information security news october 2019

October is the month of Halloween. Many appreciate the ability to hide their identity and get enjoyment from being temporarily frightened. But scare tactics are something we actively avoid at FRSecure. We don’t share information security news stories like this as a way to scare you into working with us to bolster your security programs. We legitimately care about fixing this broken industry—including its scare tactics. So, here are some of the information security news articles from October that stood out. Hopefully you can use these to recognize what’s out there so you can avoid letting attackers catch you off guard.

Ransomware

ransomware

Fixing the Broken Industry

target cybersecurity
  • We’ve seen an increasing effort from attackers to target the aviation industry. Manufacturers, airlines, and airports are all under increasing duress. Thankfully, the government is working to fix the vulnerabilities that make them easy targets. While the Department of Homeland Security and the Department of Transportation haven’t revealed much about the revived program, the goal is to improve “cyber resilience” of aircraft.
  • Paying ransomware is inexcusable for a number of reasons. Now the FBI has made an official statement agreeing with that sentiment. In the public service announcement, the FBI says that “the FBI does not advocate paying a ransom,” but they added that they urge reporting of ransomware to authorities whether the ransom is paid or not.
  • Education is an incredibly important component of information security. There’s a job shortage in the industry, and anything we can do to bolster the talent pool (and the visibility of the industry) is a step in the right direction. Target’s cybersecurity department is taking a big step in helping, donating $250,000 to the University of Minnesota to provide opportunities to students in information security programs.
  • In a unique way of fixing the industry, the DoD hired ethical hackers to find vulnerabilities in their critical systems through a “bug bounty.” In total, the hackers found 31 vulnerabilities—including a critical one. “With each new initiative, the Department of Defense further bolsters its cyber defenses against rogue enemy actors thanks to white hat hackers from across the globe.”

Social engineering and fraud

ransomware
  • Phishing attacks have alway been a problem in information security. These kinds of scams continue to be effective, so they’ll continue to happen. Recently, Amazon, Paypal, and Google users were targeted in a highly sophisticated attack attempting to steal Paypal-stored credit card information.
  • Multi-factor authentication has long been one of the most successful methods for deterring cyber criminals. It’s meant to be a second line of defense in the event that someone gets into your account using your credentials. The FBI is now warning that cyber criminals are finding ways to bypass multi-factor authentication—and a lot of the time, they use social engineering tactics to do so.
  • 60 universities worldwide were hit by a phishing attack in mid-October. The culprit is an Iranian group whose main focus is to steal research and intellectual property through the use of phishing and fake logins.
  • Many financial institutions, social media platforms, and other sites rely on your phone number to verify identity. Now, attackers are able to mimic your number in a SIM-swap attack. Effectively, this leaves your security up to the phone companies instead of you.

Consumer Impact

Following information security news and trends is important. It gives you an idea of what’s going on in the industry so you can continue to protect yourself and your business. Follow FRSecure on Twitter and LinkedIn for consistent updates on information security news like this, and visit our site to learn how your organization can continue to make improvements to its security measures.


FRSecure on FacebookFRSecure on LinkedinFRSecure on TwitterFRSecure on Youtube
FRSecure
FRSecure is a full-service information security management company that protects sensitive, confidential business information from unauthorized access, disclosure, distribution and destruction.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *