This is it, folks. The final Weekly News Roundup of 2019. What a year it has been. Defenders have had their fair share of challenges, particularly those in the public sector who have been hit hard with ransomware. From Florida to Louisiana, Texas and New Jersey, there are few states that have not seen one of their municipalities downed by a ransomware attack.
As the public and private sector build stronger relationships and engage in more threat intelligence sharing, we may not see these attacks go away, but we will hopefully find that more cybersecurity professionals across all sectors have the ability to detect threats earlier and respond to them before they have a significant or damaging impact on the organization.
It’s my humble prediction that the new year will bring a heightened focus on election security, particularly in light of news that Chinese hardware powers US voting machines, as The Security Ledger reported. Additionally, with reports that hospital executives are being asked for patient data and the California Consumer Privacy Act (CCPA) going into effect at the start of 2020, we will surely hear lots of discussions about consumer privacy and regulations.
For now, though, let’s take a look at what happened this week:
Dec. 20: Security researcher Bob Diachenko at Comparitech discovered, “A database of 267 million Facebook user IDs, phone numbers, and names was left exposed online for a fortnight thanks to another cloud misconfiguration, according to researchers,” Infosecurity Magazine reported.
Dec. 19: Malicious actors have reportedly flown under the Wawa radar since March. Endgadet reported, “The company discovered the malware in its payment processing systems on December 10th, and believes it affected potentially all Wawa locations since March 4th, 2019, although some were infected later and some not at all.”
Dec. 19: Honda reported that a misconfigured Elasticsearch database unintentionally leaked the personal information of 26,000 car owners.
Dec. 18: Tech giants Apple, Amazon and Google have joined forces in an initiative dubbed “Project Connected Home Over IP” intended “To develop and promote the adoption of a new, royalty-free connectivity standard to increase compatibility among smart home products, with security as a fundamental design tenet," Business Insider reported.
Dec. 18: A member of the nefarious hacking group Dark Overlord is facing charges in St. Louis after he was extradited from the UK, according to the DoJ.
Dec. 18: The Defending American Security from Kremlin Aggression Act (DASKA), a bill that will impose sanctions on Russia for its interference in the 2016 US elections, was approved (17-5) by the Senate Foreign Relations Committee and will now go before the full Senate, The Hill reported.
Dec. 17: An Advanced Persistent Threat (APT) group has been targeting equipment manufacturers, “using industry-sector-themed spear-phishing emails and a combination of free tools,” according to CSO Online.
Dec. 16: More than 4,000 Metropolitan Police in London underwent cybercrime training to augment their “digital policing skills,” Infosecurity Magazine reported.