Discarded, Not Destroyed: Old Routers Reveal Corporate Secrets
Article Link: https://www.welivesecurity.com/2023/04/18/discarded-not-destroyed-old-routers-reveal-corporate-secrets/
- Members of an ESET research team discovered that many routers sold on secondary markets, such as eBay, contain sensitive information from their previous owners. Specifically, a review of 16 used routers allowed researchers to discover network and configuration details on 56% of the devices.
- As the report notes, some of the companies who previously owned the routers utilized an e-waste disposal service, suggesting that destruction and wiping processes may not have been followed somewhere throughout the decommissioning process.
- The researchers highlighted that it is relatively simple to wipe these devices, with many vendors publishing wipe instructions to their corporate websites. However, this information may be hidden behind paywalls or out of public view as devices reach their end of life. As such, it is encouraged to download copies of this information and keep it archived until decommissioning.
Major US CFPB Data Breach Caused by Employee
Article Link: https://www.darkreading.com/attacks-breaches/major-us-cfpb-data-breach-employee
- The U.S. government’s Consumer Financial Protection Bureau (CFPB) announced that an employee committed a major breach in emailing the personal information of 256,000 consumers to a personal email account.
- Currently, the data leak is said to involve some level of personally identifiable information (PII) relating to the customers from seven financial institutions.
- As a result of this incident, the employee has been terminated and has been asked to delete any emails with the sensitive information and then provide proof of the deletion.
The Biggest Data Security Blind Spot: Authorization
Article Link: https://www.helpnetsecurity.com/2023/04/20/authorization-data-security-blind-spot/
- Too many employees have access to company data that isn’t needed. Likewise, companies often focus on authentication instead of authorization. While it’s important to give employees access to the data they require to do their job, granting too much access increases the risk of data breaches.
- In addition to better security, improper authorization can lead to noncompliance with certain privacy laws, such as the GDPR and CCPA.
- While authorization is simple in theory, the article highlights the practical struggles of limiting employee access in this manner. Several struggles include a complex data infrastructure, inefficient processes relating to data access and control, and a constantly changing workforce.
- Despite these challenges, the first step is getting a clear picture of who has access to sensitive data. This combined with proper data classification and regular monitoring can address authorization issues.
European Air Traffic Control Confirms Website ‘Under Attack’ by Pro-Russia Hackers
Article Link: https://www.theregister.com/2023/04/22/eurocontrol_russia_attack/
- Eurocontrol, which coordinates commercial air traffic across much of the EU, confirmed its website has been “under attack” since April 19, and said “pro-Russian hackers” had claimed responsibility for the DDoS attack.
- The outage reportedly jammed the agency’s communication systems and forced some smaller airlines to use older technology to manage flight schedules, including a fax-era backup system. While the attack didn’t impact air-traffic safety, it did force employees to communicate with other commercial communication tools.
Wargaming an Effective Data Breach Playbook
Article Link: https://www.helpnetsecurity.com/2023/04/18/effective-data-breach-playbook/
- A well-tuned incident response playbook can provide security teams with a clear roadmap for working through the incident response process. Through extensive wargaming or practicing, teams can simulate diverse situations to give them a proactive edge.
- Security teams should cover their bases and exhaust a broader range of situations by building out and exploring a complex web of “What if?” scenarios. As the article notes, a helpful strategy can start by understanding what attackers want, which is often sensitive data.
- Maintaining playbooks can allow security teams to understand how to identify and remediate incidents, document which personnel should be brought in to address particular incidents, and know who to communicate what information to and when throughout an incident.
- Link to FRSecure’s Free IR Playbooks: https://frsecure.com/resources/
Five Eye Nations Release New Guidance on Smart City Cybersecurity
Article Link: https://www.csoonline.com/article/3694149/five-eye-nations-release-new-guidance-on-smart-city-cybersecurity.html
- New guidance from the Five Eye nations (Australia, Canada, New Zealand, the UK, and the US) was published on April 19th providing cybersecurity best practices for smart cities. The report advises communities that are considering becoming smart cities to assess and mitigate the cybersecurity risks that comes with the technology.
- The guide focuses on secure planning and design, proactive supply chain risk management, and operational resilience relating to the development of smart cities. Topics range from MFA implementation to the isolation of systems when they’re compromised.
- Link to the Guide on CISA’s Website: https://www.cisa.gov/resources-tools/resources/cybersecurity-best-practices-smart-cities
How to Prevent Two Common Attacks on MFA
Article Link: https://www.darkreading.com/endpoint/how-to-prevent-2-common-attacks-on-mfa
- With the widespread adoption of remote work both during and post-pandemic, the need for tighter security created an inflection point for organizations to finally adopt multifactor authentication (MFA) solutions. However, it is important to recognize that not all types of MFA are the same.
- One type of attack on MFA discussed is phishing. The article highlights how MFA solutions that meet FIDO 2.0 specifications are considered phishing resistant. The usage of hardware tokens, such as smart cards, and biometrics can also mitigate risks associated with MFA phishing.
- The other attack discussed relates to deepfake-based fraud used to bypass some biometrics. The methods for limiting deepfake-based attacks on MFA range include passive and active liveness detection systems.
5 Free Online Cybersecurity Resources for Small Businesses
Article Link: https://www.helpnetsecurity.com/2023/04/19/small-business-free-cybersecurity/
- As cyberattacks increase in frequency and sophistication, small and medium-sized businesses (SMBs) become more vulnerable to cyber threats. This article provides five free resources for organizations.
- The resources discussed include a tool developed by the British government to develop cyber action plans for small organizations and families alike, a tool to develop cyber readiness policies, the Australian government’s Exercise in a Box platform for conducting cybersecurity drills, phishing bingo sponsored by the Canadian government, and an internet hygiene portal developed by the Government of Singapore that allows users to scan their domains and email addresses.
