Global Cyber News Digest

Daily News Digest

Stay current on the global cyber threat landscape and industry developments with CCOE’s daily digest and library of cybersecurity news and articles.

  • The Dangers of Data Scraping: Do You Know What’s Out There?

    • Data scraping refers to a computer program or bot that extracts human-readable data from another program, site, or platform.
    • Data scraping can open the door to spear phishing attacks; hackers can learn the names of superiors, ongoing projects, trusted third parties, etc.
    • Essentially, everything a hacker could need to craft their message to make it plausible and provoke the correct (rash and ill-informed) response in their victims.
    - Ben Canner | August 24, 2020
    hak-iq.us20.list-manage.comAugust 24, 2020
  • Here are the 10 cybersecurity myths you need to stop believing

    • Ransomware attacks, data breaches, and scams — along with a steady stream of extortion and phishing emails — have taken over the internet.
    • We hear about cybercrime so often that it can quickly turn into white noise.
    • That’s a mistake.
    • Here are 10 security myths you need to stop believing about your data.
    - Kim Komando | August 24, 2020
    hak-iq.us20.list-manage.comAugust 24, 2020
  • Is a Ransomware Attack a Reportable Data Breach?

    • One question that vexes security engineers, incident responders and lawyers is whether a ransomware attack constitutes a reportable data breach under any of the various data breach disclosure laws, regulations or other requirements.
    • As a general rule, a ransomware attack, such as a DDoS attack, demonstrates a vulnerability in a system but probably (always equivocate) does not result in the exposure of the data.
    - Mark Rasch | August 24, 2020
    hak-iq.us20.list-manage.comAugust 24, 2020
  • How IT-OT Security Has Changed in the Wake of COVID-19

    • COVID-19 served as an impetus for change. It demanded that organizations be more flexible in their ability to adapt to new challenges, to solve for remote access and to be more secure.
    • Many organizations have met this challenge head-on; we’re seeing better security and stronger controls in an effort to monitor output quality.
    • Even more importantly, we’re seeing greater IT-OT collaboration. It’s no longer forced talks consisting of arguments over whose CIA Triad priorities matter more.
    Tripwire - Kristen Poulos | August 23, 2020
    hak-iq.us20.list-manage.comAugust 23, 2020
  • 223 Million YouTube, TikTok And Instagram Accounts Exposed In Massive Data Breach

    • A database of nearly 235 million social media profiles from platforms such as Instagram, TikTok, and YouTube, was exposed on the internet. This could open users up to phishing and impersonation scams as well as unwanted email usage.
    • On August 1st, Bob Diachenko, a cybersecurity researcher at Comparitech, uncovered three copies of the data on servers ultimately controlled by Hong Kong- based Social Data.
    • Social Data is a company that sells data of social media influencers to marketers.
    - Nathan Ord | August 23, 2020
    hak-iq.us20.list-manage.comAugust 23, 2020
  • Uber’s Former CSO Charged With Paying $100,000 In Bitcoin To Hide Massive Data Breach

    • The Department of Justice announced in a press release today that Joseph Sullivan, former Chief Security Officer of Uber UBER +6.8%, allegedly tried to cover up a 2016 hack that compromised data of millions of users and drivers.
    • Uber actually paid the hackers $100,000 in bitcoin in December 2016, despite the fact that the hackers never gave their true names and already had the data.
    • Sullivan even sought to have the hackers sign non-disclosure agreements. The agreements contained a false representation that the hackers did not take or store any data.
    - Jason Brett | August 20, 2020
    hak-iq.us20.list-manage.comAugust 20, 2020
  • University of Utah pays $450K ransom to stop leak of stolen data

    • "On Sunday, July 19, 2020, the university’s College of Social and Behavioral Science (CSBS) was notified by the university’s Information Security Office (ISO) of a ransomware attack on CSBS computing servers.
    • Content on the compromised CSBS servers was encrypted by an unknown entity and no longer accessible by the college," the University of Utah disclosed.
    • As part of the attack, the threat actors stole unencrypted data before encrypting computers.
    - Lawrence Abrams | August 20, 2020
    hak-iq.us20.list-manage.comAugust 20, 2020
  • Q&A: How SOCs have been coping during the pandemic

    • There was a significant dip in alerts detected in March when the lockdown in the UK started. The reason behind this was two-fold.
    • First, the situation was uncertain, and systems were being configured for remote working environment during the pandemic.
    • Second, the number of attacks fell as cyber criminals had to figure out how to exploit the “new normal”, i.e. more people working remotely, having a greater reliance on the internet, and potentially not being as secure.
    - Faiz Shuja | August 20, 2020
    hak-iq.us20.list-manage.comAugust 20, 2020
  • Carnival Cruises hit with a costly ransomware attack

    • Cruise operator Carnival Corp is the latest to fall victim to ransomware-wielding bandits. David Bernstein, chief financial officer for Carnival, told the SEC in a regulatory filing on Monday that the company had suffered from an attack that involved files being stolen. 
    • The filing says that on Aug. 15 the company "detected a ransomware attack that accessed and encrypted a portion of one brands information technology systems. The unauthorized access also included the download of certain of our data files."
    - Jonathan Greig | August 19, 2020
    hak-iq.us20.list-manage.comAugust 19, 2020
  • Warn your staff about phone spear phishing attacks, as reports rise

    • You will remember that Twitter confirmed that members of staff were rung up by scammers, who then socially engineered their victims into handing over credentials which gave the hackers access to Twitter’s internal tools.
    • The same “voice phishing” techniques have been used against banks, web hosts, and cryptocurrency exchanges, in recent weeks.
    • No surprise about LinkedIn being a key resource for the hackers. It’s a much more valuable resource for criminals trying to learn more about your company and which worker they should target than it is for job seekers.
    Graham Cluley | August 19, 2020
    hak-iq.us20.list-manage.comAugust 19, 2020