Recently, two teens and a young adult infiltrated one of Silicon Valley’s biggest companies in a high-profile hack – and the biggest ever for Twitter. Authorities say the 17-year-old “mastermind” used social engineering tactics to convince a Twitter employee that he also worked in the IT department and gained access to Twitter’s Customer Service Portal. The 130-account takeover proved unique, as it was fundamentally a dramatic manipulation of trust and could have had far more world-changing consequences if the attackers had the aspirations of say, a dangerous fringe group versus that of a teenager. There are a few takeaways to learn here, especially when it comes to considering redefining what we classify as “critical infrastructure” and what must be protected at all costs.
Last week, Didier Reynders, European Commissioner for Justice, and Dr. Andrea Jelinek, Chair of the European Data Protection Board (EDPB), appeared at a hearing conducted by the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs, and updated committee members on their work since the Schrems II decision.
In his remarks, Mr. Reynders identified three main areas on which the Commission is focusing.
The Information Security Forum (ISF) is hosting it’s Annual World Congress (Digital 2020), which takes place November 15-19, 2020. For the first time, the ISF World Congress will be held virtually, providing a unique online, interactive global event experience, available in multiple time zones, allowing attendees to watch and participate in the full show at times that best suit their schedules.
To help Project 25 (P25) users navigate the continuing evolution of P25 systems and the complex world of P25 Standards, the P25 Steering Committee, with support from CISA, developed the Statement of Project 25 User Needs (SPUN) as a framework for users to better understand P25 technologies and define their communications needs.
DHS and CISA joined the Colorado Rockies, along with the Rockies’ state, local and federal partners for a virtual tabletop exercise to review incident preparedness measures and response plans at Coors Field in a continuing effort to ensure fan, staff and team safety.
Coalition announced the results of its H1 2020 Cyber Insurance Claims Report, which explores top cybersecurity trends and threats facing organizations today, in addition to data showing the impact of COVID-19 on cyber insurance claims.
Digital Shadows released new research into a group of cybercriminals who are essential to the profitability of ransomware, but who are also often overlooked: initial access brokers. Initial access brokers gain remote access to vulnerable organizations, which an end-purchaser of ransomware or RaaS can then leverage to wreak havoc.
ESET researchers have discovered and analyzed malware that targets Voice over IP (VoIP) softswitches. This new malware, named CDRThief by ESET, is designed to target a very specific VoIP platform used by two China-made softswitches (software switches): Linknat VOS2009 and VOS3000.
As some U.S. states relax their shelter-in rules, businesses prepare for a slow recovery due to the uncertainty of COVID-19’s almost certain resurgence. The questions arise for those physical businesses in need of unarmed or armed guards: what precautions are to be taken by guards, and what kind of interaction is there going to be with their customers?