The personal data and phone numbers of hundreds of millions of Facebook users were posted for free in a hacking forum over the weekend. The data includes personal information of 533 million Facebook users from 106 countries, including more than 32 million records on users in the U.S. 11 million on users in the U.K., and 6 million on users in India.
Employees create content on a daily basis. Much of this content has no long-term value and is not business critical, however, a small percentage is key to running operations. If this data goes missing or falls into the wrong hands due to a ransomware attack, an organization could be severely wounded and could be at the risk of extinction.
You can’t effectively create a risk program if you don’t have a full picture of just how large the risks are for your organization. “You can’t secure what you can’t see” so to speak. Risks don’t necessarily arise from lack of technology – oftentimes they are hidden in faulty business practices. We are well beyond the days of IT and security being segmented off in their own little world away from the business.
Bloomberg has reported that a group of hackers have breached a database containing security camera feeds collected by Verkada Inc., a Silicon Valley startup. The database includes live feeds of 150,000 surveillance cameras inside hospitals, organizations, police departments, prisons and schools.
Researchers from the Counter Threat Unit (CTU) at Secureworks have discovered a possible link to China while examining how SolarWinds servers were used to deploy malware. According to Secureworks' new report, the authentication bypass vulnerability in SolarWinds Orion API, tracked as CVE-2020-10148, that can lead to remote execution of API commands, has been actively exploited by Spiral. When vulnerable servers are detected and exploited, a script capable of writing the SUPERNOVA web shell to disk is deployed using a PowerShell command.
In the wake of the biggest breach in history, DomainTools’ new survey on “The Impact of the SolarWinds Breach on Cybersecurity” aims to capture the effects felt by 200 security researchers and analysts, threat hunters, managers, C-suite executives and those whose organizations join the collateral damage left in the fallout.
Malaysia Airlines has confirmed it has suffered a "data security incident" via a third-party IT service provider. The company also said the breach had not affected its carrier's core IT infrastructure and systems.
On Feb. 22, 2021, the “Minnesota Consumer Data Privacy Act” (MCDPA) was introduced in the Minnesota House of Representatives. The MCDPA is now the primary candidate to become Minnesota’s omnibus consumer privacy law. To learn more about the MCDPA and privacy regulations, Security magazine spoke to attorney Nadeem Schwen, from Winthrop & Weinstine, who has been at the forefront of this bill’s creation and leads data privacy work for the firm.
