The ever-fascinating information security industry continues to surprise. News outlets are as busy as ever with GDRP compliance nearing its deadline, devices being connected to the internet more than ever, and healthcare and credit card information continuing to be easy targets. As we transition from spring to summer, find out what’s heating up in the world of information security news.
- With the GDPR going into effect on May 25th, experts expect to see a dramatic increase in social engineering scams surrounding the regulations. It is expected that attackers will look to exploit organizations’ fears of being out of compliance with GDPR by acting as enforcement agencies.
- Dutch police have taken down the world’s biggest d-dos-for-hire organization in the world. Arrests were made on the administrators of the group that helped with over 4 million attacks.
- The United States and the United Kingdom issued a combined statement that Russian state-sponsored operations have begun infiltrating routers, switches, firewalls and network intrusion detection systems in order to gain information about both countries.
- It was reported in early April that over 200,000 Cisco routers were hacked. While the attack seemed to be brought on by amateur activists and not intended to cause any actual harm, the Cisco team has been tackling the switch vulnerabilities and trying to fix issues.
- While this particular case happened to fall in the early portion of May, it felt incredibly important to share before the next roundup rolls around. Twitter announced that it found a bug in its password masking technology that may have left passwords vulnerable. While there are no signs of breach or misuse, Twitter is still encouraging all users to change their passwords on Twitter and any accounts that may have shared the same password.
- PayPal announced that it shares its customer data with over 600 external organizations. PayPal says it’s important that they stay transparent about who they share data with. You can find a list of the companies here.
- Are you worried your Amazon Echo is listening to you? Security researchers were able to create an Alexa skill on the popular device that could listen and transcribe anything that was said near the device. The research organization has passed its findings along to Amazon so that Amazon can fix this issue.
- Ransomware attacks increased 2,500% in 2017, and the means are becoming more creative. Recent reports are suggesting you watch what you chat and email your coworkers about. Hackers are now beginning to access emails and chats and blackmail people for the things they said and shared.
- Protecting our children from online threats has become a bit more challenging. A group of researchers analyzed nearly 6,000 kids apps in the Google Play Store and about a thousand of these apps collected the personal data of children younger than 13 without a parent’s permission.
- Healthcare companies continue to be prime targets for attackers. The information they can get is incredibly impactful, and it seems to be quite easy. A new survey from the software company, Nuix, revealed that almost 40% of attackers feel that they can get at your medical records in under an hour.
- A group named Orangeworm has been using backdoors to target x-rays and MRI machines, likely to for corporate espionage purposes. It appears the group is specifically targeting healthcare providers, pharmaceuticals, IT solution providers for healthcare and equipment manufacturers that serve the healthcare industry.
- Recently, an employee email was hacked at device manufacturer Inogen. The hacker may have gained access to Medicare identification numbers, insurance policy information and the type of medical equipment provided.
- State attorney generals are taking HIPAA violations much more seriously as of late. Another example in a long line of recent situations involves Virtua Medical Group, who is being charged a hefty fine due to its inability to properly protect 1650 patient’s medical records.
- As payment card industry (PCI) attacks continue to evolve, the PCI Security Standards Council looks to revamp some of its current standards and programs around PCI security. New PCI standards for software security and vendor lifecycle management are primary focuses of the council.
- Best Buy’s payment information was targeted in early April. Company spokespeople originally estimated that hundreds of thousands of people may have been impacted by the breach. This attack was administered through a third-party online chat vendor that Best Buy uses.
- Customer credit card data was stolen in a recent malware attack on Saks Fifth Avenue. While Hudson Bay Company (Saks Fifth Avenue’s parent company) says that this breach no longer affects current customers, the breach may have begun as early as July of last year.
Follow FRSecure’s Twitter and LinkedIn for consistent updates on information security news stories like the ones above, and visit our site to learn how you can prevent similar incidents from happening to your organization.