AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/16/2020

Staples discloses data breach exposing customer info

Giant office retail company Staples informed some of its customers that data related to their orders has been accessed without authorization. Few details are available at the moment. The company has not disclosed the incident publicly and alerted affected customers individually over email. It is important to note that Staples’ main business is selling office supplies and related products using retail channels and through business-to-business engagements. The office retail giant sent out a brief notification letter signed by Staples Inc. CEO Alexander ‘Sandy’ Douglas providing an outline of the incident. BleepingComputer learned that the event occurred earlier this month around September 2 and consisted of unauthorized access to a system belonging to Staples.


History shows, transparency can ease the fallout from a cyberattack

Cybersecurity firms have a responsibility to keep their clients safe from digital attacks. But when they end up the victims, they potentially risk losing credibility with these customers, especially if their operations are disrupted. It’s a potentially juicy extortion scenario for attackers, and we just saw an example of this play out last week when it was reported that Boston-based cyber-as-a-service company Cygilant was hit with a NetWalker ransomware attack and corresponding data breach. In such cases, the best response is generally for the infosec firm to practice what it likely already preaches to its clientele: be upfront and transparent. “There is a lot of work that is required to regain trust,” said Jarad Carleton, the global program leader for cybersecurity at ICT at Frost & Sullivan. “And accomplishing that goal is dependent on communication and openness about what happened, why it happened, and what will be done to ensure it doesn’t happen again.”


Google says its carbon footprint is now zero

Google says it has wiped out its entire carbon footprint by investing in “high-quality carbon offsets”. It became carbon-neutral in 2007 and says it has now compensated for all of the carbon it has ever created. It also aimed to run all of its data centres and offices on carbon-free energy by 2030, chief executive Sundar Pichai has announced. Other large technology companies have also committed to reducing or eliminating their carbon use. In January Microsoft revealed plans to become “carbon negative” by 2030. In July, Apple announced a target of becoming carbon neutral across its entire business and manufacturing supply chain by 2030. Amazon has set a 2040 target to go carbon neutral. Mr Pichai said Google’s pledge to be using only carbon-free energy by 2030 was its “biggest sustainability moonshot yet”.


25 Years Ago, ‘Hackers’ Introduced Movie Audiences to the Internet

It’s wild to think that the internet has only been a part of the public consciousness for a few decades. When the movie Hackers hit theaters in September 1995, only 14 percent of Americans had access to the web, according to Pew Research, and the vast majority were on achingly slow dial-up. But the online revolution was just around the corner. One person who had a pretty prescient idea of what a digitally connected world could mean was screenwriter Rafael Moreu. He’d been paying attention to the nascent world of computer networking since the US government started cracking down on phreakers (telecommunication hackers) in the late 80s, and considered these digital natives the next phase in human evolution. 


Microsoft 365 will soon show you precisely which phishing emails have been blocked

According to a Bleeping Computer report, the software giant believes that false positives remain a huge challenge while keeping users safe – an issue the new feature should mitigate. At the moment, Office 365 is powered by the Exchange Online Protection (EOP) filtering stack, which tends to accidentally mark regular emails as phishing scams.  Once the new feature goes live, however, users will be to read the flagged emails and request their release if appropriate. “We understand that managing false positives is important to ensuring email is delivered appropriately, and in the past, end-users weren’t granted access to the quarantine to view messages,” Microsoft said. The company expects to make the new tool generally available later this month.


Apple pisses off devs by launching iOS 14 with just a day’s notice

Apple’s September event held virtually yesterday didn’t have too many surprises for customers. Almost everyone new that new Apple Watches, refreshed iPads, and the Apple One bundle is coming. However, the company announced that its iOS 14 and iPadOS 14 will start rolling out from the very next day. This caught third-party app developers off-guard, as they usually have at least a week’s time to prepare their apps to be compatible with the latest versions of those platforms, after Apple’s marquee event. After Apple announces its iPhones, it releases Xcode and iOS’ “Golden Master” version (the one that will ship to customers), so that developers can tune their apps for when customers get the latest mobile operating system. Last year, iOS 13 rolled out almost 10 days after the iPhone event, allowing devs a decent amount of time to get their apps ready. This year, they have a window of hardly a day to test and push out their updated code.

Related Posts