Halloween wasn’t the only thing that was spooky about October this year. This month we saw a number of large and sophisticated breaches that certainly have us questioning the state of information security. Despite that, we also saw some valiant attempts to improve processes through new laws, regulations, and tools being created and implemented. Here’s what went down in the world of information security news this month.
- Facebook, still facing scrutiny for the Cambridge Analytica scandal, is back in the news again. Attackers used a vulnerability in Facebook’s platform to take over 50 million user accounts. Facebook logged 90 million users out of their accounts as a precaution.
- An attack from Chinese spies impacted 30 United States companies. Servers manufactured for the companies by Chinese organizations included a microchip planted with the intent to compromise supply chains.
- Google is in hot water after waiting a considerable amount of time before announcing a breach that occurred in their social media platform, Google+. Making matters worse, they hid the announcement in a bigger announcement that they were sunsetting the platform. It’s pretty scary to think about a Google breach, considering the amount of information they house.
- An incredible 4.5 million records were stolen in the first half of 2018, according to Gemalto. What’s worse is that this is a 133% increase from the same time frame in 2017. What does that say? We still have a long way to go in preventing and mitigating breaches.
- Medtronic has recently announced that they will no longer allow pacemaker devices to be updated via the internet. This has likely to have been sparked by increasing concerns that products such as pacemakers and insulin pumps could be hacked.
- The state of California is the first state to enact a law surrounding IoT security. Billions of small, connected devices will be required to add critical features in order to be sold starting in 2020.
- President Trump’s administration is warning iPhone users of security risks. Calls Trump has been making to personal friends have been routinely intercepted by China and Russia. Because it’s Trump’s personal iPhone, all calls can be intercepted as they travel through cell towers, cables, and switches.
Regulations and Best Practices
- With new payment options emerging constantly, the Payment Card Industry Security Standards Council (PCI SSC) is expanding its security efforts. This includes contactless payments through mobile phones and internet of things (IoT) devices.
- The city of New York has released a cybersecurity app. Aimed at helping residents increase their own personal security, this app is considered the first of its kind.
- At FRSecure, we often discuss how “certified” and “secure” are often not synonymous. Anthem just agreed to the largest breach settlement in history this month, stemming from a breach that occurred shortly after the company became HITRUST certified.
- On a hacker forum, US voter registration records across 20 states were found for sale. While it’s not the largest leak of voter information we’ve seen, the sale of these voter records being advertised is certainly a shocking twist.
- West Virginia faced heavy criticism as it prepared to allow absentee ballots via smartphone. This is the first state to deploy a smartphone app for voting, and this is striking fear in cybersecurity activists who are concerned with the security of sending back these ballots.
- Just how secure is the United States voting process? 13 states have machines that produce no auditable paper trail, despite the paper trail being c
rucialin detecting irregularities or hacks.
Understanding information security trends is important. It gives you an idea of what’s going on in the industry so you can continue to protect you and your business. Follow FRSecure on Twitter and LinkedIn for consistent updates on information security news like this, and visit our site to learn how your organization can continue to make improvements to its security measures.