This week’s Cyber Security Headlines – Week in Review, August 16-20, 2021, is hosted by Rich Stroffolino with our guest, Will Gregorian, Head of Security and Technical Operations, Rhino
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion.
Ford bug exposed customer and employee records from internal systems
A bug on Ford Motor Company’s website allowed access to sensitive systems and proprietary data such as customer databases, employee records, and internal tickets. The data exposure stemmed from a misconfigured instance of a Pega Infinity customer engagement system running on Ford’s servers. Researchers reported their findings to Pega in February of this year, and the issue was also reported to Ford around the same time via their HackerOne vulnerability disclosure program. The vulnerability was patched relatively quickly, however the researchers are expressing frustration around Ford’s unwillingness to cooperate on this issue of disclosure.
Threat actors turning to RDDoS attacks as a new ransom vector
A ransom DDoS attack is an extortion scheme in which cybercriminals either launch a DDoS attack and then demand ransom to stop, or they may ask for the ransom first by threatening with a DDoS attack if not paid. The Neustar International Security Council (NISC) analysis disclosed that nearly 70% of organizations were targeted with RDDoS attacks, and 36% agreed to pay the ransom. The research revealed that only 24% of organizations said they know how to respond to RDDoS attacks. RDDos does not require time and planning like malware or ransomware does and has the added benefit of being harder to trace back to its origin,” said Neustar’s Rodney Joffe.
(CISO Mag)
Amazon considers tracking worker keystrokes
Data theft, insider threats and imposters accessing sensitive customer data have apparently gotten so bad inside Amazon, the company is considering rolling out keyboard-stroke monitoring for its customer-service reps. A confidential memo from inside Amazon described a high exfiltration risk, especially among outsourced employees working from home in countries like India and the Philippines. It’s considering using a company called BehavioSec, which uses the aggregate data of a user’s mouse clicks and keystrokes to develop a profile of their typical behavior. Once that baseline of typical behavior is established, the BehavioSec tool will identify when someone’s activity is unusual.
Google may cut pay of staff who work from home
The technology giant has developed a pay calculator that lets employees see the effects of working remotely or moving offices. Some remote employees, especially those with a long commute, could have their pay cut without changing address. A Google spokesperson said: “Our compensation packages have always been determined by location, and we always pay at the top of the local market based on where an employee works from. Other big tech companies including Microsoft, Facebook, and Twitter have offered less pay for employees based in locations where it is more inexpensive to live, but smaller firms such as Reddit and Zillow have said they will pay the same no matter where employees are based, saying that this improves diversity.
(BBC News)
Thanks to our episode sponsor, Copado
To get a free demo, visit Copado.com.
Terrorist watchlist exposed online
Security researcher Bob Diachenko continued his quest to weed out unsecured data left online. His most recent find came list month, when he discovered an Elasticsearch cluster containing JSON records of 1.9 million people from an apparent watchlist. This included names, citizenship, data of birth, passport details, and no-fly status. The server with the list was indexed by search engines Censys and ZoomEye before being discovered, so it’s likely others have had access. Data fields indicate it could have belonged to the FBI’s Terrorist Screening Center. Diachenko reported the server to DHS the day it was discovered, but only went offline three weeks later.
Data sovereignty laws place new burdens on CISOs
An article written by Christopher Burgess and posted yesterday at CSO Online quotes a number of and studies and experts showing how the exponential growth of data crossing borders and public cloud regions is making it exceedingly difficult for CISOs whose customer base or digital infrastructure crosses political boundaries. Companies who are putting their data into the cloud must realize that not all providers are created equal and one must do their due diligence to ensure they avoid storing data in places with data sovereignty laws. The article stresses the need for incident response strategies and a realization that remaining up to speed on data sovereignty will increase operating costs.
T-Mobile says hackers stole records belonging to 48.6 million individuals
Following up on a story we brought to you earlier this week, T-Mobile has confirmed its sixth major data breach in the last four years. According to T-Mobile, attackers breached its servers and stole files containing the personal information of roughly 7.8 million T-Mobile postpaid customers, 850,000 T-Mobile prepaid users, and 40 million former or prospective customers. T-Mobile indicated that stolen data included customer names, date of birth, SSN, and driver’s license info. T-Mobile has already reset all the PINs for affected accounts and is offering two years of free identity protection with McAfee’s ID Theft Protection Service.
GitHub urges users to enable 2FA after going passwordless
GitHub urges users to adopt two-factor authentication (2FA) after deprecating password-based authentication for Git operations last Friday. The company’s Chief Security Officer Mike Hanley recommends using physical security keys, virtual security keys built into devices like phones and laptops, or Time-based One-Time Password (TOTP) authenticator apps. While SMS-based 2FA is also available, it should be avoided if possible given that threat actors can more easily bypass or steal SMS 2FA tokens. Hanley added, “The benefits of multifactor authentication are widely documented and protect against a wide range of attacks, such as phishing.”