The target: TronicsXhange, a California-based electronics retailer
The take: 80,000 images of personal identification cards and 10,000 fingerprint scans. Information included: driver license number, full name, birthday, home address, gender, hair and eye color, height and weight, and a photo of the individual.
The attack vector: The breach occurred when an unsecured Amazon S3 bucket was discovered online even after the company had ended its operation. The database was connected with no password protection meaning anyone who found the correct URL could access and freely download the data.
The breach is serious as the sensitive information stored could lead to severe cases of fraud. Asset management is a critical procedure for any company, and the fact that this server was kept online even after the company had supposedly closed its doors for business highlights the extreme importance of proper decommissioning procedures to ensure sensitive information is securely destroyed or taken offline.
ZDNet: A new offensive force made up of spies, cyber experts and the members of the military is already conducting cyber operations to disrupt hostile state activities, terrorists and criminals, the UK government has revealed.
Yahoo Finance: Cybersecurity Ventures predicts global cybercrime costs will grow by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025, up from $3 trillion USD in 2015. This prediction is part of a special report conducted by Cybersecurity Ventures and sponsored by INTRUSION, Inc.
Reuters: Canada on Wednesday identified state-sponsored programs in China, Russia, Iran and North Korea as major cyber crime threats for the first time, and said it feared foreign actors could try to disrupt power supplies.
NBC News: Krebs, the director of the Cybersecurity and Infrastructure Security Agency, or CISA, has been the target of public criticism from Trump since the Nov. 3 election over his agency's Rumor Control blog, which rebuts a list of false claims about election fraud and hacking — many of which Trump or his lawyers have touted as real after he lost the election.
My Twin Tiers: The New York State Department of Financial Services has announced their partnership with Global Cyber Alliance to help bring a “cybersecurity toolkit” to small businesses in the State. The DFS stated that this partnership is following many small businesses switch to online and remote work during the COVID-19 pandemic.
Investment Week: The worm damaged about 6,000 computers, representing - at the time - roughly 10% of the entire internet. Over the ensuing decades, computing and connectivity would become even more ubiquitous, as how we work and play increasingly went online; and where, the combination of chips and sensors would become the very fabric of our how we live our lives.
The target: Vertafore, a U.S based insurance provider.
The take: 27.7 million records of personally identifiable information including: driver license numbers, first and last names, date of birth, address, and vehicle registration history.
The attack vector: Three database files containing the above information were placed, through human error, on an unsecured external, third-party storage service with no authorization access. Meaning anyone with an internet connection had the ability to access and download the data.
This breach highlights the importance of robust cybersecurity protocols and processes. Rigid steps around the transfer andmovement of data is needed to ensure maximum protection of sensitive information, with multiple checks to verify that the destination of the information is secure and expected safeguards are in place. When data is moved, the proper controls commensurate with the sensitivity of the data must travel with it.
Forbes: How each cybersecurity CEO responds to the challenges of keeping employees safe, customers secure and product release cycles on schedule while still achieving customer success – all virtually – provide valuable insights into leading a company during difficult times. Simon Biddiscombe, CEO of MobileIron, exemplifies the empathy all CEOs interviewed have for their employees' welfare. "My first priority when the pandemic hit was to protect the health and safety of our employees, yet still maintain an "always-on business" for our customers," Simon mentioned during a recent interview.