Global Cyber News Digest

Events

Cyber Insider Podcast

Press Room

Daily News Digest

Stay current on the global cyber threat landscape and industry developments with CCOE’s daily digest and library of cybersecurity news and articles.

  • Phishing scheme shows CEOs may be ‘most valuable asset,’ and ‘greatest vulnerability’

    • Cybercriminals have been using a phishing kit featuring fake Office 365 password alerts as a lure to target the credentials of chief executives, business owners and other high-level corporate leaders.
    • “CEOs and high-level executives are accustomed to being thought of as an organizations’ biggest asset, while increasingly attackers see them as the greatest vulnerability,” said Eyal Benishti, CEO at IRONSCALES. “This is a dichotomy that executives must be humble enough to recognize as true, so that they can play an active role in their company’s risk mitigation. Overall, CEOs and other executives must lead from the front and act as a personal example to make sure everyone sees security as a top priority.”
    • CEOs and other top executives sometimes view email security mechanisms or policies as “an inconvenience to them” and because of that, they behave in a way that is “an exception to the rule.” 
    • Some senior executives also use a personal assistant to go through emails, which can impact the individual’s ability to spot suspicious messages.
    • Companies can take steps to help educate their executives on targeted threats by customizing their email security awareness training according to job function.
    - Bradley Barth | January 26, 2021
    hak-iq.us20.list-manage.comJanuary 26, 2021

  • Apple fixes another three iOS zero-days exploited in the wild

    • Apple has released today security updates for iOS to patch three zero-day vulnerabilities that were exploited in the wild.
    • All three zero-days were reported to Apple by an anonymous researcher and patches are available as part of iOS 14.4.
    • Security experts believe the three bugs are part of an exploit chain where users are lured to a malicious site that takes advantage of the WebKit bug to run code that later escalates its privileges to run system-level code and compromise the OS.
    • However, official details about the attacks where these vulnerabilities were used were not made public, as is typical with most Apple zero-day disclosures these days.
    - Catalin Cimpanu | January 26, 2021
    hak-iq.us20.list-manage.comJanuary 26, 2021

  • Biden Presses Putin On Alleged Russian Bounties And Cyber Attack In Phone Call

    • President Joe Biden spoke with Russian President Vladimir Putin on Tuesday for the first time since his inauguration and raised a number of key areas of conflict between the U.S. and Russia.
    • Biden brought up the recent cyberattack on major U.S. companies and key government agencies.
    • Biden and Putin "agreed to maintain transparent and consistent communication going forward,” according to a readout of the call from the White House.
    - Andrew Solender | January 26, 2021
    hak-iq.us20.list-manage.comJanuary 26, 2021

  • A Look at the Legal Consequence of a Cyber Attack

    • If you are unsure about your cyber-safety structure, then it’s time to upgrade it. Otherwise, you could be at risk of lengthy legal battles that result in hefty fines. Beyond that, the cost in terms of reputational loss could be catastrophic if not handled meticulously by professionals within a reasonable time.
    • If you’re in possession of customer data, you are legally bound to protect it from cyber-attacks.
    • If you’re running an enterprise that collects and stores consumer data in a digital format, then you have to implement “reasonable” measures to ensure data safety.
    • If your business is U.S.-based, you have to comply with state-specific laws, as no federal privacy law is in place. And if you’re operating from the EU, you must comply with the General Data Protection Regulation (GDPR).
    • If you demonstrate the highest level of compliance and have an effective response plan in place, you can reduce the number of fines and other costs.
    • If your organization or system experiences a cyber-attack that leads to a data breach, you are legally bounded to notify the affected individuals as soon as possible.
    • Your IT security department must be well equipped to investigate all possible aspects of a data breach, the extent of the breach and the origin of the threat. Your data protection officer must pass all relevant insights to the concerned regulator within the prescribed time.
    - Ryan Shaw | January 26, 2021
    hak-iq.us20.list-manage.comJanuary 26, 2021

  • Patient Sues Rady Children’s Hospital Over Blackbaud Data Breach

    • Rady Children’s Hospital in San Diego is being sued by a guardian of a patient whose information was compromised during last year’s hack of Blackbaud, its vendor.
    • The Blackbaud incident was the largest healthcare data breach of 2020. The incident first came to light in August, when Northern Light Health Foundation reported the data of 657,392 of its patients and donors were compromised by a ransomware attack on its vendor, Blackbaud.
    • According to the filing, the Rady Children’s data compromised by the Blackbaud incident included patient names, addresses, dates of birth, the names of patients’ physicians, and the hospital department visited by the patients.
    • Blackbaud is currently facing more than 20 lawsuits after the incident, which impacted more than 10 million patients from over 100 entities from a range of sectors, among several dozen healthcare organizations.
    • The lawsuit filed against Rady Children’s alleges the provider violated the state’s consumer privacy protection and medical information laws.
    • The lawsuit claims the stolen data was copied multiple times by unauthorized users, and not destroyed, with an increased likelihood the data will be sold or misused at a later data.
    • Arguably, data does support this claim: exfiltration has drastically increased in recent months and many of these extortion groups falsify the “proofs” that the stolen data was deleted.
    - Jessica Davis | January 26, 2021
    hak-iq.us20.list-manage.comJanuary 26, 2021

  • 2021 predictions: Quantifying and prioritizing cyber and business risk

    • Risk management involves assessing potential threats to your business and implementing measures to block them in advance and remediate them if they cause impact.
    • 5 Risk Management Trends & Priorities for 2021, which he listed in order:
      1. Mitigating the long-term effects of COVID-19 on the supply chain
      2. Build protection and resilience
      3. Innovate to reduce insurance costs
      4. Use good data to manage risk appetite
      5. Use data science to reduce claim costs
    • What technology is developing (or will be developed) to assist with risk quantification and prioritization?
      • Robotic process automation (RPA) is a key technology for helping organizations quantity and prioritize risk. RPA frees companies up from repetitive, manual tasks and allows them to focus on more strategic work. Essentially, it helps companies make smarter decisions more quickly, which is what risk quantification and prioritization is all about. Again, this technology is only as good as the processes already in place. - Matt Kunkel
    - Scott Matteson | January 25, 2021
    hak-iq.us20.list-manage.comJanuary 25, 2021

  • Data breach fines ‘wake-up call’ for businesses to prioritise cyber security

    • A number of recent high profile businesses in the leisure sector have received fines in excess of £1million for failing to keep its customer’s data secure.
    • In addition, the Ministry of Defence also recently came under fire, as its annual report noted an 18% rise in data breaches last year, with 546 reported incidents. Seven incidents were so serious that they were reported to the Information Commissioner’s Office (ICO) for further investigation.
    • While many may think cyber-attackers are getting smarter in their techniques, this is simply not the case. The tactics they use are age-old – such as spam emails, computer viruses and chat bot hacking, but they have certainly become more efficient and are making the most of the working from home scenario.
    - James Moore | January 25, 2021
    hak-iq.us20.list-manage.comJanuary 25, 2021

  • 2.28M MeetMindful Daters Compromised in Data Breach

    • More than 2.28 million members of the online dating site MeetMindful have reportedly been caught up in a wide-ranging data breach that exposes everything from Facebook tokens to physical characteristics.
    • In total the data makes up a 1.2 GB file, which has 1,500 views in the public forum. How many times it has been downloaded is unknown.
    • This particular breach comes on the tail of Interpol’s warning of financial scams being carried out in dating apps.
    • The site’s data was released by a well-known steal-and-leak actor known as ShinyHunters. The group made a splash last May, allegedly compromising 73.2 million user records from more than 11 companies worldwide, including online delivery services like Homechef, photo-print service ChatBooks, and Chronicle.com, a news source for higher education.
    • It’s unclear how ShinyHunters were able to access the site’s data, but cybersecurity expert and CTO of Cymulate Avihai Ben-Yossef suspects a cloud misconfiguration.
    - Tara Seals | January 25, 2021
    hak-iq.us20.list-manage.comJanuary 25, 2021

  • SonicWall Says It Was Victim of ‘Sophisticated’ Hack

    • The Silicon Valley-based company said it’s investigating a compromise in its Secure Mobile Access 100 series, which “simplifies end-to-end secure remote access to corporate resources,” according to the company website.
    • It wasn’t clear if the SonicWall breach was related to the recent cyber-attack against U.S. government agencies and companies -- including cybersecurity firms -- by suspected Russian hackers, which authorities have described as sophisticated.
    Bloomberg Quint - Andrew Martin | January 23, 2021
    hak-iq.us20.list-manage.comJanuary 23, 2021

  • Data breach at Bonobos hits 7 million customers: What to do

    • Seventy gigabytes' worth of customer data stolen from the website of U.S. men's clothing retailer Bonobos has been posted in a hacker forum.
    • The data includes the names and telephone numbers associated with 7 million customers or orders, 3.5 million records containing the last four digits of credit card numbers, and account information for 1.8 million customers, including passwords encrypted with the SHA-256 and SHA-512 hashing algorithms.
    • The company said it would be forcing password resets for any account for which the password was compromised.
    • "We're emailing customers to notify them that their contact information and encrypted passwords may have been viewed by an unauthorized third party," Bonobos said. "Payment information was not affected by this issue."
    - Paul Wegenseil | January 22, 2021
    hak-iq.us20.list-manage.comJanuary 22, 2021

451 A Street, Suite 500
San Diego, CA 92101

[email protected]

CONNECT WITH US

Linkedin Twitter

Cyber Center of Excellence is a San Diego-based nonprofit dedicated to growing the regional cyber economy and creating a more secure digital community for all.

JOIN US
Linkedin Twitter
Cyber Center of Excellence | Privacy Policy  |  Terms & Conditions
Linkedin Twitter
Privacy Policy  |  Terms & Conditions
© 2024 Cyber Center of Excellence