May was a downright crazy month for information security news. We had a week dubbed “cybersecurity’s week from hell.” Many of the world’s most popular apps and platforms like Office 365, Google G-Suite, WhatsApp, and more had incidents. Ransomware took down entire cities and record numbers of sensitive data. Yet, we still have the positivity of a dedicated and hard-working industry that is determined to fix its brokenness and protect our privacy. Here are just a few of the stories that made the headlines in a jam-packed May edition of our Information Security News Roundup.
- Two researchers discovered an unsecured database on Microsoft’s cloud platform that contained Personally Identifiable Information (PII) on nearly 80 million US households. With 127 million households in 2017, this is a staggering 62% of households. The leaked data included resident names, ages, marital status, income, and more. The database is no longer publicly accessible via the internet.
- The city of Baltimore is back in the news roundup. Just over a year after experiencing a ransomware attack that impacted their emergency responder dispatch systems, the city was hit with another ransomware attack this May. While emergency systems were operational this time, many of the city’s network-reliant functions were halted.
- The annual breach data report from Verizon was published this month. C-level social engineering attempts and cloud-based email servers headlined the report. You can view the executive summary or the full report to learn more about the trending attack vectors and targets.
- Infamous might actually be an understatement for the Equifax breach of 2017. In fact, it’s still making headlines. Equifax reported another loss last quarter, stemming from the costs associated with the breach and its remediation. Equifax has reported a $1.4B loss to date as a result of the breach.
Fixing the Broken Industry
- The US Senate’s Federal Rotational Cyber Workforce Program Act of 2019 would allow cybersecurity experts to work in multiple government agencies. Allowing experts to work across agencies will build their network and sphere of influence as well as keep them interested in making a positive impact.
- A national cyber talent search competition launched by 25 governors started in early May. Since then, 10,400 college students have joined, representing every state. Getting good people in the industry is the first step to reversing its talent shortage.
- Education and training are a couple of the best ways to create advocates for a better information security company. Unfortunately, we have some work to do. A recent Google survey suggests that Generation Z is overconfident in cybersecurity, with 78% of respondents saying they use the same password across multiple sites.
- California lawmakers are pushing to increase the security of connected devices. Assembly Bill 1395 would require manufacturers of smart speakers to obtain permission from a consumer before saving recordings of commands or conversations it hears. This is could be a game-changer for in-home privacy, especially as Internet-connected devices become more prevalent in the home.
- At FRSecure, we always preach that it’s not IF a breach happens, it’s WHEN. We need to be prepared to respond to incidents as they occur because we can’t prevent them all from happening. Here’s proof. A recent McAfee report shows that 61% of IT professionals have experienced a serious data breach with their current employer.
- A recent report shows that Office 365 attacks are on the rise. Not only are they on the rise, but their success rate is alarming. The report (provided by Barracuda Networks) shows that nearly 30% of their customer base had an Office 365 account compromised in March. These compromised accounts were used to send nearly 1.5 million spam and phishing emails.
- Is your business taking security into account when you code? Specifically for apps, the lack of security standards for coding is drawing concerns from some officials. It’s even been suggested that the general lack of secure coding should be considered a “national security threat.”
- If you use G-suite for your office environment, you may be hurting a little bit right now. Reports show that Google had been storing unhashed G-Suite Passwords for years— 14 to be exact. While still being stored on an encrypted server, the fact that unhashed passwords were being stored for 14 years is quite alarming. Google is set to notify your business if it is one of those impacted by the slip.
- Google is helping users take their personal privacy a little bit more seriously with recent feature roll-outs. The tech giant introduced a new autodelete feature early this month for location, app, and web history. The new features allow users to pick a window of time and have all older data deleted automatically.
- We all know that the abundance of internet-connected devices we’re using drastically increases the number of possible paths for attackers. It extends beyond simply stealing your data, though. There is an increased number of former partners hacking into cars and household appliances to stalk, spook, and spy on their exes.
- Some of the more sensitive data we can have leaked is our healthcare-based information. A recent Anthem breach left 78.8 million people’s healthcare information vulnerable. While these big breaches happen quite frequently now, it’s important not to become desensitized to them. There are ways to protect yourself— even after a breach.
- A flaw in WhatsApp allowed attackers to abuse an audio call feature in the app, automatically installing spyware on a device and spying by placing a WhatsApp call. Facebook (the app’s owner) has since released an update fixing the flaw.
Following information security news and trends is important. It gives you an idea of what’s going on in the industry so you can continue to protect yourself and your business. Follow FRSecure on Twitter and LinkedIn for consistent updates on information security news like this, and visit our site to learn how your organization can continue to make improvements to its security measures.