Global Cyber News Digest

Events

Cyber Insider Podcast

Press Room

Daily News Digest

Stay current on the global cyber threat landscape and industry developments with CCOE’s daily digest and library of cybersecurity news and articles.

  • Delivering Security to Distributed and Remote Operations During a Pandemic

    • The push to work from home has forced organizations to open up their networks to remote access, and some of the popular tools that become indispensable for enabling people to work remotely — such as video conferencing — have proven to have major security issues.
    • Security has become increasingly problematic for organizations using more traditional approaches.
    • While the overarching goal of cybersecurity has been to lock down an environment within a physical space, the future of work isn’t compatible with that strategy.
    • For instance, IT teams will be unable to keep up: Between 5G, IoT, BYOD and the increasing mobility of the workforce, it’s going to be impossible to maintain point solutions for each and every device that has some connection to the organization’s networks and other assets.
    | September 25, 2020
    hak-iq.us20.list-manage.comSeptember 25, 2020

  • Simon Fraser University suffered ransomware attack last spring

    • A ransomware attack last spring at Simon Fraser University (SFU) reportedly compromised the personal information of about 250,000 students, faculty and alumni. The bad actors breached a database that contained the personal information of every person who joined the school before June 20, 2019.
    • The school had previously faced similar ransomware attacks, but not of this scope. Data from web forms was compromised, including online applications for teacher assistant positions, financial aid advising and admission deferral requests.
    • An effective privileged access management solution using a Zero Trust approach is key.
    • By verifying who is requesting access, the context of the request, as well as the risk of the access environment, organizations can minimize the impact of a ransomware attack and prevent malware from spreading through a network.
    | September 24, 2020
    hak-iq.us20.list-manage.comSeptember 24, 2020

  • Smishing: the New Phishing

    • Smishing is a lesser-known form of phishing that targets smartphone users via text or SMS messages.
    • Like a phishing attack, it could be visiting a fraudulent site and giving up your credentials or downloading a rogue application that can compromise your phone or steal personal information. 
    BUSINESS 2 COMMUNITY - Ty Mezquita | September 24, 2020
    hak-iq.us20.list-manage.comSeptember 24, 2020

  • 4 Phishing Attacks Making Waves Targeting VPNs and Brokers

    • Threat actors have no want of creativity when it comes to phishing scams. They look for new lures, new subjects and new targets as a means of preying upon organizations and users.
    • Fortunately, researchers are well aware of this stream of attacks that go beyond phishing emails. Many security professionals spend their time unraveling these advancements in order to keep organizations and users safe.
    • We should test their employees’ awareness of phishing attacks on an ongoing basis as well as continuously monitor for and proactively purchase typo-squatting domains that might be impersonating their web resources.
    - David Bisson | September 23, 2020
    hak-iq.us20.list-manage.comSeptember 23, 2020

  • Shopify fires two 'rogue' employees following data breach

    • The office of Canada's privacy commissioner says Shopify Inc. has yet to notify it of a recent data breach the company says was carried out by two "rogue" employees.
    • "We have not received a breach report about this incident," Vito Pilieci, a senior communications adviser for the Office of the Privacy Commissioner of Canada, told The Canadian Press in an email Wednesday.
    • On Tuesday, the Ottawa-based company first revealed on an online discussion board that it had identified two workers involved in illegitimately obtaining records connected to some of its merchants.
    • "We immediately terminated these individuals' access to our Shopify network and referred the incident to law enforcement. We are currently working with the FBI and other international agencies in their investigation of these criminal acts," the company said.
    - Tara Deschamps | September 23, 2020
    hak-iq.us20.list-manage.comSeptember 23, 2020

  • Dunkin’ Donuts Will Pay Over Half a Million Dollar Fine After Data Breach Lawsuit

    • Dunkin Donuts has agreed to pay $650,000 as penalty settlement costs for the lawsuit over its failure to respond to credential stuffing attacks that compromised customer accounts between 2015 and 2019.
    • According to the New York Attorney General’s Office, Dunkin’ franchisor of Dunkin’ Donuts, “failed to notify these customers of unauthorized access to their accounts, reset their account passwords to prevent further unauthorized access or freeze their DD cards.”
    • The company must upgrade its security protocols to avoid future unauthorized access and follow data breach notification procedures in any future incidents.
    - Alina Bizga | September 22, 2020
    hak-iq.us20.list-manage.comSeptember 22, 2020

  • China-linked lending apps on government’s radar amid potential data breach threat

    • Recent developments have had significant questions being asked on the grounds of national security, both by the Indian and American governments, regarding apps with ties to China (that’s what the entire TikTok fiasco is), jeopardising user data to aid the Chinese government.
    • The Indian government has now turned its focus on to fintech organizations with direct links to China, in an attempt to check for a potential data breach.
    • A recent search has shown that many fintech apps and organizations operating within the country have direct links to Chinese officials and have Chinese nationals as their company directors.
    The Tech Portal - Sanjoy Ghosh | September 22, 2020
    hak-iq.us20.list-manage.comSeptember 22, 2020

  • Securing privileged access can reduce the risk of data breach

    • Accounts that have privileged access are a problem when it comes to data breaches, so securing them effectively is essential.
    • But things are complicated by the fact that where privileged access was once designated only for system administrators it has now been expanded to HR, finance, legal and many more parts of the organization, as well as to non-human users like machines and applications.
    • The recent cyber attack on Twitter provides a good example of why attackers covet privileged access. It was reported that more than 1,000 Twitter employees had privileged access to the admin tool that was used to, 'change user account settings and hand control over to others.'
    - Ian Barker | September 22, 2020
    hak-iq.us20.list-manage.comSeptember 22, 2020

  • Activision shoots down data breach claims

    • Reports of a widespread hack affecting thousands of Activision player accounts surfaced on 20 September and were traced to a – now suspended – Twitter account that claimed the cyber attack was “worse than the notorious PS3 hack”, a reference to a 2011 incident.
    • However, in a statement circulated by Activision’s support team on Twitter, the firm said this was not the case.
    • “Given the profile of Call of Duty end-users, predominantly young male adults who may not be security conscious and/or aware, Activision now has a great opportunity to consider rolling out access control training and awareness through its platform as well as implement strong access control into its platform.”
    - Alex Scroxton | September 22, 2020
    hak-iq.us20.list-manage.comSeptember 22, 2020

  • Cyberattacks often leading to major data breaches

    • If cybercriminals successfully dispossess a company of sensitive information or payment data, you can be sure they will attempt to use it for fraudulent activities.
    • This is according to a new report from Which? that claims almost half (46 percent) of people whose data was stolen by hackers then went on to experience fraud. Almost a quarter (23 percent) of respondents said their data had been compromised following a breach.
    - Sead Fadilpašić | September 22, 2020
    hak-iq.us20.list-manage.comSeptember 22, 2020

451 A Street, Suite 500
San Diego, CA 92101

[email protected]

CONNECT WITH US

Linkedin Twitter

Cyber Center of Excellence is a San Diego-based nonprofit dedicated to growing the regional cyber economy and creating a more secure digital community for all.

JOIN US
Linkedin Twitter
Cyber Center of Excellence | Privacy Policy  |  Terms & Conditions
Linkedin Twitter
Privacy Policy  |  Terms & Conditions
© 2024 Cyber Center of Excellence