information-security-news-roundup-featured-image

February may be the shortest month of the year, but that doesn’t mean there was any shortage of information security news. With countless breaches, vulnerabilities, and people behind the scenes working to prevent them, the news is bigger than ever. Take a look at how the month of February impacted the information security landscape with this month’s news roundup.

Breaches

  • This is one of those “do you want the good news or bad news first?” deals. Fortunately, the number of breaches in 2018 was down 23% from the number in 2017. Unfortunately, the data that was collected in the 2018 breaches was more sensitive.
  • Want to know if your password has been compromised? Well, you’re in luck. Google has released a Chrome extension, Password Checkup, that alerts you if your password and username combination has appeared in a data breach.
  • Cybercriminals have placed nearly 620 million data records for sale on the dark web. The information was gathered from 16 breaches, including MyFitnessPal, MyHeritage, and Animoto. Experts suggest people beware of their accounts being compromised, even if they no longer use these sites or services.
  • Drupal, the world’s third-most-popular content management system, was made vulnerable by a critical flaw in the system. This exploit allowed attackers to remotely execute code. While patching and updates were created to prevent further issues, many system admins of Drupal-based sites fail to do their updates and patches in a timely manner.

Business Impact

  • Hackers have found vulnerabilities in shipping containers. These underlying flaws could pose serious data risk, as they don’t just impact a single container, but the entire container host, ultimately compromising the hundreds to thousands of other containers running on it. Emergency updates from shipping companies like Red Hat, Google, and Amazon aim to fix the flaws, but this will not be the last set of attacks on containers.
  • Vendor risk management continues to be one of the most important trends in security. In mid-February, ConnectWise, the popular project management tool, was the victim of a ransomware attack coming from one of their managed service providers (MSPs). The attack resulted in some 1,500 to 2,000 systems belonging to the MSP’s clients getting cryptolocked and the MSP itself facing a $2.6 million ransom demand.
  • Speaking of vendors and bad situations, they happen to everyone— even security experts. Stu at KnowBe4 was almost compromised through a real email thread from a real vendor. Luckily it was caught by their tech team before it escalated, but it’s just further proof that we always need to be wary of the risks our vendors pose to us, and that we need to be cautious when opening any links or attachments in emails.
  • Microsoft had a handful of issues in February that caused a stir. Notably, an attack called “NoRelationship allowed attackers to bypass Office 365 email attachment security by editing the relationship files that are included with Office documents. This allowed them to hide malicious links in their phishing attempts to Microsoft users.

Healthcare

  • 2018 was a record year for healthcare fines related to breaches. This past year, the OCR settled 10 cases totaling $28.7 million from enforcement actions. The previous record in 2016 was surpassed by 22 percent.
  • Each year, tens of thousands of healthcare professionals gather at the HIMSS conference to discuss pressing matters in the healthcare industry. This year, without question, the number one topic of interest was cybersecurity, particularly among IT professionals.
  • Imagine conducting a Google search of your own name and finding your medical records in the results. A recent breach at UW Medicine made nearly one million protected records and internal files available and visible by search on the internet.

Consumer Impact

Understanding information security trends is important. It gives you an idea of what’s going on in the industry so you can continue to protect yourself and your business. Follow FRSecure on Twitter and LinkedIn for consistent updates on information security news like this, and visit our site to learn how your organization can continue to make improvements to its security measures.


FRSecure on FacebookFRSecure on LinkedinFRSecure on TwitterFRSecure on Youtube
FRSecure
FRSecure is a full-service information security management company that protects sensitive, confidential business information from unauthorized access, disclosure, distribution and destruction.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *