Skip to main content

Friday Five: 2/16 Edition

by Chris Brook on Tuesday September 15, 2020

Contact Us
Free Demo

Data protection jobs, Bitcoin phishing, and Amazon S3 leaks -- catch up on the week's infosec news with this roundup!

1. Data Protection Officers See Job Offers Skyrocket With Looming European Regulation by Salvador Rodriguez

From the Christian Science Monitor via Reuters: a story on the boon the European Union's General Data Protection Regulation (GDPR) has had on the data protection officer job market. How's this for a statistic: DPO job listings in Britain on the Indeed job search site have increased by more than 700 percent over the past 18 months. It’s skyrocketed from 12.7 listings per every 1 million in April 2016 to 102.7 listings per 1 million in December.

2. How a Bitcoin Phishing Gang Made $50 Million With the Help of Google AdWords by Graham Gluley

Another week, another cryptocurrency scam. This was a big one - almost incomprehensible - $50 million stolen by a group based in Ukraine through a phishing campaign. According to Graham Cluley, reporting on Cisco Talos' research for Tripwire, attackers purchased Google Adwords ads designed to mimic the legitimate website. By poisoning the ads the group was able to rake in $50 million in Bitcoin over three years.

3. How IoT Affects the CISO's Job by Howard Anderson

Not exactly a read but a podcast worth carving 10 minutes out of your day for: John Pescatore of the SANS Institute describes how some CISOs need to refocus their efforts on IoT security. By spending time solely on day-to-day security work, CISOs are overlooking the IoT impact. "When you look at the internet of things devices, it's a very heterogeneous world. There are all kinds of different operating systems and software and communications standards," Pescatore told Information Security Media Group this week.

4. Unsecured Server Exposed Thousands of FedEx Customer Records by Zack Whittaker

These Amazon S3 server leaks are relentless. The latest, containing information belonging to a company bought by FedEx, Bongo International, surfaced Thursday. Data including 112,000 files - like drivers' licenses, national ID cards, work ID cards, voting cards, and utility bills - was floating around in the online ether. Researchers with Kromtech Security Center discovered the exposed data, according to ZDNet, which released an embargoed article in tandem with the firm's research.

5. DHS Developing Supply Chain Security Initiative by Lauren C. Williams

Promising news from the Homeland of Security, which on Valentine's Day said they'd recently launched a new internal supply chain cybersecurity initiative to help determine where government agencies and private companies need to fine tune their security. Jeanette Manfra, who serves as the National Protection and Programs Directorate (NPPD) Assistant Secretary for the Office of Cybersecurity and Communications (CS&C), disclosed the news at a Brookings Institution event. "We need to have improved ability for DHS, [General Services Administration], the intel community to be in a position to help inform procurement decisions by the federal government and other agencies throughout the civilian government. We're working on building those mechanisms and DHS' role in pulling that altogether, and also working with industry experts to refine what are the supply chain risks that we should be concerned about."

Tags:  Security News Cryptocurrency Data Protection

Recommended Resources

The Definitive Guide to DLP

  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives

The Definitive Guide to Data Classification

  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business