CSS News Round-Up: Equifax Under Additional Congressional Scrutiny
News Round-Up – Get a Quick Rundown of What You Need to Know
The Converged Security News Round-Up looks into recent reports and journalism covering converged security threats and trends affecting all industries. You can suggest articles to us on LinkedIn and on Twitter at @ConvergedSecSol. Visit our services page to learn more about the CSS suite of services, including managed security services and end-to-end cyber-and-physical protection.
Congress Targets Equifax’s Poor Security Culture
The U.S. Senate Permanent Subcommittee on Investigations recently published a report targeting Equifax’s lack of security. As detailed by Bank Info Security, the 71-page long report points out a number of flaws that led to the massive data breach in 2017, such as the company disregarding cybersecurity policies that were in place, executives failing to make security a priority, and important decisions being pushed on non-high level IT workers. Furthermore, states the article, the lack of documentation as well as deleted chat logs amongst employees were highlighted in the report. So far, Equifax has disagreed with many statements in the report but claims they will cooperate regardless.
Hackers Can Create Fake CT Scan Results, Including Fake Tumors
A recent article by The Washington Post spoke out about the ability of attackers to use malware to create fake CT scan results either including non-existent tumors or removing existing ones. The story points out results of recent studies that have showed radiologists consistently failing to tell the difference between fake results and real ones, which result in misdiagnoses, incorrect treatments, and more. PACS networks and medical devices that are Internet-connected allow attackers to break into the networks of the hospitals, the article states.
Yahoo Makes Second Attempt at Settlement for Data Breach
Yahoo has filed another attempt to settle the breaches that took place between 2012 and 2014. According to Bank Info Security, the Verizon-owned giant has included an estimation of accounts affected as well as a comparison of their settlement offerings with those of Anthem in the aftermath of their massive breach. The company also detailed security improvement plans such as adding encryption to backup user databases, adding new tools to detect intrusions, using NIST’s Cybersecurity Framework, and more, according to the article.
Unsecure App Allows Hackers to Remotely Control Peoples’ Cars
According to Naked Security, an app by the name “MyCar” that allows drivers to unlock, locate, start, change temperature, and more in their vehicles was found to possess security vulnerabilities that could let cyber criminals access the app and have the same capabilities. The use of hard-coded administrator credentials within the application leaves hackers able to steal credentials through the source code in order to communicate with the server, taking control of the car, the article states. Luckily the company behind the app, AutoMobility, has since addressed the issue and therefore erased this possibility.
UK Government Leaks Citizens’ Data
UK’s Home Office is facing another data leak after an email sent to 240 citizens of the EU mistakenly used the “cc” function rather than “bcc”, says Info Security. The message was in regards to requests for settled status post-Brexit. As a result of the mistake, everyone included in the message had their email shown to everyone else. Two days before, the same office had leaked 500 more email addresses, the article notes. It remains possible that the office will be declared as violating GDPR, but nothing has been decided yet.
More Than Half of Companies’ Incident Response Plans Are Untested
A recent article from Tech Republic discusses the incredibly high number of companies that fail to test their incident response plans. Studies have shown that 77% of surveyed companies have inconsistent application of the plan throughout while 54% admitted to not regularly testing their incident response plan, according to the article. Highlighted causes behind the issue include understaffing and problems retaining cybersecurity professionals. Additionally, nearly half also expressed concern over an excess of tools used by their company, Tech Republic says.
Hotels Leak Guest Reservation Information to Third Parties
It appears that guest information handed over to hotels while booking is shared with a number of third parties. This actually most hotels, regardless of size, says Dark Reading’s article. The third parties include advertisers, data aggregators, social media sites, and more, who are given first and last names, phone numbers, passport numbers, addresses, and the last four digits of credit cards, according to the article. The booking reference code was leaked to these third parties by 67% of hotels in a study performed on the issue.
Finance Moves into Most Attacked Industry List at #1
Move over business and professional services—finance has stolen the position of the most attacked industry across Europe, the Middle East, and Asia, according to Help Net Security. Following behind are technology and manufacturing and web application attacks have been found to be a leading cause of the statistics, Help Net says. The results demonstrate the failure of companies to ensure security keeps up with their technology innovation. This region was found to experience more attacks in their top five most attacked sectors than any other regions, states the article.