This week in InfoSec
With content liberated from the “today in infosec” twitter account and further afield
27th April 2012: The Information Commissioner's Office (ICO) in the UK issued its first-ever data breach fine to an NHS (National Health Service) organisation, fining Aneurin Bevan Health Board in Wales £70,000.
https://www.digitalhealth.net/2012/04/first-nhs-fine-issued-by-ico/
Rant of the Week
Dropbox dropped the ball on security, haemorrhaging customer and third-party info
Dropbox has revealed a major attack on its systems that saw customers' personal information accessed by unknown and unauthorized entities.
The attack, detailed in a regulatory filing, impacted Dropbox Sign – a service it bills as an "eSignature solution [that] lets you send, sign, and store important documents in one seamless workflow, without ever leaving Dropbox." So basically a DocuSign clone.
The filing states that management became aware of the incident last week – on April 24 – and "immediately activated our cyber security incident response process to investigate, contain, and remediate the incident."
That effort led to the discovery that "the threat actor had accessed data related to all users of Dropbox Sign, such as emails and usernames, in addition to general account settings."
Billy Big Balls of the Week
Chinese government website security is often worryingly bad, say Chinese researchers
Five Chinese researchers examined the configurations of nearly 14,000 government websites across the country and found worrying lapses that could lead to malicious attacks, according to a not-yet-peer-reviewed study released last week.
The researchers concluded the investigation has uncovered "pressing security and dependency issues" that may not have a quick fix.
"Despite thorough analyses, practical solutions to bolster the security of these systems remain elusive," wrote the researchers. "Their susceptibility to cyber attacks, which could facilitate the spread of malicious content or malware, underscores the urgent need for real-time monitoring and malicious activity detection."
The study also highlights the need for "stringent vetting and regular updates" of third-party libraries and advocates "a diversified distribution of network nodes, which could substantially augment system resilience and performance."
The study will likely not go down well in Beijing, as China's government has urged improvements to government digital services and apps often issues edicts about improving cybersecurity.
Industry News
Google Blocks 2.3 Million Apps From Play Store Listing
Disinformation: EU Opens Probe Against Facebook and Instagram Ahead of Election
NCSC’s New Mobile Risk Model Aimed at “High-Threat” Firms
Lawsuits and Company Devaluations Await For Breached Firms
UnitedHealth CEO Confirms Breach Tied to Stolen Credentials, No MFA
REvil Ransomware Affiliate Sentenced to Over 13 Years in Prison
Security Breach Exposes Dropbox Sign Users
Indonesia is a Spyware Haven, Amnesty International Finds
North Korean Hackers Spoofing Journalist Emails to Spy on Policy Experts
Tweet of the Week
https://twitter.com/summer__heidi/status/1783829402574639187
Come on! Like and bloody well subscribe!
