AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 07/18/2022

Public Cloud Customers Admit Security Challenges

Most global organizations aren’t fully confident in the effectiveness of their security controls in the public cloud, despite storing sensitive data there, according to a new Cloud Security Alliance (CSA) study. Sponsored by Anjuna Security, the Sensitive Data in the Cloud report is compiled from interviews with 452 IT and security professionals, from various organization sizes and locations. It revealed that over two-thirds (67%) of respondents now store sensitive data or workloads with public cloud service providers (CSPs). However, while a majority claimed they find CSP security controls somewhat (51%) or highly effective (38%), the same is not true of their own tooling.In fact, around a third (31%) said they are not confident or only slightly confident about their ability to protect sensitive data in the cloud, and a further 44% claimed they are only “moderately” confident.


TikTok’s chief security officer steps aside, thanks to Oracle move

TikTok’s Global Chief Security Officer Roland Cloutier has “transitioned” from his job into “a strategic advisory role focusing on the business impact of security and trust programs.” Cloutier’s change was revealed in a Saturday organizational update that starts with Cloutier himself signing off from the job on grounds that TikTok has “made significant progress in delivering on the promises we’ve made to our global community, business partners, and governments around the world.” TikTok CEO Shou Zi Chew and ByteDance VP of Technology Dingkun Hong then weigh in with praise of Cloutier, and an explanation that Cloutier’s efforts to make Oracle Cloud the default storage option for US-based users’ data means the time is right for the CSO to take on new responsibilities. Which is all very nice, except for one small but important detail: since trumpeting Oracle as its default storage provider, TikTok has also revealed that staffers in China can still see US users’ data.


Zero-day attacks climb as hackers get more sophisticated

Hackers are moving fast to exploit security vulnerabilities. There was a surge in widespread zero-day attacks last year, with the average time to exploitation down from 42 days in 2020 to just 12 days in 2021. This ‘Time to Known Exploitation’ (TTKE) represented a 71% decrease from the previous year, largely due to the heightened volume of zero-day attacks, many of which were eventually used by ransomware gangs.

With ongoing geopolitical uncertainties and the threat on nations opposing Russia’s war in Ukraine, governments are urging organisations to strengthen their cyber defences to counter the increased potential threat of state-sponsored cyber-attacks. This is just one more reason why it is important that security and risk teams have a clear view of the broad range of critical vulnerabilities and threats they face, with particular emphasis on technologies they know are central to their business operations. In our 2021 Vulnerability Intelligence Report, we presented a thorough assessment of last year’s attack landscape, with an expert analysis of attack vectors and exploitation trends from what was a truly harrowing year for risk management teams around the world. Not only were governments and organisations grappling with the COVID-19 pandemic, but security teams faced a rapid rise in attack complexity and scale. Widespread attacks leveraging vulnerabilities in commonly deployed software were endemic, ransomware risk continued to rise, and zero-day exploitation reached what was considered to be an all-time high. The report detailed 50 notable vulnerabilities, of which 43 were exploited in the wild, and it highlighted several non-CVE-based attacks, including significant supply chain security incidents.


Rhode Island sewer-system operator hit by cyber attack

PROVIDENCE — The Narragansett Bay Commission, which runs sewer systems in parts of the metropolitan Providence and Blackstone Valley areas, was hit by a ransomware attack on its computer systems. A spokeswoman for the commission acknowledged the attack in a Friday evening email to The Providence Journal. “Last week, the Narragansett Bay Commission identified a cybersecurity incident that involved the encryption of data on certain computers and systems in its network,” spokeswoman Jamie R. Samons said in the email. While she did not specify a ransomware attack, such attacks typically involve hackers encrypting data on a victim’s computer system and refusing to supply the key to decode the data until a ransom is paid.


Hacked Shanghai police database didn’t let users set a password

A recently-stolen database holding personally identifiable information on a billion Chinese citizens had been sitting online, unprotected by any credentials(opens in new tab), and available for anyone who knew where to look, reports have claimed. The Wall Street Journal has said an investigation is currently underway to determine the circumstances leading up to the breach. Allegedly, the Alibaba cloud platform used by the Shanghai police department was outdated in such a manner that even setting up a password(opens in new tab) for the database wasn’t an option. These findings would be in line with what the media initially reported, when cybersecurity researchers pointed the finger at third-party cloud infrastructure partners such as Alibaba, Huawei, or Tencent.

Related Posts