I started off the week in our nation’s capital, watching from the sidelines as 25,000 runners embarked on a 10-mile run for the 35th annual Army Ten-Miler. While it was nice to take a break from the cybersecurity buzz, the world of regulation, data protection and cyberattacks kept running full speed ahead.
As I did my own reading to catch up on what I missed, I also pulled together a list of the week’s top headlines to bring others up to speed. Here’s a quick overview of some of the industry’s most important headlines this week.
Oct. 18: Security researchers at ESET believe they have discovered a new operation from the advanced persistent threat group (APT29), also known as Cozy Bear, infamous for hacking the Democratic National Committee during the 2016 US Presidential campaign.
Oct. 17: Security researchers discovered 768 websites—including an official reelection website of President Trump—that were left vulnerable to malicious takeover as a result of a misconfigured website development tool called Laravel.
Oct. 17: Data privacy legislation proposed by Sen. Ron Wyden of Oregon would deliver harsh punishment—including hefty fines and potential jail time—for companies that violate people’s data privacy.
Oct. 17: Pitney Bowes issued an updated statement on the status of the company’s recovery from an October 14 ransomware attack. As of the October 17 update, “The restoration of our meter refill system is now fully complete for clients in US and Canada. All clients, including SendPro C clients, can now connect to the meter refill system to add postage to their mailing and shipping devices. We continue to work on restoring all other systems and will provide updates.”
Oct. 16: Kaspersky Lab reported that its honeypots detected more than 100 million IoT attacks in the first six months of 2019. That number is nearly nine times higher than the 12 million attacks detected during the same time in 2018.
Oct. 16: Reuters reported that in response to the September 14 attack on Saudi Arabia’s oil factories, the US coordinated and carried out a covert cyber operation against Iran, who denied any involvement in the attack. According to a September 30 report from Al Jazeera, “Yemen's Houthi rebels claimed responsibility but US Secretary of State Mike Pompeo swiftly accused Iran, which rejected the allegations.”
Oct. 16: After years of coordinated international efforts, law enforcement has taken down the world’s largest child-pornography website. Consequently, authorities arrested more than 300 alleged users as well as the South Korean man believed to be the site’s operator.
Oct. 15: During the Democratic debate in Westerville, Ohio, presidential hopeful Andrew Yang made some statements about the US and Russia both having a history of meddling in elections that didn’t sit well with Sen. Amy Klobuchar. “I don’t see a moral equivalency between our country and Russia,” Klobuchar said, adding that Russian interference in 2016 was “much more serious” than “meddling,” and that Russia’s actions constituted an “invasion” of U.S. elections,” according to The Hill.
Oct. 14: Apple acknowledged that it uses the ‘safe browsing’ technology and consequently shares some browsing history of iOS 13 Safari users with the Chinese firm Tencent.
Oct. 14: Sophos investors will be paid $7.40 per share according to the terms of an acquisition announcement from private equity firm, Thoma Bravo, who will pay $3.8 billion in cash to acquire the network security firm Sophos.
Oct. 13: It’s no surprise that cyberattacks continue to plague small businesses. According to a new report published by Accenture, 43% of attacks are directed at SMBs, and the average cost of cyberattacks on small businesses has risen to approximately $200,000.