Welcome to The Dashlane Tech Check for August 11, 2017! I’ll help you catch up on Dashlane news and the biggest headlines in the tech and information security industry. And, just for fun, I’ll include a useful life hack that will keep your personal and work-related data secure all year long.
What in the (security) world?
Here’s what made headlines this week in the world of digital identity, security, and privacy:
White House cybersecurity coordinator says government is lacking 300,000 cybersecurity experts
White House cybersecurity coordinator Rob Joyce says that the US is lacking 300,000 cybersecurity experts needed to defend the country during an exclusive interview with CBS News‘ Jeff Pegues. Joyce also warned the general public not to use software from Kaspersky Lab–a Russian cybersecurity firm with suspected ties to the Russian government. “I worry that as a nation state Russia really hasn’t done the right things for this country and they have a lot of control and latitude over the information that goes to companies in Russia. So I worry about that.”
Hackers scam $500,000 of crypto-currency from Enigma investors
According to Tech Crunch, hackers managed to nab 1,492 in Ether coin–which is worth nearly $500,000 USD–just weeks before Enigma’s ICO, which is a crypto token sale, in September. The hackers were reportedly targeted 9,000 users on Enigma’s mailing list and Slack group by altering the company’s website and sending targeted spam emails urging users to send money to their crypto wallet. Tech Crunch also reports hackers also managed to access the email of Enigma’s CEO Guy Zyskind. In response, Enginma shut down its websites and Slack group, and released a statement they’ve implemented new security measures, including strong passwords and two-factor authentication for all employee email accounts.
An online utility payment system may have been compromised in a data breach
The Oceanside Police Department believes the online payment system used by residents to pay utility bills may have been compromised in a data breach. NBC News in San Diego says that officials were first notified of a potential breach after residents noticed the credit cards they used on the online payment system had unauthorized charges. The source of the breach is to be determined, but the city did shut down the online payment system and launched an internal investigation.
Hackers are using malware-laced Word documents to hack hotels across Europe
The hacking group APT28, also referred to as Fancy Bears, is currently using malware-laced Word documents and a leaked NSA hacking tool to spy on hotel guests. A security researcher from FireEye told Motherboard that the hackers are sending documents that look like guest forms to hotel employees, infecting the computer using the NSA’s ETERNALBLUE exploit to access internal networks. The hackers are also using a special tool called Responder to steal credentials from employees. Although FireEye’s security researcher noted the hacker group is targeting hotels with “distinguished visitors”, he did not specify which hotel chains were being targeted.
Hacking group exposes private data of several 2010 World Cup soccer players
Another hacker group Fancy Bears–not to be confused with the APT 28/Fancy Bear group– leaked the records of 25 World Cup soccer players that were awarded therapeutic use exemptions (TUEs) during the 2010 FIFA World Cup. According to Infosecurity Magazine, the group also claims to have proof that 160 players failed drug testing in 2015. It’s currently unclear if this breach was politically or financially motivated.
The State of Enterprise Security
86 percent of System Admins use only the most basic username and password authentication to access and protect their main business account
Looks like SysAdmins should start taking their own advice on password security. SC Magazine UK shared new research from Vanson Bourne, which found that 86 percent of the SysAdmins surveyed only use a username and password to access and protect their main business account. Surprisingly, the research also found that 17 percent of SysAdmins fail to use complex passwords to protect their accounts.
90 percent of organizations recorded exploits for vulnerabilities that were three or more years old, new report finds
Infosecurity Magazine shared a new report from Fortnet, which found 90 percent of organizations had recorded 90% of organizations recorded exploits for vulnerabilities that were three or more years old. Moreover, 60 percent of companies still experienced cyber attacks from exploits that were over 10 years old. Fortnet concludes that poor security hygiene and risky application usage are to blame for hackers exploiting vulnerabilities as a means to breach their internal systems.
The Week’s Lifehack to Improve Your Security
It’s Back-to-School time and we’re taking your college students back to Cybersecurity 101! 🤓 All month long, we’ll share new chapters from our must-have guide on online safety exclusively for college students and other tech-savvy young adults.
And we didn’t forget about educators! We also created an exclusive guide for professors, faculty members, and administrators on how to secure classroom technology.
Have any thoughts on any of the news I shared? Leave me a comment below and make sure to visit our blog next week for another edition of The Dashlane Tech Check!