information-security-news-roundup

As we wrap up August and jump into September, school is back in session for most students. Probably not coincidentally, we saw an uptick in the number of news stories regarding student and staff data related to school districts and schools. As incidents in education become more prevalent, the importance of our own education increases with it. The more we educate ourselves about common attack strategies, tools, and tactics, the better equipped we are to handle and avoid incidents. Here are some news stories (education and otherwise) that made an impact this month.

Attackers Schooling Communities

education
  • Another school paid a ransomware ransom this month. Rockville Centre in New York is the latest in a long line of cities who’ve recently paid off attackers to get their systems and data back. It’s starting to feel like local governments and cities have set the precendent, and we’ll be seeing a lot more city- and school-aimed attacks. Something is going to have to change.
  • Two large districts in Illinois were hit with attacks this month. The result? 8,700 students’ and faculty’s data leaked. It’s possible that we see an update including more districts and an increased victim number as we get more information. The leaked data was part of a nation-wide incident stemming from Pearson’s AIMSWeb—a student monitoring and assessment platform.
  • Millions of students were saved by the bell this month when a teen found flaws in Blackboard’s Community Engagement software and Follett’s Student Information System. 18-year-old Bill Demirkapi presented his findings at DEFCON this year, outlining a three-year project where he found 5 million vulnerable grades, immunization records, cafeteria balances, schedules, cryptographically hashed passwords, and photos across the two systems. Thankfully, these flaws weren’t found by someone with ill-intent.

Fixing the Broken Industry

information-security-news-fixing
  • The information security industry has a lot of room for improvement. Thankfully businesses and organizations all over the world are striving to make it better. And what better way to entice people to help than a cool $1M? Apple has offered a $1M bounty to those who can hack iOS’s core, ultimately garnering data they can use to decrease the number of exploits.
  • Data privacy is an increasingly discussed topic all over the globe. Unfortunately, it often takes some type of law or regulation to convince companies to do a better job of protecting the data entrusted to them. But, forced or not, any step in getting people to protect information more effectively feels like a good one. The Senate Judiciary Committee’s new tech task force leader, Marsha Blackburn, aims to take one of those steps by passing data privacy legislation—particularly to hold Silicon Valley tech giants accountable.
  • New Hampshire joins Ohio, South Carolina, and Michigan in enacting a new data security law directed at insurers. As part of creating a written information security program, licensees are mandated to conduct risk assessments. Getting a baseline risk assessment is a critical starting point for all organizations, so this law will hopefully push more organizations into understanding and improving their security stature.

Technology and Machinery

technology-and-machinery

Consumer Impact

infosec-is-about-people

Following information security news and trends is important. It gives you an idea of what’s going on in the industry so you can continue to protect yourself and your business. Follow FRSecure on Twitter and LinkedIn for consistent updates on information security news like this, and visit our site to learn how your organization can continue to make improvements to its security measures.


FRSecure on FacebookFRSecure on LinkedinFRSecure on TwitterFRSecure on Youtube
FRSecure
FRSecure is a full-service information security management company that protects sensitive, confidential business information from unauthorized access, disclosure, distribution and destruction.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *