InfoSecSam Newsletter #6

Recent News

H2 Oh No!

Iranian-backed hackers have struck again, this time targeting a water system in Western Pennsylvania. Using software developed by an Israeli company, these hackers attempted to cause chaos and havoc.

Thankfully, the attack was quickly thwarted, but it serves as a reminder that cyber threats can come from anywhere and have real-world consequences.

Bad Guys Make Bank

UnitedHealth, one of the largest healthcare companies in the US, has been compromised by a ransomware attack. In response, the company's CEO confirmed that they paid a whopping $22 million ransom to the hackers!

This is a very controversial move as it sends a message that these types of attacks continue to be successful and can be very lucrative for the bad guys!

Dropbox Drop the Ball

Dropbox has disclosed a significant breach impacting its eSignature service, Dropbox Sign, with unauthorised access to user data including emails, usernames, and account settings!

Worse, some users had phone numbers, hashed passwords, and authentication details compromised. Investigation suggests a third party accessed a configuration tool, prompting security measures like password resets and API key rotations. Impacted users await further communication as Dropbox continues its investigation.

UK IoT Law

UK has taken huge steps to bans easily crackable default passwords on smart devices. The new UK law requires smart devices to adhere to minimum security standards.

Non compliance can result in fines up to £10 million or 4% of global revenue! However it will be interesting to see if this fine is enforced and how they will be enforced on devices manufactured abroad.

Passkey Popularity

Microsoft and Google are promoting passkeys as a more secure alternative to passwords with Microsoft now allowing common users to sign in with passkeys.

Passkey have seen a growth in popularity with Google's passkey support being used over 1 billion times.

This is great news as Passkeys provide great security as they use a unique key pair and biometric authentication for access control instead of pesky passwords.

Career Development

SANS Free Training Resources

The Sans Cyber Access Online course has been developed by the industry recognised SANS Institute and offers free training and certification in concepts related to the assessment and protection of information security systems.

A combination of tutorials and videos, this self-paced course is available and is a part of the professional development curriculum of the SANS Institute.

To get you started you can watch this webcast on AI and Leveraging it for Cybersecurity. You will need to register first but then the webcast is free to watch.

Other News

• Bad Apps Blocked - Google blocked 2.3M apps from Play Store in 2023 due to poor security.

• Copycat Copycan - UK government has been criticised for not acting against tech firms accused of using copyrighted material without permission.

• Fart Phone - Google Pixel phone users are noticing a new feature that allows them to fart, laugh and clap down the phone. This is just weird!

If you found this interesting, forward it on!

If you’re new here, subscribe here!