Global Cyber News Digest

Events

Cyber Insider Podcast

Press Room

Daily News Digest

Stay current on the global cyber threat landscape and industry developments with CCOE’s daily digest and library of cybersecurity news and articles.

  • Telegram or Signal? Welcome to the illusion called data security

    • Encryption is fundamentally flawed and once hackers get to know any vulnerability or bug in the whole data travel journey—apps, mobile operating system, public Wi-Fi, Cloud and the physical data centres—your personal and sensitive information is always at their mercy.
    • The Telegram team had to leave Russia due to local IT regulations and has tried a number of locations as its base, including Berlin, London and Singapore.
    • Signal does not own its own data centres. The company is entirely Cloud based, which puts data at risk as cyber-attacks on Cloud-based services have increased in the recent past.
    • Another big worry is that the present-day situation increasingly refers to a massive policy vacuum that exists in India in the context of protection of privacy and data. 
    • As of today, India does not have a dedicated law on privacy or on cybersecurity.  Further, it still does not have a legal framework in place for protecting all kinds of data. The Personal Data Protection Bill, 2019 is pending consideration before the Joint Parliamentary Committee.
    | January 17, 2021
    hak-iq.us20.list-manage.comJanuary 17, 2021

  • Maastricht Ransomware Case: A Year in Review in Light of 6 AMLD and OFAC

    • A year ago, an unprecedented attack on Maastricht University’s servers has led a sincere wake-up call to the high education system in the Netherlands and the EU.
    • The attack, that took place on December 23rd 2019 has targeted the university’s servers. The servers held valuable research, information of students and employees of the university, emails have been blocked, registration for exams and courses have been hindered, and files and programs of the university have been blocked.
    • The type of malware that has been used is Clop ransomware, which includes the full blocking to access to the university servers.
    • The university was then faced with a choice of either paying a ransom of 200,000- 300,000 EUR that was demanded in Bitcoin.
    • Why the attackers targeted Maastricht University, and whether it was initiated by dissatisfied former students, or other individuals, is yet to be discovered. However, academia and universities in the EU should take this unpleasant lesson, to say the least, as an example of how cyber practices should be conducted and how to prevent similar situations in the future.
    - Ella Rosenberg | January 17, 2021
    hak-iq.us20.list-manage.comJanuary 17, 2021

  • NASA Researcher Pleads Guilty to Concealing China Ties

    • A senior NASA scientist pleaded guilty on Jan. 13 to lying about his ties to a Chinese-backed program designed to harvest talents from the West and transfer intellectual property to China, the Justice Department announced.
    • He was charged with one count of making false statements and could face a maximum five-year prison sentence and up to $250,000 fine if convicted.
    • NASA prohibits “any outside employment activities” without approval, including engagement as a speaker or teacher.
    • “Members of U.S. government agencies are strictly prohibited from maintaining undisclosed affiliations with foreign entities, especially those that are actively seeking our intellectual property and technological advances,” said FBI Assistant Director William Sweeney Jr. “Actions like those carried about by Meyyappan can have security implications, and his charges should serve as a warning to others thinking about engaging in the same type of activity.”
    - Eva Fu | January 14, 2021
    hak-iq.us20.list-manage.comJanuary 14, 2021

  • CISA: Poor Cyber Hygiene Exploited to Compromise Cloud Security Services

    • Threat actors are successfully exploiting enterprises with poor cyber hygiene to compromise cloud security services through phishing attacks and brute force attempts, DHS CISA warns.
    • Threat actors are using “pass-the-cookie” attacks to exploit weaknesses. These attacks are typically launched within the Active Directory domain. 
    • When an entity employs multi-factor authentication on top of web applications, the user is prompted to provide further proof of their identity, such as push notifications on their mobile device. Once a user successfully passes the authentication tests, they’re given access and the browser creates a cookie that is stored for the user’s session.
    • CISA has also observed hackers gathering sensitive information from victims by exploiting email forwarding rules, set up by users to forward work emails to personal accounts. By modifying an existing email rule, these hackers then redirected the emails to an account controlled by the actors.
    • Then, they updated the rule to forward all of the victim’s emails to threat actor accounts. In similar attacks, the actors were observed modifying existing rules to search users’ email messages for finance-related keywords. The emails were then forwarded to hacker-controlled accounts.
    • In light of several reports that show healthcare remains a prime hacking target and a rapid increase in attacks on healthcare web applications, entities should review these CISA insights to secure their cloud and remote environments.
    - Jessica Davis | January 14, 2021
    hak-iq.us20.list-manage.comJanuary 14, 2021

  • What Good Looks Like in Cybersecurity

    • C-level executives want to know what good looks like and how to measure it. Penetration tests, internal vulnerability scans, and IT control checklists remain go-to tactics, but a new generation of tools is taking things to the next level.
    • It’s amazing how much you can objectively determine about a company’s security posture by looking from the outside.
    • This article highlights:
      • Cyber Risk Rating Firms
      • CASB
      • FAIR
      • 3rd/4th Party Applications
      • M&A and Private Equity
    - Craig Calle | January 14, 2021
    hak-iq.us20.list-manage.comJanuary 14, 2021

  • Hackers have leaked the COVID-19 vaccine data they stole in a cyberattack

    • Hackers have leaked the information they stole about the COVID-19 vaccines as part of a cyberattack targeting the European Union's medical agency, the organisation has admitted.
    • The EMA's work and the European medicines regulatory network  are unaffected by the breach and the approval and distribution of COVID-19 vaccines hasn't been disrupted.
    • A previous update revealed that hackers gained access to the information by breaching one undisclosed IT application – and that the attackers were specifically targeting data related to COVID-19 medicines and vaccines. The investigation into the attack is currently still ongoing.
    • Microsoft has also issued a warning that state-sponsored hacking operations have been targeting coronavirus vaccine producers, while the World Health Organisation has also issued warnings over an increase in cyberattacks targetting health.
    - Danny Palmer | January 13, 2021
    hak-iq.us20.list-manage.comJanuary 13, 2021

  • WhatsApp Stresses Privacy as Users Flock to Rivals

    • There was "a lot of misinformation" about an update to terms of service regarding an option to use WhatsApp to message businesses, Facebook executive Adam Mosseri, who heads Instagram, said in a tweet.
    • The update regards how merchants using WhatsApp to chat with customers can share data with Facebook, which could use the information for targeting ads, according to the social network.
    • "We can't see your private messages or hear your calls, and neither can Facebook," WhatsApp said in a blog post.
    • Encrypted messaging app Telegram has seen user ranks surge on the heels of the WhatsApp service terms announcement, said its Russia-born founder Pavel Durov.
    • Telegram refuses to cooperate with authorities and handover encryption keys, which resulted in its ban in several countries, including Russia.
    • Last year, Russia announced that it will lift its ban on the messenger app after more than two years of unsuccessful attempts to block it.
    | January 13, 2021
    hak-iq.us20.list-manage.comJanuary 13, 2021

  • Clearfield County Cyber Attack (Pennsylvania)

    • On Saturday, the Clearfield County commissioners say their IT department noticed the effects of the cyberattack.
    • Since the attack, the commissioners said they’ve been working with nationally recognized cybersecurity consultants to investigate.
    • “Well obviously we’re going to review everything about our cybersecurity, we’re going to implement tighter measures, we’re going to train our personnel. We don’t think our personnel did this but just to be safe,” said Dave Glass, County Commissioner.
    | January 12, 2021
    hak-iq.us20.list-manage.comJanuary 12, 2021

  • Wawa Data Breach: A Lesson in the Consequences of Data Security Failures

    • In December 2019, Wawa announced a widespread data breach affecting Point of Sale card reader systems at many of its 850 store locations, exposing customers’ financial data and other sensitive information. Since then, the company has been plagued by a flurry of lawsuits from consumers and credit unions claiming negligence for the retailer’s payment card security practices.
    • According to the latest credit union suits, the retailer allegedly failed to adhere to the Payment Card Industry Data Security Standard (PCI DSS) with its practice of swiping cards rather than scanning chips, opening the door for fraudsters to steal customers’ payment card details.
    • According to  PCI Pal research, 70% of consumers will leave a brand for several months or even permanently in the event of a data breach, resulting in long-term revenue losses. And while companies won’t be fined for a data breach in most of the United States, they can still be subject to hefty legal settlements.
    - Stacey Richards | January 12, 2021
    hak-iq.us20.list-manage.comJanuary 12, 2021

  • IMPORTANT UPDATE FROM MIMECAST

    • Microsoft recently informed us that a Mimecast-issued certificate provided to certain customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services has been compromised by a sophisticated threat actor.
    • As a precaution, we are asking the subset of Mimecast customers using this certificate-based connection to immediately delete the existing connection within their M365 tenant and re-establish a new certificate-based connection using the new certificate we’ve made available.
    • The security of our customers is always our top priority. We have engaged a third-party forensics expert to assist in our investigation, and we will work closely with Microsoft and law enforcement as appropriate.
    | January 12, 2021
    hak-iq.us20.list-manage.comJanuary 12, 2021

451 A Street, Suite 500
San Diego, CA 92101

[email protected]

CONNECT WITH US

Linkedin Twitter

Cyber Center of Excellence is a San Diego-based nonprofit dedicated to growing the regional cyber economy and creating a more secure digital community for all.

JOIN US
Linkedin Twitter
Cyber Center of Excellence | Privacy Policy  |  Terms & Conditions
Linkedin Twitter
Privacy Policy  |  Terms & Conditions
© 2024 Cyber Center of Excellence