• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Protection of Information Assets

Temple University

Protection of Information Assets

MIS 5206.001 ■ Fall 2023 ■ David Lanter
  • HomePage
  • Instructor
  • Syllabus
  • Schedule
    • First Half of the Semester
      • Unit #1: Understanding an Organization’s Risk Environment
      • Unit #2: Case Study 1 – Snowfall and stolen laptop
      • Unit #2: Data Classification Process and Models
      • Unit #3: Risk Evaluation
      • Unit #4 Case #2: Autopsy of a Data Breach: The Target Case
      • Unit #5: Creating a Security Aware Organization
      • Unit #6: Physical and Environmental Security
    • Second Half of the Semester
      • Unit #8 Case Study 3 – A Hospital Catches the “Millennium Bug”
      • Unit #9: Business Continuity and Disaster Recovery Planning
      • Unit #10: Network Security
      • Unit #11: Cryptography, Public Key Encryption and Digital Signatures
      • Unit #12: Identity Management and Access Control
      • Unit #13: Computer Application Security
  • Deliverables
    • Weekly Deliverables
      • “In the News” Articles
      • Answers to Reading Discussion Questions
      • Comments on Reading Discussion Question and Other Students’ Answers
    • Case Studies
    • Team Project

In The News

September 14, 2023 by David Lanter 9 Comments

Filed Under: Unit 04: Case Study 2 - Autopsy of a Data Breach - The Target Case Tagged With:

Reader Interactions

Comments

  1. Ooreofeoluwa Koyejo says

    September 16, 2023 at 2:10 am

    Airbus Data Breach Through Third-Party Pirated Software with Infostealing Malware

    https://www.infosecurity-magazine.com/news/pirated-software-cause-airbus/
    https://www.hudsonrock.com/blog/an-avoidable-breach-fbi-hacker-leaks-sensitive-airbus-data

    Airbus, a European aerospace giant suffered a data breach through the exposed credentials of a third-party IT employee of Turkish Airlines (a third-party vendor to Airbus) who installed pirated Microsoft software with Redline information-stealing malware that gave access to the personal information of Airbus vendors such as name, addresses, email address, phone number etc. This information-stealing malware gave the hacker identified by the ‘USDoD’ alias belonging to the Ransomed ransomware group where the breach action was announced on the Breach Forum, the access to the data that was eventually leaked to the public.

    In summary-
    Vulnerability: exposed credentials of the Turkish airline IT employee
    Threat: the hacker using the Redline information-stealing malware
    Impact: the data exposure of Airbus vendor’s private information
    Risk: identity theft, brand reputation, loss of customers etc. from the data exposure incident.

    Log in to Reply
  2. Jon Stillwagon says

    September 16, 2023 at 10:33 pm

    https://thehackernews.com/2023/09/cybercriminals-combine-phishing-and-ev.html
    This article is about how the bad guys are using ransomware through phishing campaigns that can spread the initial payload to code signing certificates. It starts by using phishing emails to trick the other user into running the malicious attachments which are disguised as PDF or jpg images but are executables that start compromising your system the moment you run it. The phishing campaign is spreading a new and improved malware loader which is called DBatLoader. Its new capabilities indicate that it is actively kept to drop malicious programs that can collect sensitive information and remote control systems. The emails have been mainly singled out in English but are also found in Spanish and Turkish languages. The targets are people who use the Cisco Webex video conferencing software on Google to redirect them to a fake website that will activate the Bootloader malware. Once the loader establishes contact with your remote server it then downloads a second-stage encrypted payload which uses another stealer and keylogger malware, DanaBot.

    Log in to Reply
  3. Yannick Rugamba says

    September 17, 2023 at 12:31 pm

    https://thehackernews.com/2023/09/alert-phishing-campaigns-deliver-new.html

    This article discusses how a hacking group called APT34 has started phishing campaigns. They are using a modified version of the Side Twist backdoor and a fresh variant of Agent Tesla.

    APT34 employs spear phishing tactics by sending corrupted Microsoft Word and Excel files that take advantage of known vulnerabilities, in Microsoft Office. This allows them to run codes on the victim’s computer. The Side Twist backdoor enables them to download/upload files and execute commands establishing communication with a server for instructions. At the time the Agent Tesla variant can collect information from the victim’s device, such, as saved login credentials and keylogging data.

    Warning: APT34 is currently launching phishing campaigns that distribute versions of Side Twist and Agent Tesla. To protect yourself be cautious when opening emails from sources that contain Microsoft Word or Excel attachments to avoid compromise.

    Log in to Reply
  4. Eyup Aslanbay says

    September 17, 2023 at 2:47 pm

    The Scattered Spider hacking group recently claimed to have stolen six terabytes of data from major casino operators MGM Resorts International and Caesars Entertainment. While the group did not plan to make the data public and did not comment on whether they requested ransom, MGM and Caesars remained silent on the extent of the data breach. Caesars reported that hackers obtained data on a significant number of loyalty program members, including sensitive information like driver’s license numbers and social security numbers, but declined to comment on whether they paid a ransom. Scattered Spider, known for its social engineering tactics, has been linked to over 100 intrusions across various industries in the last two years. Both companies were working to resolve the cybersecurity issue, while the FBI was investigating the incidents. Operations at MGM were still disrupted several days after the hack, with slot machines displaying error messages at Las Vegas casinos. Some experts suggest that Scattered Spider may be a subgroup of the ALPHV ransomware hacking outfit.

    https://www.reuters.com/business/casino-giant-caesars-confirms-data-breach-2023-09-14/

    Log in to Reply
  5. Bo Wang says

    September 17, 2023 at 10:55 pm

    https://www.infosecurity-magazine.com/news/iranian-threat-group-thousands/
    The article describes a six-month period of cyber espionage against global targets by the Iranian-backed APT group Peach Sandstorm. The group uses cryptojet techniques and exploits to gain access to targeted systems, and uses a range of tools for reconnaissance, persistence, and data breaches. The group leveraged Azure services and tools to persist and execute other attacks in the targeted environment, including the creation of new Azure subscriptions. The purpose of the group was to steal information that served Iran’s national interests, and its activities posed a threat to the confidentiality of its victims.

    Log in to Reply
  6. Celinemary Turner says

    September 17, 2023 at 11:39 pm

    https://www.reference.com/world-view/cybersecurity-awareness?
    This article is all about Cybersecurity awareness, means actively protecting your personal infrastructure and information. .A robust information security is needed in all organization to properly secure their information assets and to prevent hackers penetrating into your network. The subject may still seem somewhat new to you, but it’s only going to become a more pressing issue as society continues to develop technologically. On October 1, 2021, President Joe Biden told the nation, “I am committed to strengthening our cybersecurity by hardening our critical infrastructure against cyberattacks, disrupting ransomware networks, working to establish and promote clear rules of the road for all nations in cyberspace, and making clear we will hold accountable those that threaten our security. ”

    Log in to Reply
  7. Edge Kroll says

    September 18, 2023 at 5:39 pm

    https://www.securityweek.com/california-settles-with-google-over-location-privacy-practices-for-93-million/
    Google has agreed to a $93 million settlement with the state of California over its location-privacy practices, following a $391.5 million settlement with 40 states in November 2022 regarding the tracking of users’ locations. The investigation was prompted by a 2018 Associated Press report revealing that Google continued to track user location data even after they had opted out. The settlement includes several restrictions, such as enhanced transparency in location tracking, disclosing the use of location data for ad personalization, and providing additional information to users when enabling location-related account settings. Google admitted no wrongdoing but stated that the matter was related to outdated product policies that had been changed in recent years.

    Log in to Reply
  8. Nicholas Nirenberg says

    September 19, 2023 at 2:18 pm

    Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data | URL: https://thehackernews.com/2023/09/microsoft-ai-researchers-accidentally.html

    This article covers Microsoft’s recent significant security breach where 38 terabytes of private data was inadvertently exposed in its AI GitHub repository. This occurred when open-source training data was mistakenly made public during publishing, including sensitive information like secrets, keys, passwords, and over 30,000 internal Teams messages. The breach was attributed to an overly permissive SAS token in Azure, which is challenging to track and revoke. Furthermore, the README.md file in the repository provided developers with a link to download models from an Azure Storage URL, and unfortunately this link also unintentionally granted access to the entire storage account, leading to the exposure of additional private data. Microsoft promptly resolved the issue, emphasizing that no customer data was compromised. They have also enhanced token security to prevent future incidents. This incident highlights the importance of understanding the correct configurations for high value things such as SAS tokens.

    Log in to Reply
  9. Hashem Alsharif says

    September 19, 2023 at 4:13 pm

    https://www.reuters.com/world/international-criminal-court-reports-cybersecurity-incident-2023-09-19/

    This article is a prime example of how cybersecurity and politics can intersect with each other. The International Criminal Court is an institution that holds sensitive information about war crimes. It was noticed that there was unusual activity on the computer network. While it’s still unknown who was behind it, there are some key facts to keep in mind. In March, an arrest warrant was Issued for Putin being suspected on illegally deporting children in Russia who were originally from Ukraine.. While we can’t say Russia is behind this completely, we have a reason to suspect they may be behind this especially considering the ICC has been constantly investigating war crimes done by Russia onto Georgia and Ukraine, This teaches us to not only stay vigilant for unusual activity, but also it helps us understand that when looking at potential threats, you must examine what it is that organization does and why would their information be important to a hacker.

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Unit 01: Understanding an Organization's Risk Environment (5)
  • Unit 02: Case Study 1 – Snowfall and a stolen laptop (2)
  • Unit 02: Data Classification Process and Models (6)
  • Unit 03: Risk Evaluation (6)
  • Unit 04: Case Study 2 – Autopsy of a Data Breach – The Target Case (4)
  • Unit 05: Creating a Security Aware Organization (6)
  • Unit 06: Physical and Environmental Security (6)
  • Unit 08: Case Study 3 – A Hospital Catches the "Millennium Bug" (3)
  • Unit 09: Business Continuity and Disaster Recovery (6)
  • Unit 10: Network Security (6)
  • Unit 11: Cryptography, Public Key Encryption and Digital Signature (6)
  • Unit 12: Identity Management and Access Control (6)
  • Unit 13: Computer Application Security (6)
  • Welcome (1)

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in