Microsoft announced that new privacy-focused assessments available in the public preview of Microsoft Compliance Score. Risk and compliance professionals can assess controls by using Microsoft Compliance Score to score their compliance to of GDPR, ISO 27001, ISO 27018, NIST CSF, NIST 800-53, HIPAA, FFIEC, and more. And, also, they’ve just released new California Consumer Privacy Act (CCPA) assessment. It may help organizations to keep up with rapidly changing regulatory requirements.
Researchers have discovered a new method for turning nearly any object into a data storage unit. This makes it possible to save extensive data in, say, shirt buttons, water bottles or even the lenses of glasses, and then retrieve it years later. The technique also allows users to hide information and store it for later generations. It uses DNA as the storage medium.
The anonymous security researcher found the vulnerabilities of Indian airline “SpiceJet” by using the a brute-force attack. He could able to gain unauthorized access to unencrypted database backup file which include PII data such as passengers’ name, phone number, email, and birthday. This was a big concern to SpiceJet that they should realize about this issue and review security plan and control safeguards to protect and detect cyber-attacks.
SEC releases cyber security and resiliency best practices
There are specific guidelines for Governance and management of security Risks.
This article also highlights specific examples of cybersecurity and operational resiliency practices and controls which are followed by some of the more mature organizations who have been successful in thwarting cyber attacks.
Japanese Electronics Giant NEC Discloses Old Data Breach
It was recently disclosed by the Japanese IT and electronics company that they had been compromised for a lengthy period of time, approximately 2 years. After an investigation, it was determined that the hackers had accessed 27,445 files on the company’s servers, however “these files did not contain confidential information or personal information” the company stated. The article has also mentioned that NEC has taken steps to improve their cyber security initiatives by improving and implementing incident response, sensitive information management and improved early detection and response systems.
A summary of the biggest trends in security coming in 2020
some of the points include
-Cloud as a continued target
-Machine learning increasingly used by hackers in campaigns
-more ransomware
– and more mobile targeted attacks
TILAMOOK COUNTY IS YET TO FULLY RECOVER FROM A RANSOMWARE ATTACK.
According to this artcile, a county in the Pacific Northwestern state of Oregon is yet to fully recover from a ransomware attack that happened over a week ago.
Cyber-criminals hit Tillamook County in a targeted attack on Wednesday, January 22. As a result, all internal computer systems under the county government, which 250 county employees rely on, went down.
The Tillamook County website, which hosts numerous departments, was also taken out in the incident. Other network connections were disabled to contain the spread of the malware.
The Emergency Communications District’s dispatch and 911 services were not affected; however, the County Sheriff’s Office has experienced some issues with its phone system and email.
On Monday, January 27, Tillamook County commissioners voted unanimously to negotiate with the cyber-attackers for an encryption key in a bid to regain control of the government’s computer systems.
Malware downloads integrated with a phishing scam? The notorious cyber crime group Evil Corp is back, attempting to disrupt and scam Microsoft by encoding their emails with links that will automatically download a malicious excel file. If authorized by the user, the file will begin its download to the hardware and certainly ruin someones week.
Research has shown that new autopilot systems, like in Tesla’s Model X, can be tricked into perceiving projected images as being real, causing the car to brake or steer into oncoming traffic.
These types of “phantom attacks” have yet to be seen “in the wild,” however, they are not difficult to execute. The attacks are not necessarily a security vulnerability, but they do exploit a major flaw within advanced driving assistance systems.
A British community housing charity was conned out of more than $1m in a domain spoofing and contractor impersonation scam.
Red Kite Community Housing announced on Tuesday that it had fallen victim to a cyber-scam in which criminals posed as genuine service providers to steal a staggering £932,000.
Australian transport and logistics giant Toll Group has been forced to shut down some of its online services in response to a ransomware attack.
More than 1,000 servers were infected with ransomware, rendering Toll Group unable to conduct business.There have been no reports of personal data being compromised.Although the tough measures cause economic losses, I think it is the right choice to protect customers’ personal information. https://www.securityweek.com/australian-shipping-giant-toll-hit-ransomware
Microsoft announced that new privacy-focused assessments available in the public preview of Microsoft Compliance Score. Risk and compliance professionals can assess controls by using Microsoft Compliance Score to score their compliance to of GDPR, ISO 27001, ISO 27018, NIST CSF, NIST 800-53, HIPAA, FFIEC, and more. And, also, they’ve just released new California Consumer Privacy Act (CCPA) assessment. It may help organizations to keep up with rapidly changing regulatory requirements.
Here is the article: https://www.microsoft.com/security/blog/2020/01/27/new-privacy-assessments-now-included-in-microsoft-compliance-score/
Storing data in everyday objects
Researchers have discovered a new method for turning nearly any object into a data storage unit. This makes it possible to save extensive data in, say, shirt buttons, water bottles or even the lenses of glasses, and then retrieve it years later. The technique also allows users to hide information and store it for later generations. It uses DNA as the storage medium.
https://www.sciencedaily.com/releases/2019/12/191209110529.htm
The anonymous security researcher found the vulnerabilities of Indian airline “SpiceJet” by using the a brute-force attack. He could able to gain unauthorized access to unencrypted database backup file which include PII data such as passengers’ name, phone number, email, and birthday. This was a big concern to SpiceJet that they should realize about this issue and review security plan and control safeguards to protect and detect cyber-attacks.
https://www.infosecurity-magazine.com/news/breach-at-indian-airline-affects/
SEC releases cyber security and resiliency best practices
There are specific guidelines for Governance and management of security Risks.
This article also highlights specific examples of cybersecurity and operational resiliency practices and controls which are followed by some of the more mature organizations who have been successful in thwarting cyber attacks.
https://www.securitymagazine.com/articles/91638-sec-cybersecurity-and-resiliency-best-practices
It s not a joke, that the pentesters were jailed for the work that they were asked and paid for!
https://arstechnica.com/information-technology/2020/01/criminal-charges-dropped-against-2-pentesters-who-broke-into-iowa-courthouse/
Japanese Electronics Giant NEC Discloses Old Data Breach
It was recently disclosed by the Japanese IT and electronics company that they had been compromised for a lengthy period of time, approximately 2 years. After an investigation, it was determined that the hackers had accessed 27,445 files on the company’s servers, however “these files did not contain confidential information or personal information” the company stated. The article has also mentioned that NEC has taken steps to improve their cyber security initiatives by improving and implementing incident response, sensitive information management and improved early detection and response systems.
Source: https://www.securityweek.com/japanese-electronics-giant-nec-discloses-old-data-breach
The Maze ransomeware has stolen personal data from at least five law firms, and the Bouygues Construction company.
https://www.infosecurity-magazine.com/news/maze-ransomware-law-firms-french/
A summary of the biggest trends in security coming in 2020
some of the points include
-Cloud as a continued target
-Machine learning increasingly used by hackers in campaigns
-more ransomware
– and more mobile targeted attacks
https://threatpost.com/2020-cybersecurity-trends-to-watch/151459/
TILAMOOK COUNTY IS YET TO FULLY RECOVER FROM A RANSOMWARE ATTACK.
According to this artcile, a county in the Pacific Northwestern state of Oregon is yet to fully recover from a ransomware attack that happened over a week ago.
Cyber-criminals hit Tillamook County in a targeted attack on Wednesday, January 22. As a result, all internal computer systems under the county government, which 250 county employees rely on, went down.
The Tillamook County website, which hosts numerous departments, was also taken out in the incident. Other network connections were disabled to contain the spread of the malware.
The Emergency Communications District’s dispatch and 911 services were not affected; however, the County Sheriff’s Office has experienced some issues with its phone system and email.
On Monday, January 27, Tillamook County commissioners voted unanimously to negotiate with the cyber-attackers for an encryption key in a bid to regain control of the government’s computer systems.
https://www.infosecurity-magazine.com/news/tillamook-county-ransomware-attack/
Malware downloads integrated with a phishing scam? The notorious cyber crime group Evil Corp is back, attempting to disrupt and scam Microsoft by encoding their emails with links that will automatically download a malicious excel file. If authorized by the user, the file will begin its download to the hardware and certainly ruin someones week.
https://threatpost.com/evil-corp-returns-with-new-malware-infection-tactic/152430/
Research has shown that new autopilot systems, like in Tesla’s Model X, can be tricked into perceiving projected images as being real, causing the car to brake or steer into oncoming traffic.
These types of “phantom attacks” have yet to be seen “in the wild,” however, they are not difficult to execute. The attacks are not necessarily a security vulnerability, but they do exploit a major flaw within advanced driving assistance systems.
https://threatpost.com/tesla-autopilot-duped-by-phantom-images/152491/
A British community housing charity was conned out of more than $1m in a domain spoofing and contractor impersonation scam.
Red Kite Community Housing announced on Tuesday that it had fallen victim to a cyber-scam in which criminals posed as genuine service providers to steal a staggering £932,000.
https://www.infosecurity-magazine.com/news/red-kite-spoofing-scam/
Australian transport and logistics giant Toll Group has been forced to shut down some of its online services in response to a ransomware attack.
More than 1,000 servers were infected with ransomware, rendering Toll Group unable to conduct business.There have been no reports of personal data being compromised.Although the tough measures cause economic losses, I think it is the right choice to protect customers’ personal information.
https://www.securityweek.com/australian-shipping-giant-toll-hit-ransomware