Breach Guide

Learn the steps to take in the event of a data breach and stay current on the cyber threat landscape with the FTC’s Data Breach Resources, FBI’s Daily Digest Library and San Diego’s Cyber Incident Response Guide.

Federal Trade Commission (FTC) Data Breach Resources

Find out the steps to take as a business or consumer if you experience a data breach.

ftc-gov

FBI Cyber Daily Digest Library

Stay current on the global threat landscape with the FBI’s daily circulation of published data breaches and articles.

  • Wikipedia and World of Warcraft Classic targeted by DDoS attacks

    Source: Security Boulevard
    By: Graham Cluley
    Published: September 9, 2019

    * According to the Wikimedia Foundation, nonprofit charitable organization behind Wikipedia, the site was hit with a malicious attack that made the site inaccessible from several countries for intermittent periods.
    * Players of World of Warcraft Classic found they had difficulties connecting to the game's servers after they too were impacted by a DDoS attack.

  • Secret Service Investigates Breach at U.S. Govt IT Contractor

    Source: KrebsonSecurity
    By: Brian Krebs
    Published: September 9, 2019

    * The U.S. Secret Service is investigating a breach at a Virginia-based government technology contractor that saw access to several of its systems put up for sale in the cybercrime underground.
    * In mid-August, a member of a popular Russian-language cybercrime forum offered to sell access to the internal network of a U.S. government IT contractor that does business with more than 20 federal agencies, including several branches of the military.
    * The seller bragged that he had access to email correspondence and credentials needed to view databases of the client agencies, and set the opening price at six bitcoins (~USD $60,000).

  • Newsletter: Consumers would be more forgiving of data breaches if companies just came clean

    Source: LA Times
    By: David Lazarus
    Published: September 9, 2019

    * Ninety percent of survey respondents said they'd be more forgiving of a company or organization that responded to a breach in a prompt and transparent manner. Conversely, two-thirds of respondents said they'd stop doing business with a company that dithered in the face of a security lapse.
    * A California law set to take effect in January will allow state residents to find out what kinds of information a business has collected. The Consumer Privacy Act also permits customers to request that a company delete any personal information it holds.

  • Terrorism, espionage, and cyber: ASIO's omne trium perfectum

    Source: ZDNet
    By: Asha Barbaschow
    Published: September 6, 2019

    * ASIO's outgoing Director-General of Security reflects on the 'security triptych' that is of upmost concern to Australia's national security.
    * "I had to remind myself the other day that when 9-11 took place, of course, there were no tweets, it's interesting. It only seems like yesterday. There was no social media as we know it today," Australia's Director-General of Security Duncan Lewis said during an address to the Lowy Institute.

  • NSA: Just say no to hacking back

    Source: FCW
    By: Lauren C. Williams
    Published: September 5, 2019

    * The NSA is taking a strong stance against hacking back.
    * If an organization should see evidence of an ongoing cyberattack, it should alert the FBI or Homeland Security, Glenn Gerstell, the National Security Agency's chief counsel, told reporters at the 2019 Intelligence and National Security Summit.

  • China hacked Asian telcos to spy on Uighur travelers: sources

    Source: Yahoo! News
    By: Jack Stubbs
    Published: September 5, 2019

    * Hackers working for the Chinese government have broken into telecoms networks to track Uighur travelers in Central and Southeast Asia, two intelligence officials and two security consultants who investigated the attacks told Reuters.
    * China is facing growing international criticism over its treatment of Uighurs in Xinjiang. Members of the group have been subject to mass detentions in what China calls "vocational training" centers and widespread state surveillance.

  • NSA Cyber Chief Wants to Share Digital Threats Early and Often

    Source: NextGov
    By: Jack Corrigan
    Published: September 5, 2019

    * The agency has historically been slow to share threat intelligence but accelerating that process would help the government get ahead of cyber adversaries.
    * By pushing out intelligence earlier and faster, NSA could help its partners get ahead of digital threats instead of playing clean-up after they fall victim, said Anne Neuberger, who was recently tapped to lead the agency's new Cybersecurity Directorate. The office is set to officially open its doors on Oct. 1.

  • 7 Sophisticated Cyber-Attacks that are Growing in 2019

    Source: Security Boulevard
    By: Lisa O'Reilly
    Published: September 5, 2019

    * Shadow IT and the growth in applications at use in the work environment, together with the Internet of Things (IoT), have led to an increase in entry points that cybercriminals can exploit for phishing and other attacks.
    * As bad actors become more sophisticated in their attacks, so too have their success in gaining access to corporate data, financial assets, and networks.

  • Security hole opens a billion Android users to advanced SMS phishing attacks

    Source: HelpNetSecurity
    By: FNU LNU
    Published: September 4, 2019

    * The affected Android phones use over-the-air (OTA) provisioning, which allows mobile network operators to deploy network-specific settings to a new phone joining their network.
    * Researchers found that the industry standard for OTA provisioning, the Open Mobile Alliance Client Provisioning (OMA CP), includes limited authentication methods. This can be exploited, enabling hackers to pose as network operators and send deceptive OMA CP messages to users.

  • The Dangers in Smart Cities

    Source: NextGov
    By: John Breeden II
    Published: September 4, 2019

    * Smart cities make for a larger attack footprint, and more potentially devastating results from a breach or hack.
    * Because the concept of smart cities is new, with actual implementations still pretty rare, there has not been a lot of smart city hacking incidents.
    * A couple of years ago someone hacked into the tornado siren network in Dallas, which was in the process of automating those warnings. The hacker sounded the alarm, panicking some residents, but there was no permanent damage.


San Diego Cyber Incident Response Guide

Learn more about San Diego’s region-wide cyber incident response guide and available local, state and federal resources.

San Diego Cyber Incident Response Guide October 2017