Category: Threat Brief

60% of Organizations Suffered a Container Security Incident in 2018, Finds Study

Many organizations have DevOps on their mind going into 2019. Firms will confront growing complexity and risk as they work to scale their DevOps initiatives in 2019. Part of this risk will come from their containers, for many organizations still lack transparency into these software pieces.

If they are to adequately mitigate their risk and minimize their exposure to digital threats, organizations will need to secure their containers. But are they prepared to do this? Tripwire’s State of Container Security Report found that 60 percent of organizations had been hit with at least one container security incident within the past year.

Read more about the findings of the new report on Tripwire.

How Intel Has Responded to Spectre and Meltdown

In January of 2018, the world was introduced to two game-changing CPU vulnerabilities, Spectre and Meltdown, that brought “speculative execution side-channel vulnerability” into the enterprise IT security lexicon. Since then, a number of variants of the initial vulnerabilities have been found, along with new vulnerabilities taking advantage of similar functions within the CPUs.

Intel kicked off 2019 with a Jan. 2 editorial laying out its response to the Spectre and Meltdown vulnerabilities over the past year. The chip giant says the culture of the company has changed since the advent of Spectre and Meltdown, and its response has been effective. But vulnerabilities in the core of a CPU tend not to lend themselves too rapid, complete fixes, Intel says.

Read more about Intel’s response to Meltdown & Spectre on DarkReading.

Fewer Affected in Marriott Hack, but Passports a Red Flag

Fewer Marriott guest records that previously feared were compromised in the massive data breach, but the largest hotel chain in the world confirmed that approximately 5.25 million unencrypted passport numbers were accessed. The compromise of those passport numbers has raised alarms among security experts because of their value to state intelligence agencies.

The FBI is leading the investigation of the data theft and investigators suspect the hackers were working on behalf of the Chinese Ministry of State Security, the rough equivalent of the CIA. The hackers also accessed about 20.3 million encrypted passport numbers. There is no evidence that they were able to use the master encryption key required to gain access to that data.

Read more about the Marriott data breach investigation on SecurityWeek.

Hacker Uses Australian Early Warning Network to Send Spam Alerts

Over the weekend, a hacker gained unauthorized access to the Queensland EWN, or Early Warning Network, and used it to send a spam alert via SMS, landline, and email to the company’s subscribers.

EWN is a service offered by Australian company Aeeris that allows Australian councils, or local governments, to send emergency alerts regarding extreme weather, fires, evacuation information, or incident responses. The unauthorized alerts stated that “EWN has been hacked. Your personal data is not safe.” They then went on to tell recipients to email support@ewn.com.au to unsubscribe from the service.

Read more about the security breach on BleepingComputer.

Security analytics to reach $12 billion by 2024

Amid a maelstrom of cybersecurity threats and rampant hacking attempts that leverage the power of the IoT against itself, organizations are forced to realize that they are on the losing side of this war.

As such, market vendors have no choice but to enhance their cybersecurity arsenal with more sophisticated tools which allow a deeper understanding of their users, devices, and systems. This will drive the security analytics market toward an impressive revenue of $12 billion by 2024, according to ABI Research.

Read more about the prognosis by ABI Rresearch on Help Net Security.

Singapore Airlines data breach affects 285 accounts, exposes travel details

Singapore Airlines (SIA) says a software glitch was the cause of a data breach that affected 285 members of its frequent flyer programme, compromising various personal information including passport and flight details.

The “software bug” surfaced after changes were made to the Singapore carrier’s website on January 4 and enabled some of its Krisflyer members to view information belonging to other travellers, SIA told ZDNet in an email.

Read more about the Singapore Airlines data breach on ZDNet.

Few organizations have the resources required for optimal cybersecurity and digital risk reduction

OODA’s CISO as a Service offering puts our seasoned team of experts on your side.

Our leadership has spent years working across multiple sectors of the economy and in government agencies helping organizations protect what matters most. We know the threat, know best practices and know the importance of keeping your security program focused on enabling your business objectives. Our CISO as a Service offering is the ideal choice for firms who have grown to the point where a more robust security program is required. We can provide the executive leadership to get your program off the ground and can assist you in your search for a full-time CISO.

For more information see: OODA LLC

Nation’s Cybersecurity Strategy Should Be Easy To Understand

At CTOvision, Bob Gourley of OODA writes that the 2017 Cybersecurity Strategy Should Be:

  1. The Department of Justice, working with the DHS, will support every federal, state and local law enforcement organization in the U.S. in enhancing anti-cyber crime activities. This includes providing local law enforcement organizations with information they need for informing all citizens and businesses in their jurisdictions on the nature of the cyber threat and prudent mitigation strategies. This approach is the only scalable way to give our citizens and businesses the protective information they need.
  2. The Federal Government will become the exemplar of optimal cyber defense, proving even large organizations can mitigate threats and enhance technology support to mission outcomes while reducing IT spend. We will do this through leadership, with every leader in the executive branch, including the chief executive, taking responsibility for outcomes. In doing this we will leverage the lessons learned from decades of cybersecurity reviews. We know what must be done and will do it.
  3. The executive branch will accelerate the exchange of best practices and lessons learned and will take continuous action to assist industry, academia, non-profits and all free nations in their responsibilities to defend themselves in cost-effective ways. The U.S. government will encourage all to understand best practices and avoid negligent behaviors in cyber security, and will work with the legislative branch to improve the legal regime governing responsible behavior and norms as required.

For more see: The Report The Cybersecurity Commission Should Have Sent To the President and President Elect

Hackers dump data of hundreds of German politicians on Twitter

A group of hackers has published the personal details of hundreds of German politicians, but also German artists and local YouTube celebrities.

The data was uploaded online and later promoted via Twitter, starting a few days before the Christmas holiday. The source of the data appears to be the victims’ smartphones. Details about how the data was stolen and exfiltrated from infected phones remain unclear, at the time of writing. According to German news outlets [123], the leaked data contains names, home addresses, phone numbers, email addresses, photo IDs, personal photos, and personal chat histories.

Read more about the disturbing data leak on ZDNet.

Hackers demand ransom from Dublin’s tram system, after Luas website defaced

The website of Luas, the tram system operating in Ireland’s capital city of Dublin, has been taken offline this morning after hackers defaced the site and demanded a ransom be paid within five days.

Early morning visitors to the website were greeted with a message from the hackers, claiming that data had been stolen from operator Transdev Ireland, and would be published on the internet unless a ransom demand of one Bitcoin (approximately 3,300 Euros or US $3,800) was paid. In the message, the hackers claim that they previously contacted the tram operator about security vulnerabilities and were aggrieved that they received no response.

Read more about the attack on the Luas website on Tripwire.