Summer is usually a relaxing time for most. But when it comes to information security, it can be hard to relax when there’s so much going on. Like most months, July was filled with various breaches, attacks, and scams. In addition to those incidents, some companies and organizations are making strides in working to fix the broken industry by implementing new campaigns, acts, and other ways to improve the information security industry. Check out some of the biggest information security news stories from July.
- Capital One discovered that a hacker obtained personal information of over 100 million individuals applying for credit. The intruder executed a command to retrieve the security credentials of an administrator. Then, they obtained access to Capital One’s folders, and the hacker was able to copy more than 700 folders.
- Louisiana declared a state of emergency after multiple malware attacks were made on several different school districts. The attacks hit the northern part of the state and affected the schools’ computer systems and phone lines.
- Equifax is back in the news roundup this month. The credit reporting giant has agreed to pay at least $575 million, and up to $700 million to resolve probes into its massive 2017 data breach. Additionally, Equifax will provide all U.S. customers with six free credit reports each year for seven years, beginning January 2020.
- A cyberattack this month in Bulgaria where hackers stole data from the National Revenue Agency affected around 70% of the population. The attack compromised personal information such as names of individuals and companies, personal and corporate identification numbers, email addresses, healthcare and pension information, and income details.
Fixing the Broken Industry
- The #CyberChoices campaign’s goal is to prevent teenagers becoming involved in cybercrime. The campaign educates parents of teenagers potentially involved in hacking by helping them spot signs of potential problems, understand what the consequences could be, and emphasizing better ways for teenagers to use their skills and interest in technology.
- As cars are becoming hi-tech computers on wheels, they are hackable just like anything else that connects to the internet. Tesla has started a three-day contest called Pwn2Own, where they pay individuals to find vulnerabilities in their cars. Along with Tesla, Fiat Chrysler and GM have held bug bounty programs to strengthen their cars’ security.
- The Pentagon’s technology advisory board is urging the military to implement zero trust architecture (ZTA) for network access. ZTA requires authentication of users and their devices at the application or service level, to ensure that users only have access to what they need.
- The Federal Trade Commission is pondering an expansion of the Children’s Online Privacy Protection Act (COPPA). The act first went into effect in 2000, but hasn’t been updated in a half-decade. Regulators believe with technology progressing so fast, today’s internet has outpaced COPPA.
- According to a survey from CyberArk, 50 percent of organizations believe attackers can infiltrate their networks each time they try. Less than half of organizations have a privileged access security strategy in place for DevOps, IoT, RPA, and other technologies that are the foundation to digital initiatives.
- Business email compromise scams are becoming more popular and are costing U.S. companies a total of $300 million per month. A typical business email compromise scheme involves attackers stealing an executives’ email credentials, then impersonating the executive to send emails to other employees urging them to transfer or wire money to bank accounts.
- Apple released a silent update to remove a clandestine web server after the discovery that Zoom’s conferencing software involuntarily activates on someone else’s computer if they visit a rigged web page or click on a deceptive link.
- A vulnerability in Microsoft Excel could potentially put over 120 million users at risk. The vulnerability takes advantage of the Power Query function that allows users to pull data from other sources. This could allow hackers to launch more sophisticated attacks that compromise the user’s computer as soon as they open the spreadsheet.
- External contractors are reviewing Apple Siri conversations. The voice assistant activates easily, which means it has been picking up user’s private conversations. Apple claims that only one percent of recordings are used for improvements. However, this is not a small percentage considering there are 500 million Siri devices.
- American Express card users are targets of a new email phishing campaign. Attackers are sending a hyperlink as part of a phony account update to access user’s credentials and account details.
- FaceApp is blowing up again due to celebrities (and everyone else) using the app’s old-age filter. However, there are some concerns about where the photos are stored after uploading. FaceApp founder Yaroslav Goncahrov confirmed that user data is not transferred to Russia and most of the photo processing happens in the cloud.
- By the end of 2021, Facial recognition technology may replace passports at the top 20 U.S. airports. The purpose is to track visitors as they leave the U.S., checking biometric data of departing passengers against the information collected by the US Department of Homeland Security on arrival.
Following information security news and trends is important. It gives you an idea of what’s going on in the industry so you can continue to protect yourself and your business. Follow FRSecure on Twitter and LinkedIn for consistent updates on information security news like this, and visit our site to learn how your organization can continue to make improvements to its security measures.