Samsung has admitted that hackers accessed the personal data of U.K.-based customers during a year-long breach of its systems.
In a statement to TechCrunch, Samsung spokesperson Chelsea Simpson, representing the company via a third-party agency, said Samsung was “recently alerted to a security incident” that “resulted in certain contact information of some Samsung U.K. e-store customers being unlawfully obtained.” https://techcrunch.com/2023/11/16/samsung-hackers-customer-data-breach/
CISA published an article discussing how open source hardware, while useful, is vulnerable to exploitation through hacking and compromise if secure coding practices are not used going forward. The organization discusses laying out a road map to secure open source spaces and software and ensure that they are testing for vulnerabilities. These goals include ensuring that secure coding practices are being followed and that any potential security risks are mitigated before they arise. having a system where these things are managed by the government from the top down ensures that organizations can properly address risks and issues related to software going forward, and see what risks currently exist
Title – Long Beach Declares State of Emergency Following Cyberattack
This article is about the cybersecurity breach that occurred in Long Beach City, California. Consequently, a state of emergency was declared on November 14th to perform additional investigation into the incident. The attack has affected payment processing, public services, city call centers, and the central website. The City Council’s emergency declaration enables the city manager to access additional resources to address the situation. Payment processing for utility bills, call centers, public services, and the central website are expected to remain offline during the investigation. Public safety and emergency systems are unaffected, but the city advises using the Go Long Beach mobile app for services, anticipating delays. The FBI, local law enforcement, and cybersecurity consultants are involved in the investigation. Long Beach City officials may vote on extending the state of emergency. This incident marks the third cyberattack on a California city in 2023, following incidents in Oakland and Modesto in April. The specific nature of the Long Beach attack is unclear, but officials refer to it as a network security incident.
Organizations rely on more third-party vendors than ever. While these partnerships help organizations access specialized expertise and resources, the increased reliance on third-party providers contributes to the growing number of software supply chain attacks.
Software supply chain attacks occur when a bad actor infiltrates a software provider’s digital infrastructure to inject malicious code into their software or software updates. This efficient method of attack enables cybercriminals to move laterally, gaining access to the wide network of organizations that rely on the vendor’s software. More often than not, this results in bad actors stealing data or launching attacks on the provider’s customers.
Ask these three questions to assess vendors’ security practices.
1. Are they certified by a reputable security organization?
One of the first things you should look for in a provider is whether they either have or are actively pursuing at least one (but ideally both) of the following certifications: the International Organization for Standardization (ISO) 27001 and the System and the Organization Controls (SOC) 2:
2. Are they transparent about their security policies and procedures?
Search for providers that not only have well-defined security policies and procedures in place but are also transparent about these practices. This means the vendor provides public access to their security policies and procedures, and their policies address all aspects of cybersecurity, including incident response, data security and vulnerability management.
3. How effective is their incident response?
If a provider has the ISO 27001 certification, you can likely assume they have effective incident response capabilities in place.
Ensure vendor cybersecurity vigilance with a bulletproof assessment strategy.
https://www.fastcompany.com/90984370/5-steps-to-increase-your-software-supply-chain-security-program-2
This article points out steps you can take to build a Sofware supply chain security program. It reminded me of the final project as it states you need to do an inventory of your assets, find out what it the most important to you, your business and your customers. Prioritize those assets so you can see and know what to address first. Then run a SCA which is a software compositions analysis tool against your assets. Make sure you understand how your teams build apps before selecting the software tool. Then once you’ve ran your analysis, you will find out what stratgey works the best. In the last step you want to make sure you get a digital signature on everything using certificates backed by authorities you trust.
Vikas Singla, pleaded guilty to hacking the systems of two Georgia-based hospitals. He disrupted the hospitals’ printers, phone systems, and Digitizer, and stole patient data. Singla then used the stolen data to generate publicity for his company. He faces up to ten years in prison.
Websites in Britain have 30 days to ensure that they allow users to “Reject All” advertising cookies in the same way they can “Accept All.” Those who fail to comply with data protection laws will “face enforcement action.”
Britain’s Information Commissioner’s Office (ICO) set a deadline for the country’s top websites to comply with data protection laws.
“Some websites do not give users fair choices over whether or not to be tracked for personalized advertising. The ICO has previously issued clear guidance that organizations must make it as easy for users to “Reject All” advertising cookies as it is to “Accept All,” the press release reads.
The ALPHV/BlackCat ransomware group, known for the MGM Resorts breach and other high-profile attacks, has adopted a new tactic using Google Ads to distribute malware, as reported by eSentire’s Threat Response Unit (TRU). Affiliates of the group attempted to breach a law firm, a manufacturer, and a warehouse provider in the past three weeks. The new method involves using Google Ads to promote seemingly legitimate software, leading professionals to attacker-controlled websites where they unknowingly install Nitrogen malware. Once established, the attackers deploy ALPHV/BlackCat ransomware. The Nitrogen malware uses Python libraries to compile into Windows executables. eSentire highlights the growing trend of browser-based cyber-threats and emphasizes the importance of user awareness training beyond email attachments. The advisory recommends organizations focus on endpoint monitoring, log capture, and attack surface reduction rules to counter browser-based attacks. The criminal background of ALPHV/BlackCat, connections to former ransomware groups, and recent high-profile attacks underscore the need for enhanced cybersecurity measures
A government research center in Idaho has confirmed a cyberattack and data theft. The affected servers support its human resources applications. The hacktivist SiegedSec is responsible for the attack but has not made any ransom demands. This same group it was also responsible for leaking Atlassian workers’ data.
The data stolen was published includes employee names, birth dates, email addresses, phone numbers, Social Security Numbers (SSN), postal addresses, and employment information on “hundreds of thousands” of people. As we have learned, this type of data opens employees to wire fraud, identity theft, and phishing attacks.
Over the recent weekend, the Municipal Water Authority of Aliquippa experienced a targeted cyber attack. The attack, attributed to an anti-Israeli Iran group called CYBER AV3NGERS, was not financially motivated at the surface. Instead, it focused on disrupting the availability of the system. The attackers executed a shutdown of water pressure, accompanied by a message on the screen claiming responsibility. Prompt action was taken, triggering alerts to Washington, D.C. and Homeland Security CyberSecurity and Infrastructure Agency. The Water Company successfully switched to manual operation after shutting down its automated system, ensuring no impact on customers.
This article highlights the evolution of technology and how, as security professionals, it is not enough to detect and respond but it is critical to predict and prevent. This tends to be a very controversial topic since it makes sense to limit efforts that cultivate a community of threat actors. I particularly like how the author speaks on security professionals “taking a mindset of an opportunistic threat actor” and how this allows one to gain a better understanding of exploitable pathways while, more importantly, assisting in prioritizing remediation efforts. The author also speaks on how this aids in the harmful biases that reside simply within humans. A common shield for organizations is that they are not interesting enough to get hacked or insert any plethora of answers that would keep an organization from realizing the reality behind cybersecurity. The point of this article states more adequately what I am constantly thinking about, which is having cybersecurity skills in order to be a more evolved IT Auditor. Going forward, I will reframe my mindset when communicating this point since I love the objectivity that is needed to truly prosper in this field. Being a cybersecurity professional and auditor aid in objectivity.
Ardent Health Services Grapples With Ransomware Disruption
According to a new report on the 23rd of November, Ardent Health Services experienced a ransomware attack. The ransomware attack forced Ardent to stop its operations. IT team disconnected the network, applications, and internet access in order to reduce the chance of the attack spreading to internal systems.
Title: Tell Me Your Secrets Without Telling Me Your Secrets
Link: https://thehackernews.com/2023/11/tell-me-your-secrets-without-telling-me.html
Summary:
GitGuardian has developed the HasMySecretLeaked service to help developers identify if their sensitive information, such as passwords and API keys, has been exposed in public GitHub repositories. They scanned a large amount of public commit data and found over 10 million secrets in 2022. To maintain security, GitGuardian implemented a secret-fingerprinting protocol that encrypts and hashes the secret, sharing only a partial hash with GitGuardian. Users can create the hash locally without exposing the actual secret. GitGuardian’s transparency and user control in the process have garnered over 9,000 secret checks in the first few weeks of the service’s launch. Users can check up to five secrets per day for free using the web interface or more with the GitGuardian shield CLI.
Ikenna Alajemba says
Samsung has admitted that hackers accessed the personal data of U.K.-based customers during a year-long breach of its systems.
In a statement to TechCrunch, Samsung spokesperson Chelsea Simpson, representing the company via a third-party agency, said Samsung was “recently alerted to a security incident” that “resulted in certain contact information of some Samsung U.K. e-store customers being unlawfully obtained.”
https://techcrunch.com/2023/11/16/samsung-hackers-customer-data-breach/
Andrew Young says
Open Source Software Must Start with Secure Code
CISA published an article discussing how open source hardware, while useful, is vulnerable to exploitation through hacking and compromise if secure coding practices are not used going forward. The organization discusses laying out a road map to secure open source spaces and software and ensure that they are testing for vulnerabilities. These goals include ensuring that secure coding practices are being followed and that any potential security risks are mitigated before they arise. having a system where these things are managed by the government from the top down ensures that organizations can properly address risks and issues related to software going forward, and see what risks currently exist
Article Link: https://www.cisa.gov/news-events/news/open-source-software-must-start-secure-code
Chidi Okafor says
Title – Long Beach Declares State of Emergency Following Cyberattack
This article is about the cybersecurity breach that occurred in Long Beach City, California. Consequently, a state of emergency was declared on November 14th to perform additional investigation into the incident. The attack has affected payment processing, public services, city call centers, and the central website. The City Council’s emergency declaration enables the city manager to access additional resources to address the situation. Payment processing for utility bills, call centers, public services, and the central website are expected to remain offline during the investigation. Public safety and emergency systems are unaffected, but the city advises using the Go Long Beach mobile app for services, anticipating delays. The FBI, local law enforcement, and cybersecurity consultants are involved in the investigation. Long Beach City officials may vote on extending the state of emergency. This incident marks the third cyberattack on a California city in 2023, following incidents in Oakland and Modesto in April. The specific nature of the Long Beach attack is unclear, but officials refer to it as a network security incident.
Link – https://www.spiceworks.com/it-security/cyber-risk-management/news/long-beach-emergency-cyberattack/#:~:text=Pages%20of%20the%20city's%20website,to%20continue%20for%20several%20days.&text=A%20major%20cybersecurity%20breach%20has,announcing%20a%20state%20of%20emergency.
Marc Greenberg says
Three Questions To Ask Third-Party Vendors About Cybersecurity Risk
https://www.forbes.com/sites/forbestechcouncil/2023/11/17/three-questions-to-ask-third-party-vendors-about-cybersecurity-risk/?sh=3dfb566f6ab6
Organizations rely on more third-party vendors than ever. While these partnerships help organizations access specialized expertise and resources, the increased reliance on third-party providers contributes to the growing number of software supply chain attacks.
Software supply chain attacks occur when a bad actor infiltrates a software provider’s digital infrastructure to inject malicious code into their software or software updates. This efficient method of attack enables cybercriminals to move laterally, gaining access to the wide network of organizations that rely on the vendor’s software. More often than not, this results in bad actors stealing data or launching attacks on the provider’s customers.
Ask these three questions to assess vendors’ security practices.
1. Are they certified by a reputable security organization?
One of the first things you should look for in a provider is whether they either have or are actively pursuing at least one (but ideally both) of the following certifications: the International Organization for Standardization (ISO) 27001 and the System and the Organization Controls (SOC) 2:
2. Are they transparent about their security policies and procedures?
Search for providers that not only have well-defined security policies and procedures in place but are also transparent about these practices. This means the vendor provides public access to their security policies and procedures, and their policies address all aspects of cybersecurity, including incident response, data security and vulnerability management.
3. How effective is their incident response?
If a provider has the ISO 27001 certification, you can likely assume they have effective incident response capabilities in place.
Ensure vendor cybersecurity vigilance with a bulletproof assessment strategy.
Jeffrey Sullivan says
https://www.fastcompany.com/90984370/5-steps-to-increase-your-software-supply-chain-security-program-2
This article points out steps you can take to build a Sofware supply chain security program. It reminded me of the final project as it states you need to do an inventory of your assets, find out what it the most important to you, your business and your customers. Prioritize those assets so you can see and know what to address first. Then run a SCA which is a software compositions analysis tool against your assets. Make sure you understand how your teams build apps before selecting the software tool. Then once you’ve ran your analysis, you will find out what stratgey works the best. In the last step you want to make sure you get a digital signature on everything using certificates backed by authorities you trust.
Kelly Conger says
https://cybernews.com/news/cybersec-executive-hacks-hospitals/
Vikas Singla, pleaded guilty to hacking the systems of two Georgia-based hospitals. He disrupted the hospitals’ printers, phone systems, and Digitizer, and stole patient data. Singla then used the stolen data to generate publicity for his company. He faces up to ten years in prison.
Michael Obiukwu says
Websites in Britain have 30 days to ensure that they allow users to “Reject All” advertising cookies in the same way they can “Accept All.” Those who fail to comply with data protection laws will “face enforcement action.”
Britain’s Information Commissioner’s Office (ICO) set a deadline for the country’s top websites to comply with data protection laws.
“Some websites do not give users fair choices over whether or not to be tracked for personalized advertising. The ICO has previously issued clear guidance that organizations must make it as easy for users to “Reject All” advertising cookies as it is to “Accept All,” the press release reads.
https://cybernews.com/privacy/uk-warns-top-websites-allow-reject-all-cookies-or-else/
Alyanna Inocentes says
BlackCat Ransomware Gang Targets Businesses Via Google Ads
https://www.infosecurity-magazine.com/news/alphvblackcat-targets-businesses/
The ALPHV/BlackCat ransomware group, known for the MGM Resorts breach and other high-profile attacks, has adopted a new tactic using Google Ads to distribute malware, as reported by eSentire’s Threat Response Unit (TRU). Affiliates of the group attempted to breach a law firm, a manufacturer, and a warehouse provider in the past three weeks. The new method involves using Google Ads to promote seemingly legitimate software, leading professionals to attacker-controlled websites where they unknowingly install Nitrogen malware. Once established, the attackers deploy ALPHV/BlackCat ransomware. The Nitrogen malware uses Python libraries to compile into Windows executables. eSentire highlights the growing trend of browser-based cyber-threats and emphasizes the importance of user awareness training beyond email attachments. The advisory recommends organizations focus on endpoint monitoring, log capture, and attack surface reduction rules to counter browser-based attacks. The criminal background of ALPHV/BlackCat, connections to former ransomware groups, and recent high-profile attacks underscore the need for enhanced cybersecurity measures
Erskine Payton says
Erskine Payton
In the News Article- Unit 13
MIS 5206
Temple University
A Top US Nuclear Energy Testing Facility Has Been Hit by a Serious Cyberattack and Data Breach
https://www.techradar.com/pro/security/a-top-us-nuclear-energy-testing-facility-has-been-hit-by-a-serious-cyberattack-and-data-breach
A government research center in Idaho has confirmed a cyberattack and data theft. The affected servers support its human resources applications. The hacktivist SiegedSec is responsible for the attack but has not made any ransom demands. This same group it was also responsible for leaking Atlassian workers’ data.
The data stolen was published includes employee names, birth dates, email addresses, phone numbers, Social Security Numbers (SSN), postal addresses, and employment information on “hundreds of thousands” of people. As we have learned, this type of data opens employees to wire fraud, identity theft, and phishing attacks.
Akiyah says
“Cyberattack on Pittsburgh-area water authority sends alarms to Department of Homeland Security”
https://www.cbsnews.com/pittsburgh/news/municipal-water-authority-of-aliquippa-cyberattack-u-s-department-of-homeland-security/
Over the recent weekend, the Municipal Water Authority of Aliquippa experienced a targeted cyber attack. The attack, attributed to an anti-Israeli Iran group called CYBER AV3NGERS, was not financially motivated at the surface. Instead, it focused on disrupting the availability of the system. The attackers executed a shutdown of water pressure, accompanied by a message on the screen claiming responsibility. Prompt action was taken, triggering alerts to Washington, D.C. and Homeland Security CyberSecurity and Infrastructure Agency. The Water Company successfully switched to manual operation after shutting down its automated system, ensuring no impact on customers.
Ashley A. Jones says
Is auditing enough?
This article highlights the evolution of technology and how, as security professionals, it is not enough to detect and respond but it is critical to predict and prevent. This tends to be a very controversial topic since it makes sense to limit efforts that cultivate a community of threat actors. I particularly like how the author speaks on security professionals “taking a mindset of an opportunistic threat actor” and how this allows one to gain a better understanding of exploitable pathways while, more importantly, assisting in prioritizing remediation efforts. The author also speaks on how this aids in the harmful biases that reside simply within humans. A common shield for organizations is that they are not interesting enough to get hacked or insert any plethora of answers that would keep an organization from realizing the reality behind cybersecurity. The point of this article states more adequately what I am constantly thinking about, which is having cybersecurity skills in order to be a more evolved IT Auditor. Going forward, I will reframe my mindset when communicating this point since I love the objectivity that is needed to truly prosper in this field. Being a cybersecurity professional and auditor aid in objectivity.
URL: Why Defenders Should Embrace a Hacker Mindset (thehackernews.com) – https://thehackernews.com/2023/11/why-defenders-should-embrace-hacker.html
Akintunde Akinmusire says
https://www.infosecurity-magazine.com/news/ardent-health-services-ransomware/
Ardent Health Services Grapples With Ransomware Disruption
According to a new report on the 23rd of November, Ardent Health Services experienced a ransomware attack. The ransomware attack forced Ardent to stop its operations. IT team disconnected the network, applications, and internet access in order to reduce the chance of the attack spreading to internal systems.
Alex Ruiz says
Title: Tell Me Your Secrets Without Telling Me Your Secrets
Link: https://thehackernews.com/2023/11/tell-me-your-secrets-without-telling-me.html
Summary:
GitGuardian has developed the HasMySecretLeaked service to help developers identify if their sensitive information, such as passwords and API keys, has been exposed in public GitHub repositories. They scanned a large amount of public commit data and found over 10 million secrets in 2022. To maintain security, GitGuardian implemented a secret-fingerprinting protocol that encrypts and hashes the secret, sharing only a partial hash with GitGuardian. Users can create the hash locally without exposing the actual secret. GitGuardian’s transparency and user control in the process have garnered over 9,000 secret checks in the first few weeks of the service’s launch. Users can check up to five secrets per day for free using the web interface or more with the GitGuardian shield CLI.