Breach Guide

Learn the steps to take in the event of a data breach and stay current on the cyber threat landscape with the FTC’s Data Breach Resources, FBI’s Daily Digest Library and San Diego’s Cyber Incident Response Guide.

Federal Trade Commission (FTC) Data Breach Resources

Find out the steps to take as a business or consumer if you experience a data breach.

ftc-gov

FBI Cyber Daily Digest Library

Stay current on the global threat landscape with the FBI’s daily circulation of published data breaches and articles.

  • Google is working on a fix for malicious Calendar spam

    Source: Engadget
    By: Igor Bonifacic
    Published: September 3, 2019

    * Since at least May of this year, malicious individuals have been sending Gmail users unsolicited Calendar invites. The scam takes advantage of the fact most people have their Google accounts set to automatically add and notify them of Calendar invites.
    * You can easily protect yourself against this type of spam by changing how GCal handles event invitations.

  • Authorities in France tackling cyber-attacks on all fronts - ANSSI

    Source: The Daily Swig
    By: Emma Woollacott
    Published: September 3, 2019

    * From espionage to cryptojacking, the French cybersecurity agency acted on nearly 2,000 threat reports last year
    * Since 2013, France's Critical Infrastructures Information Protection (CIIP) framework has laid down a common minimum level of cybersecurity for all critical operators, while giving ANSSI powers to support them in the event of a cyber-attack.

  • Cyber Insurance: You Get What You Pay For

    Source: CPO Magazine
    By: Scott Ikeda
    Published: September 3, 2019

    * The cyber insurance market has experienced an unsurprising boom in recent years, as there seems to be a weekly story about some high-profile breach or another.
    * Some insurers are offering these incredibly low prices by cutting vital coverage, and a number of players in the market are money-chasing opportunists that don't really understand cybersecurity.
    * These risks were highlighted recently by a study from mutual insurance giant FM Global, and summit helmed by cyber insurance experts at the annual Black Hat USA security conference in Las Vegas.

  • CISOs think cloud safer, but security fears remain

    Source: ComputerWeekly.com
    By: Warwick Ashford
    Published: September 3, 2019

    * More than three in five (61%) chief information security officers (CISOs) believe the security risk of a security breach is the same or lower in cloud environments than on-premise, a study shows.
    * However, the survey also reveals that despite the perceived superiority of cloud over on-premise when it comes to security, respondents do not consider cloud systems to be completely safe, with only 10% saying they were not concerned about security in the cloud.'

  • Popular PDF software developer suffers major data breach - reset your password now

    Source: TechRadar.pro
    By: Mark Wycislik-Wilson
    Published: September 3, 2019

    * Foxit Software, the company behind PDF reader Foxit Reader and PDF editor PhantomPDF, is forcing users to reset their password after it suffered a data breach.
    * Third parties managed to gain gained access to data 'My Account' data. This includes information such as email addresses, passwords, names, phone numbers, company names and IP addresses.

  • Major Security Flaw Found in Google Chrome, Patch Must Be Installed ASAP

    Source: Softpedia News
    By: Bogdan Popa
    Published: September 2, 2019

    * A security flaw in Google Chrome allows an attacker to eventually take control a vulnerable host, and parent company Google recommends users to deploy a patch as soon as possible.
    * The vulnerability requires users to visit a malicious website, at which point an attacker could attempt to run arbitrary code with the final goal of taking control of the device.

  • Revealed: How a secret Dutch mole aided the U.S.-Israeli Stuxnet cyberattack on Iran

    Source: Yahoo!News
    By: Kim Zetter and Huib Modderkolk
    Published: September 2, 2019

    * For years, an enduring mystery has surrounded the Stuxnet virus attack that targeted Iran's nuclear program: How did the U.S. and Israel get their malware onto computer systems at the highly secured uranium-enrichment plant?
    * The courier behind that intrusion, whose existence and role has not been previously reported, was an inside mole recruited by Dutch intelligence agents at the behest of the CIA and the Israeli intelligence agency, the Mossad.

  • BEC overtakes ransomware and data breaches in cyber-insurance claims

    Source: ZDNet
    By: Catalin Cimpanu
    Published: September 2, 2019

    * Business email compromise (BEC) has overtaken ransomware and data breaches as the main reason companies filed a cyber-insurance claim in the EMEA (Europe, the Middle East, and Asia) region last year, said insurance giant AIG.
    * Ransomware-related incidents came in in second place, accounting for 18% of all cyber-insurance claims in the EMEA region, followed by claims for data breaches caused by hackers and data breaches caused by employee negligence (e.g. sending data to the wrong person), both with 14%.

  • How one teenager took out a secure Pentagon file sharing site

    Source: FifthDomain
    By: Andrew Eversden
    Published: August 31, 2019

    * By last October, the Pentagon's Vulnerability Disclosure Program had processed thousands of loopholes in the Department of Defense's websites.
    * Then it received a report from Jack Cable.
    * Cable has quite the list of accomplishments. In 2018, TIME Magazine ranked him as one of the Top 25 most influential teens. At age 17, he found 30 vulnerabilities in Air Force websites during the 2017 rendition of the "Hack the Air Force" competition. He ended up winning the contest.

  • How the Pentagon is tackling deepfakes as a national security problem

    Source: C4ISRNET
    By: Nathan Strout
    Published: August 29, 2019

    * Deepfakes are a national security issue, said Lt. Gen. Jack Shanahan, director of the Pentagon's Joint Artificial Intelligence Center, and the Department of Defense needs to invest heavily in technology that can counter it.
    * Deepfakes are videos where one person's face is superficially imposed onto another person's face to make it look like they said or did things they did not.


San Diego Cyber Incident Response Guide

Learn more about San Diego’s region-wide cyber incident response guide and available local, state and federal resources.

San Diego Cyber Incident Response Guide October 2017