Friday Five: 7/27 Edition
| Contact Us | |
| Free Demo | |
| Chat | |
Ransomware hits another shipping company, a manufacturing data leak, and more - catch up on the week's infosec news with this roundup!
1. COSCO's cyber attack and the importance of maritime cybersecurity by Vishnu Rajamanickam
Ransomware attacks have dissipated over the last several months but they haven't completely gone away. COSCO Shipping Lines, a Chinese shipping company, revealed on Wednesday that one of its US facilities, a customer service center in Long Beach, Calif. was recently hit by an incident. A spokesman for the company confirmed to the Long Beach Press-Telegram that a ransomware attack was responsible for taking down its email and network telephone services on Tuesday. The incident appears to be less severe than last summer's involving shipping company Maersk. After being hit by NotPetya the company reported a loss of roughly $300M; it was unable to process shopping orders as its systems were frozen
2. Senator Urges Government to Kill Off Flash Now by Phil Muncaster
The epitaph on Adobe Flash's gravestone has been written for awhile now. The company said this week last year that it would end-of-life the software in 2020. Ron Wyden (D-OR) doesn’t want to wait that long. The Senator penned a letter (.PDF) this week to officials at both the National Security Agency and the National Institute of Standards and Technology urging the agencies to work together to transition away from the perpetually buggy software by August 1, 2019. "A critical deadline is looming-the government must act to prevent the security risk posed by Flash from reaching catastrophic levels,” he wrote Wednesday.
3. NetSpectre — New Remote Spectre Attack Steals Data Over the Network by Mohit Kumar
Academics divulged a new Spectre-style attack this week designed at stealing data over networks. The attack, NetSpectre, takes advantage of speculative execution - like Spectre - to perform bounds-check bypass and in turn, could defeat address space layout randomization on the remote system. As is to be expected the paper (.PDF) from four Graz University of Technology students, is a dense read but The Hacker News recapped it Thursday with perhaps the most important words of advice around the attack: “If you have already updated your code and applications to mitigate previous Spectre exploits, you should not worry about the NetSpectre attack.”
4. ‘Big Red Flag’: Automakers’ Trade Secrets Exposed in Data Leak by Stacy Cowley
This news happened last week but we're giving it a pass since it came out late Friday, after we published our Friday Five: Over 157 gigabytes of manufacturing trade secrets were left exposed on the open internet. Researchers with UpGuard, who regularly find caches of data like this, discovered the documents belonged to more than 100 companies, including car manufacturers GM, Tesla, Ford, and VW. The information was left on an Rsync server belonging to a Canadian company, Level One Robotics and Controls. Rsync is used to sync local and remote directories but according to UpGuard the firm failed to place restrictions on the server, something that afforded the ability for anyone connected to the port to download data from it.
5. Ransomware, malware attack breaches 45,000 patient records by Jessica Davis
There are healthcare data breaches and then there are healthcare data breaches. It came to light this week that hackers had full reign over Blue Springs Family Care, a Missouri family practice, this spring. The facility disclosed (.PDF) it was hit by ransomware in May and that attackers may have made off with valuable patient data, including PHI. The attackers had access to patient names, Social Security numbers, account numbers, driver's licenses, disability codes, and medical diagnoses. “The investigation concluded the unauthorized persons would have had the ability to access all of the Blue Springs computer systems,” Melanie Peterson, the clinic's privacy officer, said this week. “At this time, we have not received any indication that the information has been used by an unauthorized individual.’
Recommended Resources
The Definitive Guide to DLP
- The seven trends that have made DLP hot again
- How to determine the right approach for your organization
- Making the business case to executives
The Definitive Guide to Data Classification
- Why Data Classification is Foundational
- How to Classify Your Data
- Selling Data Classification to the Business