Seemingly, every week there are new security breaches reported; recently Uber and PayPal both announced that customer data may have been stolen by attackers. In the case of Uber, 57 million passengers’ data may have been leaked. Further, Uber also paid $100,000 dollars to the attackers and requested they sign non-disclosure agreements. This indicates that Uber may have intended to illegally withhold the breach from its customers. PayPal, on the other hand, identified a possible vulnerability in TIO Networks and reported that 1.6 million customer records may have been exposed. TIO Networks is a subsidiary of PayPal acquired in July that mainly processes utility bill payments at kiosk locations like Rite Aid. While the complete details of these breaches have not been disclosed these events continue to articulate the need for companies to evaluate their cybersecurity programs.
As you are coming back from the Thanksgiving weekend and looking forward to the holiday season with friends and family we wanted to take a moment to explain what we are thankful for at Cygilant.
As many know, security information and event management (SIEM); the part of a cybersecurity program that analyzes real-time events and alerts triggered by software or devices has been around quite some time. At Cygilant we have spent over a decade building a platform for analyzing SIEM data. It was not an easy task. As many in the security industry know, working with SIEM data is no small undertaking. So, to say we are very thankful for vendors and technologists that continue to develop and support SIEM is an understatement.
The first and most important action is to educate users of the systems. Most ransomware and cyber-attacks, in general, rely on a user taking an unintended action; commonly a user executes a seemingly normal but nefarious file. Because of this attack vector users should be wary of unsolicited emails, especially ones with attachments and links. To take this one step further users should know what types of files and operations commonly make changes to their systems. This will help them understand when changes are normal or something out of the ordinary is attempting to make changes. To name a few, for example, users of windows machines might want to investigate exe, msi, bat, or ps1 file types prior to executing them.
Chances are the content of this article traversed some wireless network prior to being displayed on the device you are using (or prior to being printed out for you hard copy purists). However, today we learned the WPA2 (WiFi Protected Access II), is vulnerable to key reinstallation attacks. For the past 14 years, WPA2 has been considered the industry standard for maintaining a secure wireless network for personal and enterprise connectivity. What makes this newly released vulnerability different than the recent security headlines is this attack is not leveraging unpatched software or a company’s implementation of technology. This attack actually exposes flaws in the protocol specification (standard) itself; meaning all implementations of the standard are (likely) also vulnerable.