Global Cyber News Digest

Events

Cyber Insider Podcast

Press Room

Daily News Digest

Stay current on the global cyber threat landscape and industry developments with CCOE’s daily digest and library of cybersecurity news and articles.

  • Gunnebo data breach: Blueprints of bank vaults, security systems leaked online

    • A cyber attack that struck Swedish security company Gunnebo in August led to the exposure of 38,000 internal documents containing blueprints of bank vaults, security doors, alarm equipment, and security functions for ATMs.
    • The company said that soon after its IT department established that unauthorised persons tried to enter the company's IT environment, they immediately shut down the servers to isolate the attack and thanks to the rapid intervention, the operational impact became minimal and operations could be resumed quickly.
    • Commenting on hackers leaking sensitive data stolen from organisations, Warren Poschman, senior solutions architect with comforte AG, said if the data had been secured properly using technologies such as tokenisation or format-preserving encryption then the sensitive details would still be secure and worthless as an instrument of blackmail or identity theft.
    teiss - Jay Jay | October 28, 2020
    hak-iq.us20.list-manage.comOctober 28, 2020

  • CCMH avoids public disclosure of data breach

    • On or before Thursday, Oct. 22, staff and administration at Cedar County Memorial Hospital became aware of an online data breach, followed by an apparent attempt to extort the hospital for a financial payment for the return of said data.
    • The cyber intrusion utilized a dark web program labeled as “Ragnarok” ransomware, which consisted of an alleged capturing of data, along with a threat to disseminate it, unless a ransom was paid to a veiled or unnamed entity.
    • The Federal Bureau of Investigations has been notified and the hospital is cooperating with investigators efforts looking into all facets of the breach.
    CEDAR COUNTY Republican - Miles Brite | October 28, 2020
    hak-iq.us20.list-manage.comOctober 28, 2020

  • #NCSAM: Organizations at Higher Risk of Cyber-Attacks Due to IoT Expansion

    • Organizations are at much higher risk of cyber-attack due to the expansion of IoT devices in their networks over the past year.
    • The analysis, which looked at the multi-layer threats and weakness impacting current IoT supply chain ecosystems, has been published during National Cybersecurity Awareness Month, which is this year focusing on the role individual users can play in enhancing the security of IoT devices.
    • Supply chain attacks in IoT can come in two forms: from software installed in a certain device that has been compromised to hide malware, and from a piece of hardware implanted or modified to change a device’s behavior.
    - James Coker | October 27, 2020
    hak-iq.us20.list-manage.comOctober 27, 2020

  • Google's law firm hit by data breach, employee details leaked

    • Immigration law firm Fragomen, Del Rey, Bernsen & Loewy said that the breach saw the personal information of current and former Google employees affected.
    • Fragomen plays an important role for Google's workforce, offering verification screening services to determine if employees are eligible and authorized to work in the United States.
    • All companies operating in the United States are required to maintain a Form I-9 file on every employee to ensure that they are legally allowed to work and not subject to more restrictive immigration rules.
    - Mike Moore | October 27, 2020
    hak-iq.us20.list-manage.comOctober 27, 2020

  • Amazon sacks employee over data breach

    • Amazon has contacted a portion of its customers to inform them an employee has been discharged from their role after leaking their personal information to an unidentified third-party.
    • The incident highlights the continued threat of insider security risks.
    • No matter how many cyber security precautions an organisation takes, it’s difficult to guard against either human error or malicious intent, as has been the case with the leakage of Amazon customers’ email addresses.
    - Keumars Afifi-Sabet | October 27, 2020
    hak-iq.us20.list-manage.comOctober 27, 2020

  • Protecting Students From Financial Aid Fraud Should Be A Priority For Schools

    • The Department of Education reports “an increased number of ransomware attacks targeting higher education institutions” in the wake of Covid-19. We’re seeing more reliance on technology, rather than in-person communication, as the virus drags on. Many students are unable to visit financial aid offices in person and are conducting more of their business online.
    • Although young people tend to be pretty tech savvy, they don’t often understand the ramifications of fraud or the threat it poses. If they see an email that looks like it came from their university, students may be inclined to trust it, even when they shouldn’t. Schools can address this by outlining in very clear terms:
      • When students can expect emails.
      • What they will ask of students.
      • How they will ask it.
    • Most young people won’t have experience navigating the financial aid process, so they may be tricked by those impersonating an imposing authority figure.
    - Monica Eaton Cardone | October 27, 2020
    hak-iq.us20.list-manage.comOctober 27, 2020

  • Ransomware vs WFH: How remote working is making cyberattacks easier to pull off

    • Hackers are breaking into networks of organisations ranging from tech companies to local governments and almost every other sector; encrypting servers, services and files with ransomware before demanding a bitcoin ransom that can be measured in hundreds of thousands or even millions of dollars.
    • "You have a much bigger attack surface; not necessarily because you have more employees, but because they're all in different locations, operating from different networks, not working with the organisation's perimeter network on multiple types of devices. The complexity of the attack surface grows dramatically," says Shimon Oren, VP of research and deep learning at security company Deep Instinct.
    • For some people, their work laptop might be their only computer, which means they're using these devices for personal activities too like shopping, social media or watching shows.
    • The reason ransomware remains lucrative is because victims pay the ransom, opting to do so because they perceive it as the best way to restore the network. But paying the ransom means attacks will just continue.
    - Danny Palmer | October 27, 2020
    hak-iq.us20.list-manage.comOctober 27, 2020

  • Fragomen, a law firm used by Google, confirms data breach

    • The New York-based law firm provides companies with employment verification screening services to determine if employees are eligible and authorized to work in the United States.
    • Every company operating in the United States is required to maintain a Form I-9 file on every employee to ensure that they are legally allowed to work and not subject to more restrictive immigration rules.
    • Form I-9 files can contain a ton of sensitive information, including government documents like passports, ID cards and driver’s licenses, and other personally identifiable data, making them a target for hackers and identity thieves.
    • Companies with more than 500 California residents affected by a breach are required to submit a notice with the state’s attorney general’s office.
    - Zack Whittaker | October 26, 2020
    hak-iq.us20.list-manage.comOctober 26, 2020

  • Should You Use a ‘Dark Web Scan’ to Protect Your Identity?

    • A dark scan will scan the dark web to see if medical identification info and bank account numbers are being shared.
    • If you get positive results, the dark scan service will suggest that you change your passwords, use stronger ones, or put a credit freeze on your credit profiles. A negative search result doesn’t necessarily mean you haven’t had a data breach, of course, as there’s no way for any company to search the entirety of the dark web.
    • A dark scan will only reveal that your personal information is on the dark web.
    • The most effective steps to protect yourself (cancelling cards, password changes, credit freezes) are free — you don’t need to pay a company for it unless you want to delegate the hassle.
    - Mike Winters | October 26, 2020
    hak-iq.us20.list-manage.comOctober 26, 2020

  • Data Doctors: The value of a ‘burner’ phone number

    • How are so many companies getting my cell phone number if I’m on the Do Not Call registry?
    • The exemptions to the registry include political campaigns, polls and surveys, debt collectors, charities, non-profits and companies that you’ve done business within the past 18 months or sought to do business within the past 3 months.
    • Having a second number that you can use for non-essential short-term communications is a great tactic.
    - Ken Colburn | October 25, 2020
    hak-iq.us20.list-manage.comOctober 25, 2020

451 A Street, Suite 500
San Diego, CA 92101

[email protected]

CONNECT WITH US

Linkedin Twitter

Cyber Center of Excellence is a San Diego-based nonprofit dedicated to growing the regional cyber economy and creating a more secure digital community for all.

JOIN US
Linkedin Twitter
Cyber Center of Excellence | Privacy Policy  |  Terms & Conditions
Linkedin Twitter
Privacy Policy  |  Terms & Conditions
© 2024 Cyber Center of Excellence