Cyber Round-up for 9th October
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Does your organisation have a Bring Your Own Device (BYOD) policy? If so, you may be interested in what you can do to ensure your company data is being accessed securely on employee’s personal devices. As always, user awareness plays a big part in information security; as an employee, you should always be looking out for suspicious phishing attempts. On top of this, keeping your devices up to date ensures that you are not at risk from known vulnerabilities. Additional guidance on the use of personal devices for remote workers can be found here; we advise you look into this if your organisation has recently employed a BYOD policy.
Cloud computing provider, Blackbaud, suffered a ransomware attack back in May which saw the information of 166 UK organisations stolen by hackers; this number includes universities, schools, and charities. New findings suggest that millions of people worldwide may have been affected as well, including international clients such as hospitals and human rights organisations. This new investigation also found that the criminals had access to unencrypted customer data, including bank account information, social security numbers, usernames, and passwords. Most of the sensitive data was encrypted; however, it is worth noting that this was not the case for all of it as stated above. Since the breach, the firm claims to have paid the ransom despite being advised against it; the hacker group also claims to have destroyed the stolen data after the payment was made.
Medical software company, eResearchTechnology, has been hit by a ransomware attack. The company is currently conducting clinical trials for a COVID-19 vaccine; however, the actions of the attackers has halted this process. The motivations of the group are unclear at this time, and it is not yet known if the ransom was payed; despite this, the firm is now in recovery mode and is making progress in restoring their systems. eResearchTechnology was responsible for 75% of all FDA drug-approvals last year, which shows how much of an impact this attack has had.
iOS 14 is the latest operating system for apple’s mobile devices; the upgrade brought with it a number of important security and privacy features that really enhance your iPhone. A new feature that was implemented exists in Apple’s password manager; this new security recommendation update warns users when their saved passwords have been compromised in a data breach. This new feature is amazing and prompts you to change your password as soon as its security checks detect a compromise. Apple seems to be making all the right moves when it comes to security, and we are excited to see what they produce in the future.
Google are determined to restore everyone’s faith in the Android operating system, despite it having a reputation for its lack of security. In a recent announcement, Google stated they are taking the necessary steps to resolve their issues. They said they are working to “drive remediation and provide transparency to users about issues we have discovered at Google that affect device models shipped by Android partners”. This means that Google’s Android Partner Vulnerability Initiative will be addressing several security flaws found in third-party Android devices. This is directly aimed at Android devices that are not maintained by Google; the uncovered vulnerabilities include insecure backups, password manager flaws and more. More details can be found here on AVPI’s bug tracker.
Vulnerabilities & Updates
Google released Chrome 86 this week, and a number of huge security enhancement features along with it. These features include password security, insecure download protection. These changes will be introduced for both desktop and mobile users, and even includes automatic update checking for the browser. Additional support for password check-ups is also being implemented, which aims to warn users if any of their saved passwords have been involved in a data breach; a prompt urging you to change your password will be displayed if this check succeeds. These are big steps in the right direction when it comes to security, and we can expect more important updates from Google in the future.
And that’s it for this week’s round-up, please don’t forget to tune in for new instalments every week.
We hope this makes for light reading during these times of uncertainty.
Stay Safe, Secure and Healthy!
Edition #112 – 9th October 2020
Why not follow us on social media:
Ironshare – Security Simplified