CyberSecurity Updates

08 Nov

Public URL scanning tools – when security leads to insecurity

Information

by Paul Ducklin Well-known cybersecurity researcher Fabian Bräunlein has featured not once but twice before on Naked Security for his work in researching the pros and cons of Apple’s AirTag products. In 2021, he dug into the protocol devised by Apple for keeping tags on tags and found that the cryprography was good, making it hard for anyone to keep tabs on you via an AirTag that you owned. Even though the system relies on…

Read More
08 Nov

Cyberattack Causes Disruptions at Canadian Meat Giant Maple Leaf Foods

Information, News

Canadian meat giant Maple Leaf Foods has confirmed that it is experiencing an outage after falling victim to a cyberattack. Created in 1991 by the merger of Canada Packers and Maple Leaf Mills, the packaged meats company is headquartered in Mississauga, Ontario. Maple Leaf Foods has more than 14,000 employees and has market presence in Canada, the US, and Asia, offering products under several brands, including Maple Leaf, Schneiders, Mina, Greenfield Natural Meat Co., Lightlife,…

Read More
08 Nov

Hacker threatens to release data stolen from 9.7m Medibank customers

Attacks, Data Breaches

A threat to release 200GB worth of data stolen from Australian health insurance company Medibank has been posted to a site backed by Russian ransomware group, REvil. The threat comes after Medibank made a public statement that it would not be paying the ransom demanded by the hacker. In the message, the supposed hacker quotes Confuscious, implying Medibank is making a “mistake” by not paying the ransom. The malicious actor then said that they would…

Read More
08 Nov

The 15 biggest data breaches of the 21st century

Data Breaches, Malware, Social Engineering

In today’s data-driven world, data breaches can affect hundreds of millions or even billions of people at a time. Digital transformation has increased the supply of data moving, and data breaches have scaled up with it as attackers exploit the data-dependencies of daily life. How large cyberattacks of the future might become remains speculation, but as this list of the biggest data breaches of the 21st Century indicates, they have already reached enormous magnitudes. […

Read More
07 Nov

Hacktivist Use of DDoS Activity Causes Minor Impacts

Attacks, Malware

DDoS attacks are of varying lengths of time and can be identified by:• Unusually slow network performance (opening files or accessing websites).• Unavailability of a particular website or the inability to access any website.To mitigate a DDoS attack:• Enroll in a Denial-of-Service protection service that detects abnormal traffic flows and redirects traffic away from the network.• Create a partnership with the local internet service provider (ISP) prior to an event and work with the ISP…

Read More
07 Nov

Boeing Subsidiary Jeppesen Suffers Cyberattack

Attacks, Malware

To minimize the effect of ransomware attacks, organizations should regularly back up their data and keep secure copies offline. It is also important to keep systems up to date with patches and anti-virus software. A 24/7 monitoring solution like the one that is offered by Binary Defense and the Security Operations Center should be considered when determining a defense solution as well. Monitoring for network intrusions and reporting suspicious activity can greatly reduce the effects…

Read More
07 Nov

Experts Say Security Scanner Leaks Sensitive Data

Attacks, Malware

The investigation also discovered that misconfigured security products submit every link they receive via emails to urlscan.io as a public scan. A malicious actor may use the scan results to launch password reset links for the compromised email addresses, capture the URLs, and use those links to take control of the accounts. The adversary can look up the specific services registered using the target email addresses on data breach reporting websites, like Have I Been…

Read More
07 Nov

Medibank refuses pay ransom after 9.7m customers’ details stolen

Attacks, Data Breaches

Australian health insurance company Medibank has said that it will not be paying a ransom to the hacker that accessed the personal details for 9.7m current and former customers.  The data breach took place after a hacker gained unauthorized access to Medibank’s internal servers on October 13. Originally, Medibank believed that no customer information had been stolen during the hack, however the company was then contacted on October 16 by the supposed hacker, who threatened…

Read More
07 Nov

Black Hat USA 2022: Burnout, a significant issue

Information

The digital skills gap, especially in cybersecurity, is not a new phenomenon, with the problem now further exacerbated by the prevalence of burnout Discussion of the resourcing issues within the cybersecurity sector is not a new phenomenon; according to Cybersecurity Ventures, the number of unfilled cybersecurity positions worldwide grew 350% between 2013 and 2021, from 1 million to 3.5 million. The article breaks this number down further, estimating that there are 1 million cybersecurity workers in…

Read More
07 Nov

Cybersecurity M&A Roundup: 39 Deals Announced in October 2022

Information, News

Thirty-nine cybersecurity-related merger and acquisition (M&A) deals were announced in October 2022. An analysis conducted by SecurityWeek showed that more than 230 mergers and acquisitions were announced in the first half of 2022. October 1-15 11:11 Systems acquires Sungard Availability Services’ Recovery Services business  Managed infrastructure solutions provider 11:11 Systems has acquired the Recovery Services business of Sungard Availability Services. Earlier this year, 11:11 announced the acquisition of Sungard’s Cloud and Managed Services business. 11:11…

Read More