school in Polk County you might have gotten a letter from a company called PCS Revenue Control Systems, Inc. about a data breach. 
    • Don't throw that letter away. The Polk County School District says it's legitimate and you might need the instructions that come on it for free identity monitoring.
    • The letter says your child's name, student identification number and date of birth were potentially exposed to unauthorized access during a data breach in December 2019, according to a post on the school district's social media page.
    • The letter says there is no evidence that any personal information has been used for malicious purposes.
    | March 24, 2021
    hak-iq.us20.list-manage.comMarch 24, 2021

  • Recent Cyber Attacks Show Increased Nation State Activity, Says Former NSA Director

    • Cyber attacks launched by nation states are becoming more proficient and more aggressive. This was the message from Admiral (ret.) Michael S. Rogers.
    • “We went through a period between about 2011 and 2017, during which nation states increased levels of activity. This includes the NotPetya hits in the summer of 2017, probably the largest global event we've ever seen. And after that, given its repercussions, there seems to have been a bit of a step back.”
    • “You're seeing criminal groups share tools, and you're seeing the lines between nation state and criminal group blur a little bit. The Russians in particular, often tend to use criminal groups to engage in state-associated activity. This proliferation of tools is creating a challenging environment.”
    • Regarding WFH - “We're not all sitting behind a central security stack right now. Now we're dispersed,” he explained. “We've blurred the lines between what is ‘business infrastructure’ and what is ‘personal infrastructure’. The bottom line is the attack surface is just proliferated as a result.”
    | March 23, 2021
    hak-iq.us20.list-manage.comMarch 23, 2021

  • This is some of the worst news that a bank customer can get after a hack

    • Earlier this month, the Michigan-based bank Flagstar disclosed that a security incident had occurred, following the hack by a group of ransomware attackers who exploited a bank vendor’s zero-day software vulnerability.
    • Personal information, including social security numbers of customers, bank employees, and even people with tenuous connections to the bank, were accessed as part of this data breach. That’s according to letters and communications from the bank that angry social media users have been sharing on Twitter.
    • The hackers exploited a flaw in the Fire Transfer Application software from Accellion that Flagstar was using to secure sensitive data.
    • Even though it was a third party with lax security that was taken advantage of, banks still have a first-party obligation to make sure their customers’ data isn’t being handled carelessly.
    - Andy Meek | March 23, 2021
    hak-iq.us20.list-manage.comMarch 23, 2021

  • Oil giant Shell discloses data breach linked to Accellion FTA vulnerability

    • The oil and gas company said an unknown threat actor managed to gain access to "various files" during the time of intrusion which included personal data and information "from Shell companies and some of their stakeholders."
    • The firm added that it does not appear core IT systems have been compromised, as the route of access was isolated from the rest of Shell's central infrastructure.
    • However, the data breach has been connected to Accellion's File Transfer Appliance (FTA), enterprise software used to transfer large files -- and a solution linked to a string of security incidents in December 2020 and January 2021.
    - Charlie Osborne | March 23, 2021
    hak-iq.us20.list-manage.comMarch 23, 2021

  • Sponsors Should Have a Plan in the Event of a Cyberattack

    • While the Department of Labor (DOL) hasn’t issued formal guidance on the responsibilities of retirement plan sponsors to protect against cybersecurity threats, there are commonsensical protections plan sponsors can put in place nonetheless, according to Employee Retirement Income Security Act (ERISA) attorneys.
    • Any party that could be impacted by a cybersecurity breach must have an incident response plan.
    • Should a breach actually occur, the plan sponsor “needs to find out which participants were impacted, which data elements were compromised, when the breach occurred and what steps have or will be taken to mitigate the impact of the breach.
    • The sponsor should determine if any of the company’s insurance policies cover cybersecurity breaches, and, if so, the next step is notifying these insurers that a breach has occurred.
    • Sponsors need to invest in cybersecurity protections and nurture a culture of privacy and security—from the mailroom to the boardroom. They need to hire qualified IT [information technology] staff, use the most up-to-date security software, train employees to recognize the telltale signs of phishing and other suspicious behavior, have a robust cyber-incident insurance policy in place and use secure methods to transmit sensitive information and data. Finally, they need to vet and continuously monitor their vendors.
    - Lee Barney | March 22, 2021
    hak-iq.us20.list-manage.comMarch 22, 2021

  • On the Road to Good Cloud Security: Are We There Yet?

    • In early 2020, the "Verizon Data Breach Investigations Report" noted that the second-most common cause of data breaches behind hacking was errors such as misconfigurations.
    • Big breaches due to customer misconfiguration errors (like the CapitalOne breach in 2019) get plenty of attention in the press, keeping IT security executives up at night.
    • Learning how to better secure cloud usage is a work in progress. Understanding in theory how the shared responsibility model works flies out the door in practice when a systems engineer or developer accidentally configures an AWS S3 bucket so that it is open to public access.
    • IT security teams responsible for securing their organization's cloud usage should also advocate for more and better training of those who will ultimately create those cloud workloads or accounts to ensure they understand how to avoid potentially costly misconfiguration mistakes.
    - Paula Musich | March 22, 2021
    hak-iq.us20.list-manage.comMarch 22, 2021

451 A Street, Suite 500
San Diego, CA 92101

[email protected]

CONNECT WITH US

Linkedin Twitter

Cyber Center of Excellence is a San Diego-based nonprofit dedicated to growing the regional cyber economy and creating a more secure digital community for all.

JOIN US
Linkedin Twitter
Cyber Center of Excellence | Privacy Policy  |  Terms & Conditions
Linkedin Twitter
Privacy Policy  |  Terms & Conditions
© 2024 Cyber Center of Excellence