The article is about the Uber CISO being charged criminally for not disclosing breaches that occurred in 2014 and 2017. The reason this is a big deal, is because if CISOs can be charged criminally for not disclosing breaches and concealing important information that the public should be aware of, the CISO position could be a challenge to fill because the consequences are now personal. For other items in other areas (non-cyber related), not disclosing required info, usually comes with a fine to the company. The article goes on to say that this is the way “the government is sending a message to CISOs in the US – disclose and potentially lose your job or cover up and go to jail”. It’s also discussed that CISOs hiding information by saying “I didn’t know” reflects negligence. Security teams need to know and be aware of what they can’t conceal.
The article goes into the future of the SEC cyber-related disclosures that will be required in the near future. The new SEC reporting requirements for cyber related items are the following: material cyber-related incidents must be reported within 4 business days, company must determine the materiality of a cybersecurity incident “as soon as reasonably practicable” after the discovery of the incident, companies must maintain disclosure controls and procedures designed to ensure that all available relevant information concerning cyber incidents are analyzed for timely disclosure, and “cybersecurity incident” means an unauthorized occurrence on or through company’s information systems that jeopardize the confidentiality integrity, or availability of a company’s information systems. The new reporting requirements could have challenges determining what is a “material” breach and making the determination within 4 days. Additionally, having time to investigate the possible breach and conclude if reportable within 4 days could also pose a challenge.
Lastly, in the article, there are four ways to aid CISOs. The first is to get rid of the tools that alert on every potential attack or misconfiguration, retool (replace outdated techniques), work more closely with the government, and align security goals.
The article I have chosen to highlight this week speaks to Microsoft Teams and the information being shared on it. With more and more organizations adapting a work from home/hybrid work force thanks to COVID. Instant messaging and Teams Spaces are quickly becoming the new norm for communicating. What we don’t realize is just how sensitive the information we’re sharing on the platform can be. The article highlights that “A total of 48% of respondents admitted to sending messages on Teams they should not have, while 45% said they frequently share confidential and sensitive information via the platform. Moreover, 51% said they often send business-critical documents and data.” While email and virtual/in person meetings are still prevalent, we as a society are moving towards the convenience of IM’s and throwing documents into chats that we believe are secure.
An Indian energy company, Tata Power Company, confirmed this past Friday that it had undergone a cyber attack that impacted some of its IT systems. The network intrusions were said to have been aimed at 7 Indian State Load Despatch Centres that carry out real-time operations for grid control and electricity dispatch in their respective states. The hackers are said to be associated with the group TAG-38. The company has been working to retrieve and restore the affected machines and putting in security guardrails for customer-facing portals to prevent unauthorized access. The target was intended to facilitate information gathering related to the company’s critical infrastructure assets.
This article is interesting because it discusses a recent data breach event and also what the threat actor did with that information. A subsidiary of the Woolworth company, MyDeal based in Australia announced that 2.2 million customers were impacted by a data breach from a compromised user credentials ro access customer information through the organizations Customer Relationship Management system on Friday. The compromsed information includes names, email addresses, phone numbers, home addresses, and birth dates exposed in the attack. MyDeal has sent out notifications to the affected customers. By Sunday, the threat actors began to sell the compromised information for $600.00 and also provided evidence of the attack (or so they claim) by sharing screenshots of the supposed confluence server and a single-sign-on prompt for the MyDeal’s AWS account. The threat actor also posted customer information for almost 300 MyDeal customers.
Verizon warned an undisclosed number of prepaid customers that attackers gained access to Verizon accounts and used exposed credit card info in SIM swapping attacks. Attackers used the last four digits of the credit card associated with the account for automatic payments to perform SIM swap attacks. At this point, Verizon blocked further unauthorized access to accounts and reset PINs for an undisclosed number of customers. Verizon has stated that the threat actors could have accessed names, telephone numbers, billing addresses, price plans, and other service-related information. One customer that received the notice was aware of the attack before and realized that the attackers attempted to access their crypto accounts. Verizon has advised setting a new PIN code as well as enabling the ‘Number Lock’ protection feature to prevent the phone number from being ported to another line/carrier or swapped to another SIM until it is unlocked by the account owner.
There is no organization that is immune to cyber-attack or threat therefore organizations must always be prepared and also be informed target. i find this article interesting because it showcases the effect of cyber threat on health care system. Hackers used legitimate credentials to hack into NHS system through a third-party vendor and disrupted many of their services including patient administration, Ambulance services. It is becoming rampant; the health care industry is becoming an unusual target.
This article from the Dropbox team talks about their recent (successful) disaster recovery test where they physically pulled the pug on one of their biggest datacenters to live test their preparation. Dropbox is headquartered in San Jose, CA. This puts them right in the high risk area for earthquakes. Recognizing that their infrastructure was at risk, Dropbox put together a disaster recovery team and built out a redundant disaster recovery and business continuity plan to ensure users would have access to their important data even if San Jose was in a state of extreme emergency from a major earthquake. The article delves into the sort of planning and testing was required to get their systems and plans ready to perform the ultimate test, unplugging the San Jose Datacenter from the rest of the network. (they literally pulled the fibre connections coming into the building from the edge routers!) They had some false starts and early tests that didn’t work as planned, but the result of all the efforts was absolute confidence that their system would not suffer even in the worst case disaster.
Microsoft has confirmed this week that they had inadvertently exposed thousands of customer records after leaving an online endpoint accessible without authentication. The misconfiguration of Microsoft’s Azure Blob Storage was identified on September 24, by cybersecurity company SOCradar. Microsoft has yet to announce how many of its customers have been affected, however, SOCradar claims the number to be close to 65,000 customers in 111 countries. SOCradar also claims the leak consisted of over 2.4 terabytes of data consisting of invoices, product orders, signed customer documents, and partner ecosystem details. Microsoft denounced this projection, stating SOCradar has “greatly exaggerated” when referring to the scope of the breach, claiming most of the data is duplicate. There is no evidence to suggest any data has been accessed by threat actors yet however the data is still compromised, and customers may fall victim to phishing, social engineering, or extortion. This goes to show that even the largest companies are victims of small errors which compromise the data of thousands. No matter how vigilant you are about protecting your personal information, you still need to remain aware of potential cyber-attacks resulting from data breaches like this.
https://www.darkreading.com/attacks-breaches/what-the-uber-breach-verdict-means-for-cisos-in-the-us
The article is about the Uber CISO being charged criminally for not disclosing breaches that occurred in 2014 and 2017. The reason this is a big deal, is because if CISOs can be charged criminally for not disclosing breaches and concealing important information that the public should be aware of, the CISO position could be a challenge to fill because the consequences are now personal. For other items in other areas (non-cyber related), not disclosing required info, usually comes with a fine to the company. The article goes on to say that this is the way “the government is sending a message to CISOs in the US – disclose and potentially lose your job or cover up and go to jail”. It’s also discussed that CISOs hiding information by saying “I didn’t know” reflects negligence. Security teams need to know and be aware of what they can’t conceal.
The article goes into the future of the SEC cyber-related disclosures that will be required in the near future. The new SEC reporting requirements for cyber related items are the following: material cyber-related incidents must be reported within 4 business days, company must determine the materiality of a cybersecurity incident “as soon as reasonably practicable” after the discovery of the incident, companies must maintain disclosure controls and procedures designed to ensure that all available relevant information concerning cyber incidents are analyzed for timely disclosure, and “cybersecurity incident” means an unauthorized occurrence on or through company’s information systems that jeopardize the confidentiality integrity, or availability of a company’s information systems. The new reporting requirements could have challenges determining what is a “material” breach and making the determination within 4 days. Additionally, having time to investigate the possible breach and conclude if reportable within 4 days could also pose a challenge.
Lastly, in the article, there are four ways to aid CISOs. The first is to get rid of the tools that alert on every potential attack or misconfiguration, retool (replace outdated techniques), work more closely with the government, and align security goals.
https://www.infosecurity-magazine.com/news/calls-for-better-microsoft-teams/
The article I have chosen to highlight this week speaks to Microsoft Teams and the information being shared on it. With more and more organizations adapting a work from home/hybrid work force thanks to COVID. Instant messaging and Teams Spaces are quickly becoming the new norm for communicating. What we don’t realize is just how sensitive the information we’re sharing on the platform can be. The article highlights that “A total of 48% of respondents admitted to sending messages on Teams they should not have, while 45% said they frequently share confidential and sensitive information via the platform. Moreover, 51% said they often send business-critical documents and data.” While email and virtual/in person meetings are still prevalent, we as a society are moving towards the convenience of IM’s and throwing documents into chats that we believe are secure.
https://thehackernews.com/2022/10/indian-energy-company-tata-powers-it.html
An Indian energy company, Tata Power Company, confirmed this past Friday that it had undergone a cyber attack that impacted some of its IT systems. The network intrusions were said to have been aimed at 7 Indian State Load Despatch Centres that carry out real-time operations for grid control and electricity dispatch in their respective states. The hackers are said to be associated with the group TAG-38. The company has been working to retrieve and restore the affected machines and putting in security guardrails for customer-facing portals to prevent unauthorized access. The target was intended to facilitate information gathering related to the company’s critical infrastructure assets.
https://www.bleepingcomputer.com/news/security/mydeal-data-breach-impacts-22m-users-stolen-data-for-sale-online/
This article is interesting because it discusses a recent data breach event and also what the threat actor did with that information. A subsidiary of the Woolworth company, MyDeal based in Australia announced that 2.2 million customers were impacted by a data breach from a compromised user credentials ro access customer information through the organizations Customer Relationship Management system on Friday. The compromsed information includes names, email addresses, phone numbers, home addresses, and birth dates exposed in the attack. MyDeal has sent out notifications to the affected customers. By Sunday, the threat actors began to sell the compromised information for $600.00 and also provided evidence of the attack (or so they claim) by sharing screenshots of the supposed confluence server and a single-sign-on prompt for the MyDeal’s AWS account. The threat actor also posted customer information for almost 300 MyDeal customers.
https://www.bleepingcomputer.com/news/security/verizon-notifies-prepaid-customers-their-accounts-were-breached/
Verizon warned an undisclosed number of prepaid customers that attackers gained access to Verizon accounts and used exposed credit card info in SIM swapping attacks. Attackers used the last four digits of the credit card associated with the account for automatic payments to perform SIM swap attacks. At this point, Verizon blocked further unauthorized access to accounts and reset PINs for an undisclosed number of customers. Verizon has stated that the threat actors could have accessed names, telephone numbers, billing addresses, price plans, and other service-related information. One customer that received the notice was aware of the attack before and realized that the attackers attempted to access their crypto accounts. Verizon has advised setting a new PIN code as well as enabling the ‘Number Lock’ protection feature to prevent the phone number from being ported to another line/carrier or swapped to another SIM until it is unlocked by the account owner.
There is no organization that is immune to cyber-attack or threat therefore organizations must always be prepared and also be informed target. i find this article interesting because it showcases the effect of cyber threat on health care system. Hackers used legitimate credentials to hack into NHS system through a third-party vendor and disrupted many of their services including patient administration, Ambulance services. It is becoming rampant; the health care industry is becoming an unusual target.
https://techcrunch.com/2022/10/13/advanced-nhs-patient-data-ransomware/?&web_view=true
https://dropbox.tech/infrastructure/disaster-readiness-test-failover-blackhole-sjc
This article from the Dropbox team talks about their recent (successful) disaster recovery test where they physically pulled the pug on one of their biggest datacenters to live test their preparation. Dropbox is headquartered in San Jose, CA. This puts them right in the high risk area for earthquakes. Recognizing that their infrastructure was at risk, Dropbox put together a disaster recovery team and built out a redundant disaster recovery and business continuity plan to ensure users would have access to their important data even if San Jose was in a state of extreme emergency from a major earthquake. The article delves into the sort of planning and testing was required to get their systems and plans ready to perform the ultimate test, unplugging the San Jose Datacenter from the rest of the network. (they literally pulled the fibre connections coming into the building from the edge routers!) They had some false starts and early tests that didn’t work as planned, but the result of all the efforts was absolute confidence that their system would not suffer even in the worst case disaster.
Microsoft has confirmed this week that they had inadvertently exposed thousands of customer records after leaving an online endpoint accessible without authentication. The misconfiguration of Microsoft’s Azure Blob Storage was identified on September 24, by cybersecurity company SOCradar. Microsoft has yet to announce how many of its customers have been affected, however, SOCradar claims the number to be close to 65,000 customers in 111 countries. SOCradar also claims the leak consisted of over 2.4 terabytes of data consisting of invoices, product orders, signed customer documents, and partner ecosystem details. Microsoft denounced this projection, stating SOCradar has “greatly exaggerated” when referring to the scope of the breach, claiming most of the data is duplicate. There is no evidence to suggest any data has been accessed by threat actors yet however the data is still compromised, and customers may fall victim to phishing, social engineering, or extortion. This goes to show that even the largest companies are victims of small errors which compromise the data of thousands. No matter how vigilant you are about protecting your personal information, you still need to remain aware of potential cyber-attacks resulting from data breaches like this.
https://thehackernews.com/2022/10/microsoft-confirms-server.html