AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/12/2020

Twitter ‘looking’ at a possible TikTok tie-up

Twitter has approached TikTok’s Chinese owner ByteDance to express an interest in buying its US operations, according to reports. Video-sharing platform TikTok has been at the centre of fierce debate in recent weeks and takeover talk. Last week US Donald Trump ordered firms to stop doing business with TikTok within 45 days over security concerns. Tech giant Microsoft is the front-runner to buy TikTok but now Twitter has emerged as a possible suitor. But it remains unclear whether Twitter can afford to buy TikTok from its Chinese owners and can complete a deal within the 45-day window, according to sources quoted in the Wall Street Journal.

 

Covid-19 is taking elevator anxiety to the next level. This Indian tech company has a solution

Before the pandemic, there were many reasons to be anxious about taking an elevator — from being crammed in a small space with strangers, to getting stuck between floors. Now, as coronavirus cases exceed 18 million worldwide, many people are concerned about catching the virus, whether from someone else in the elevator or via the buttons. Software engineer Bhavin Ahir felt the fear in the apartment block where he lives in March, when the Indian government implemented what would become a four-month lockdown. Ahir lives on the 12th floor of a 13-floor apartment block in the western state of Gujarat. The tower block is home to hundreds of people who take the elevator multiple times each day.

 

Why Human Resources is a Key Stakeholder in Cyber Risk Management

The human resources (HR) function has become integral to organizational cyber risk management in recent years. Along with information security/information technology (InfoSec/IT), HR is increasingly called upon to help determine and enforce employee data permissions, train and enforce cybersecurity policies and procedures and help respond to cyber events involving employees, according to a recent report from Guy Carpenter-affiliate Marsh JLT Specialty. HR’s increased involvement is due to a convergence of factors, including: a more active regulatory environment, the pervasive use of technology and devices in employees’ work, and recognition of the importance of a strong organizational cybersecurity culture.

 

Facebook extends coronavirus work from home policy until July 2021

Facebook  has joined Google in saying it will allow employees to work from home until the middle of next year as a result of the coronavirus pandemic. “Based on guidance from health and government experts, as well as decisions drawn from our internal discussions about these matters, we are allowing employees to continue voluntarily working from home until July 2021,” a spokeswoman told the Reuters news agency. Facebook also said it will provide employees with an additional $1,000 to spend on “home office needs”. Late last month Google also extended its coronavirus remote work provision, saying staff would be able to continue working from home until the end of June 2021.

 

Microsoft Office 365 is becoming the core of many businesses. And hackers have noticed

As the use of Microsoft’s Office 365 grows – encompassing services including Exchange, Teams, SharePoint, OneDrive and more –the sheer amount of data stored in the cloud is proving to be a tempting target for some of the most sophisticated hacking operations in the world, according to cybersecurity researchers at FireEye Mandiant. “The amount of data in Office 365 is just huge and attackers are obviously interested in data. But also they can now access that data from pretty much anywhere in the world,” Doug Bientock, principal consultant at Mandiant told ZDNet, ahead of the research being presented at the Black Hat USA security virtual conference. “Office 365 is also a gateway for organisations to access other applications as a single sign-on platform,” Bienstock explained.

 

Security training body Sans Institute hit by data breach

The Sans Institute, a provider of cyber security training and certification services, has shown that even security professionals are not immune to compromise, after losing approximately 28,000 items of personally identifiable information (PII) in a data breach that occurred after a single staff member fell victim to a phishing attack. The organisation, which has established a reputation as one of the most important sources of security training in the world, uncovered the leak on 6 August 2020, when it was conducting a systematic review of its email configuration and rules. During this process, its IT team spotted a suspicious forwarding rule and a malicious Microsoft Office 365 add-in that together were able to forward 513 emails from a specific individual’s account to an unknown external email address before being detected.

Related Posts