As a smartphone maker, one plus is one of my favorite smartphones because of its high quality and reasonable price. In addition, they are really listening to users’ opinions on their community. The company discovered that some of our users’ order information was accessed by an unauthorized party last week while monitoring our systems. The company assured that not all customers were affected and that the attackers were not able to access any payment information, passwords, and associated accounts. The most serious influence would be phishing emails are sending out to the users. As a result of this breach, the company has also finally decided to launch an official bug bounty program by the end of December 2019.
67 per cent of industrial organizations do not report cybersecurity incidents
A recent Kaspersky survey has discovered that two-thirds (67 per cent) of industrial organizations do not report cybersecurity incidents to regulators. They perhaps to avoid regulatory punishments and public disclosure that can harm their reputation.
However, it is not compliant with the regulations and ethically illegal for sure. This behavior does not help the company has more quality of cyber security that defense the cyber-attack. The investments on cybersecurity have not been taken seriously for some small business, which make small companies easier to become the target of hackers.
https://www.deccanchronicle.com/technology/in-other-news/311019/67-per-cent-of-industrial-organizations-do-not-report-cybersecurity-in.html
CISA RELEASES CYBER ESSENTIALS FOR SMALL BUSINESSES AND GOVERNMENTS
The Cybersecurity and Infrastructure Security Agency (CISA) discharged its Cyber Essentials, a beginning stage for small businesses and government organizations to comprehend and address cybersecurity risk as other risks. Cyber Essentials expects to prepare smaller associations that have never been a part of the national dialogue on cybersecurity with fundamental steps and assets to improve their cybersecurity.
Each of the six Cyber Essentials includes a list of actionable items anyone can take to reduce cyber risks. These are:
- Drive cybersecurity strategy, investment and culture;
- Develop heightened level of security awareness and vigilance;
- Protect critical assets and applications;
- Ensure only those who belong on your digital workplace have access;
- Make backups and avoid loss of info critical to operations; and
- Limit damage and restore normal operations quickly.
https://www.cisa.gov/cisa/news/2019/11/06/cisa-releases-cyber-essentials-small-businesses-and-governments
CISA Wants Feedback on Its Vulnerability Assessments
The Homeland Security Department is searching for feedback on a program that gives infrastructure operators a chance to perceive how their cyber defenses stack facing each other.
the Cybersecurity and Infrastructure Security Agency runs The vulnerability assessment program to assists members with spotting explicit weaknesses in their digital infrastructure and create techniques to close those holes.
Through the latest solicitation, authorities are explicitly searching for remarks on the program’s viability, just as measures that may improve its assessments or make it simpler for members to utilize. The general population must submit input by Dec. 14.
https://www.nextgov.com/cybersecurity/2019/11/cisa-wants-feedback-its-vulnerability-assessments/161279/
Cybersecurity experts warn of Black Friday deals email scams
BlackFriday is approaching that might makes customers crazy about looking for tons of discount information to find the best possible deals online. At the same time, retailers might send out emails of discount information to their customers. However, cybersecurity experts have warned that consumers may be vulnerable to email scams during this annual shopping event. This big event every year could be a nightmare for cybercrime victims. Users can avoid being scammed by always checking customer reviews and complaints before downloading a new app or visiting an unfamiliar site. If the Black Friday deals look too good to be true, they probably are.
Cybersecurity experts warn of Black Friday deals email scams
Data breach causes 10 percent of small businesses to shutter
People are aware that the impact of data breach will be more severe for big company like Facebook and Target, but it could be more serious for small company because it could cause the bankruptcy in the end. This article shows the results of a survey of 1,008 small businesses with up to 500 employees to prove it. This survey found that 10 percent of the business went out of business, and 25 percent of them had to file for bankruptcy and 37 percent experienced a financial loss after suffering a data breach. 44 percent of these victims were from larger firms of 251-500 people, while 11 percent were companies with 10 or fewer workers. Even though these company has less probability to be the target of hackers and the scale of the organization determines the amount of losses it can suffer, the problem will become more severe for the organization itself based on poor cyber security policy.
Could your ERP system make you a victim of cybercrime?
Hackers can destroy a organization though multiple ways, and one of that is get the information on enterprise resource planning (ERP) software. The information including personal information, IP and financial data. All information, if in the wrong hands, could destroy a company. This article interprets that 90% of SAP systems are reported to be vulnerable to 10KBLAZE, a public exploit discovered in April this year. Even though the ORACLE publishes patches to fix the bugs, the company still needs make sure they have cybersecurity and application maintenance policies and procedures in place. They should also make sure that included in those procedures is an audit process that truly assesses the system – identifying any vulnerabilities, and ensuring fixes and patches are implemented in a timely manner.
https://www.natlawreview.com/article/could-your-erp-system-make-you-victim-cybercrime
Apple Under Fire Over Sending Some Users Browsing Data to China’s Tencent
Apple integrated the “Tencent Safe Browsing” service to power its “Fraudulent Website Warning” feature in the Safari web browser for both iOS and macOS. Just like the Safe Browsing feature in Chrome and Mozilla Firefox, Safari’s fraudulent website warning feature has also been designed to protect users from various online threats by simply checking every website they visit against a regularly updated list of malicious websites. Now having Tencent on the same list, Apple is also giving the same privileges to the Chinese company as of Google.
This article addressed people’s concerns about the safety issue of sharing their data with Tencent. It is true, but I think Apple uses business strategy because Google services are banned in China and they tried to protect Chinese users’ privacy. Apple uses a smart to comfort users’ concern by offering users the manual approach to turn off fraudulent website warnings.
https://thehackernews.com/2019/10/apple-safari-safebrowsing-tencent.html
Adobe Suspends Accounts for All Venezuela Users Citing U.S. Sanctions
Adobe announced to ban accounts and cancel the subscriptions for all its customers in Venezuela in order to comply with economic sanctions that the United States imposed on the Latin American country. (The Presidential Executive Order 13884 has been designed to block American companies and individuals from conducting virtually all trade with Venezuela). As a result, Adobe decided to deactivate all accounts in the country, leaving thousands of users and companies without access to the company’s graphics and multimedia software. Also, Adobe is refusing to refund its Venezuelan customers, because the presidential order also barred any transactions with the entities, “including no sales, service, support, refunds, credits, etc.” Therefore, we can see how policy can effect a business.
https://thehackernews.com/2019/10/adobe-venezuela-sanctions.html
More SIM Cards Vulnerable to Simjacker Attack Than Previously Disclosed
According to the news, there is a critical unpatched weakness in a wide range of SIM cards, which an unnamed surveillance company has actively been exploiting in the wild to remotely compromise targeted mobile phones just by sending a specially crafted SMS to their phone numbers.
Basically, the attacks can be summarized in four following steps:
Step 1 — Attackers send a malicious OTA SMS to the victim’s phone number containing an S@T or WIB command such as SETUP CALL, SEND SMS, or PROVIDE LOCATION INFO.
Step 2 — Once received, the victim’s mobile operating system forwards this command to the S@T or WIB browser installed on the SIM card, without raising an alert or indicating the user about the incoming message.
Step 3 — The targeted browser then instructs the victim’s mobile operating system to follow the command.
Step 4 — The victim’s mobile OS then performs the corresponding actions.
https://thehackernews.com/2019/09/dynamic-sim-toolkit-vulnerability.html