SecurityStudio News Brief July 2019
In the July issue of SECURITYSTUDIO News Brief, we bring you the top news and information about cybersecurity breaches across the globe. These not only have lasting effects for individuals and businesses, but also highlights the need for third-party risk management and tighter security protocols.
Third-Party Risk Management
- A new report claims phishing-threats-and-properly-protect-their-data-report-finds.aspx”>employees still struggle to identify phishing threats and properly protect their data. The report analyzed more than 130 million responses to cybersecurity questions in order to explore the knowledge of normal workers who use their employers’ email and Internet services.
- New research shows more than one in 10 companies worldwide will lose more than $10 million after falling victim to a cyber attack. As a result, companies are boosting cybersecurity investments in the next fiscal year. Experts advise business leaders to pay close attention to the risks associated with their supply chain and partners, as they further increase the attack surface substantially.
- A global survey recently revealed that IT managers are inundated with cyber attacks coming from all directions and are struggling to keep up due to a lack of security expertise, budget and up-to-date technology. As part of the report, only 16 percent of respondents consider supply chain a top security risk, exposing an additional weak spot.
World News
- Britain’s privacy watchdog plans to fine British Airways $230 million for violating the EU’s General Data Protection Regulation. The fine is a result of an investigation into a 2018 data breach that rerouted customers to a fraudulent site designed to steal their payment card data.
- The cyber warfare threat is rising as Iran and China agree to a “united front” against the U.S. Experts claim this is the beginning of a cyber war between countries and the Cybersecurity and Infrastructure Security Agency (CISA) within the DHS issued a blanket warning about a recent rise in malicious cyber activity directed at U.S. industries and government agencies by Iranian regime actors and proxies.
- The U.S. Coast Guard issued an alert about an increase in malware attacks targeting the networks of commercial vessels. They are asking ship owners to take more cybersecurity precautions after a report of malware infecting a vessel bound for the Port of New York and New Jersey.
Business Impact
- Many organizations around the world haven’t patched older Windows systems against the BlueKeep vulnerability that could let attackers take over devices. This is despite warnings from Microsoft, government agencies and cybersecurity companies. Many organizations may not know they have a system with the vulnerability.
- With the 2020 election upon us, the Federal Election Commission ruled that a cybersecurity company could legally offer discounted services to presidential campaigns hoping to protect themselves from cyberattacks. Cybersecurity is on the forefront of this campaign, given the U.S. intelligence community’s warnings of Russia’s intentions to escalate its interference.
- Apple has taken an extraordinary move and released a silent update to protect its users from a yet-to-be-disclosed vulnerability that could compromise Macs that have the Zoom video conferencing software installed. The silent update removes a clandestine web server Zoom installed in older versions of its software that can’t be removed through a standard uninstall process.
- Security researchers have uncovered a new vulnerability in a Siemens software platform for industrial control systems in large critical infrastructure facilities, such as nuclear power plants. An attacker could gain access to these systems for espionage or cause widespread physical damage.
Personal Impact
- A new type of phishing campaign is specifically targeting American Express card holders after attackers send a hyperlink as part of a phony account update. This phishing attack is different because instead of using a hyperlink to send victims to a malicious landing page, the scheme deploys an embedded “base href” URL to help hide from anti-virus and other security tools.
- A Maryland state audit found that the state’s education department improperly stored sensitive and personally identifiable information of more than 1.4 million students and more than 200,000 teachers. The audit found the names and Social Security information weren’t encrypted and were in clear text, and the databases weren’t adequately protected.
- The largest health insurer in the Pacific Northwest, Premera Blue Cross Blue Shield, agreed to pay $10 million to 30 states after an investigation into a data breach that exposed the personal information of more than 10 million people. The breach was due to inadequate security measures that left its computer network exposed to a hacker.
- A security flaw in a global airline check-in software that is used by hundreds of airlines could have been exploited to allow users to view boarding passes and personal details, potentially allowing downloading valid boarding passes not belonging to the user. The vulnerability has since been patched.
SecurityStudio® is the easiest, most comprehensive information security toolkit to measure, mitigate and manage risk. Our goal is to help all organizations build and maintain a strong information security program. We do this by helping organizations understand the need for strong information security, identifying and prioritizing their risks and implement secure methods to address those risks. https://securitystudio.com
