Project Hyphae
Search

Information Security News 4-24-2023

Share This Post

Discarded, Not Destroyed: Old Routers Reveal Corporate Secrets

Article Link: https://www.welivesecurity.com/2023/04/18/discarded-not-destroyed-old-routers-reveal-corporate-secrets/

  • Members of an ESET research team discovered that many routers sold on secondary markets, such as eBay, contain sensitive information from their previous owners. Specifically, a review of 16 used routers allowed researchers to discover network and configuration details on 56% of the devices.
  • As the report notes, some of the companies who previously owned the routers utilized an e-waste disposal service, suggesting that destruction and wiping processes may not have been followed somewhere throughout the decommissioning process.
  • The researchers highlighted that it is relatively simple to wipe these devices, with many vendors publishing wipe instructions to their corporate websites. However, this information may be hidden behind paywalls or out of public view as devices reach their end of life. As such, it is encouraged to download copies of this information and keep it archived until decommissioning.

Major US CFPB Data Breach Caused by Employee

Article Link: https://www.darkreading.com/attacks-breaches/major-us-cfpb-data-breach-employee

  • The U.S. government’s Consumer Financial Protection Bureau (CFPB) announced that an employee committed a major breach in emailing the personal information of 256,000 consumers to a personal email account.
  • Currently, the data leak is said to involve some level of personally identifiable information (PII) relating to the customers from seven financial institutions.
  • As a result of this incident, the employee has been terminated and has been asked to delete any emails with the sensitive information and then provide proof of the deletion.

The Biggest Data Security Blind Spot: Authorization

Article Link: https://www.helpnetsecurity.com/2023/04/20/authorization-data-security-blind-spot/

  • Too many employees have access to company data that isn’t needed. Likewise, companies often focus on authentication instead of authorization. While it’s important to give employees access to the data they require to do their job, granting too much access increases the risk of data breaches.
  • In addition to better security, improper authorization can lead to noncompliance with certain privacy laws, such as the GDPR and CCPA.
  • While authorization is simple in theory, the article highlights the practical struggles of limiting employee access in this manner. Several struggles include a complex data infrastructure, inefficient processes relating to data access and control, and a constantly changing workforce.
  • Despite these challenges, the first step is getting a clear picture of who has access to sensitive data. This combined with proper data classification and regular monitoring can address authorization issues.

European Air Traffic Control Confirms Website ‘Under Attack’ by Pro-Russia Hackers

Article Link: https://www.theregister.com/2023/04/22/eurocontrol_russia_attack/

  • Eurocontrol, which coordinates commercial air traffic across much of the EU, confirmed its website has been “under attack” since April 19, and said “pro-Russian hackers” had claimed responsibility for the DDoS attack.
  • The outage reportedly jammed the agency’s communication systems and forced some smaller airlines to use older technology to manage flight schedules, including a fax-era backup system. While the attack didn’t impact air-traffic safety, it did force employees to communicate with other commercial communication tools.

Wargaming an Effective Data Breach Playbook

Article Link: https://www.helpnetsecurity.com/2023/04/18/effective-data-breach-playbook/

  • A well-tuned incident response playbook can provide security teams with a clear roadmap for working through the incident response process. Through extensive wargaming or practicing, teams can simulate diverse situations to give them a proactive edge.
  • Security teams should cover their bases and exhaust a broader range of situations by building out and exploring a complex web of “What if?” scenarios. As the article notes, a helpful strategy can start by understanding what attackers want, which is often sensitive data.
  • Maintaining playbooks can allow security teams to understand how to identify and remediate incidents, document which personnel should be brought in to address particular incidents, and know who to communicate what information to and when throughout an incident.
  • Link to FRSecure’s Free IR Playbooks: https://frsecure.com/resources/

Five Eye Nations Release New Guidance on Smart City Cybersecurity

Article Link: https://www.csoonline.com/article/3694149/five-eye-nations-release-new-guidance-on-smart-city-cybersecurity.html

  • New guidance from the Five Eye nations (Australia, Canada, New Zealand, the UK, and the US) was published on April 19th providing cybersecurity best practices for smart cities. The report advises communities that are considering becoming smart cities to assess and mitigate the cybersecurity risks that comes with the technology.
  • The guide focuses on secure planning and design, proactive supply chain risk management, and operational resilience relating to the development of smart cities. Topics range from MFA implementation to the isolation of systems when they’re compromised.
  • Link to the Guide on CISA’s Website: https://www.cisa.gov/resources-tools/resources/cybersecurity-best-practices-smart-cities

How to Prevent Two Common Attacks on MFA

Article Link: https://www.darkreading.com/endpoint/how-to-prevent-2-common-attacks-on-mfa

  • With the widespread adoption of remote work both during and post-pandemic, the need for tighter security created an inflection point for organizations to finally adopt multifactor authentication (MFA) solutions. However, it is important to recognize that not all types of MFA are the same.
  • One type of attack on MFA discussed is phishing. The article highlights how MFA solutions that meet FIDO 2.0 specifications are considered phishing resistant. The usage of hardware tokens, such as smart cards, and biometrics can also mitigate risks associated with MFA phishing.
  • The other attack discussed relates to deepfake-based fraud used to bypass some biometrics. The methods for limiting deepfake-based attacks on MFA range include passive and active liveness detection systems.

5 Free Online Cybersecurity Resources for Small Businesses

Article Link: https://www.helpnetsecurity.com/2023/04/19/small-business-free-cybersecurity/

  • As cyberattacks increase in frequency and sophistication, small and medium-sized businesses (SMBs) become more vulnerable to cyber threats. This article provides five free resources for organizations.
  • The resources discussed include a tool developed by the British government to develop cyber action plans for small organizations and families alike, a tool to develop cyber readiness policies, the Australian government’s Exercise in a Box platform for conducting cybersecurity drills, phishing bingo sponsored by the Canadian government, and an internet hygiene portal developed by the Government of Singapore that allows users to scan their domains and email addresses.


Reach out to our incident response team for help

More To Explore

Information Security News 5-20-2024

Wichita Cyber Attack: Social Security Numbers, Drivers Licenses, Payment Info Compromised Article Link: https://www.kansas.com/news/politics-government/article288491333.html Cybercriminals Exploiting Microsoft’s Quick Assist Feature in Ransomware Attacks Article Link:

Information Security News 5-13-2024

Dell API Abused to Steal 49 Million Customer Records in Data Breach Article Link: https://www.bleepingcomputer.com/news/security/dell-api-abused-to-steal-49-million-customer-records-in-data-breach/ Healthcare Giant Ascension Hacked, Hospitals Diverting Emergency Service Article Link:

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.