AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/31/2021

Supply chains, ransomware, zero trust and other security predictions for 2022

As 2021 draws to a close, no one in their right mind thinks that cybersecurity risk is just someone else’s problem anymore; major cybersecurity incidents like the SolarWinds breach and the Colonial Pipeline ransomware attack have raised cybersecurity awareness among public opinions and decision-makers.  The White House issued an Executive Order on cybersecurity in May to send a clear message about the administration’s priorities: create a nationwide commitment to enforcing cybersecurity best practices. Cybercrime is becoming more professionalized, organized, systematic, and diversified, making better cybersecurity crucial for nations and companies.

 

University loses 77TB of research data due to backup error

The Kyoto University in Japan has lost about 77TB of research data due to an error in the backup system of its Hewlett-Packard supercomputer. The incident occurred between December 14 and 16, 2021, and resulted in 34 million files from 14 research groups being wiped from the system and the backup file. After investigating to determine the impact of the loss, the university concluded that the work of four of the affected groups could no longer be restored.  All affected users have been individually notified of the incident via email, but no details were published on the type of work that was lost. At the moment, the backup process has been stopped. To prevent data loss from happening again, the university has scrapped the backup system and plans to apply improvements and re-introduce it in January 2022.

 

Top 10 healthcare breaches in the U.S. exposed data of 19 million

The healthcare sector has been the target of hundreds of cyberattacks this year. A tally of public data breach reports so far shows that tens of millions of healthcare records have been exposed to unauthorized parties. Most of the largest data breaches result from ransomware attacks and the first ten of them account for more than half of all the healthcare records exposed in 2021. The breach notification rule under the Health Insurance Portability and Accountability Act (HIPAA), requires healthcare organizations to disclose a breach if it affects more than 500 residents of a state or jurisdiction. The top ten cyber events with the widest impact listed on the portal of the U.S. Department of Health and Human Services (HHS) Office for Civil Rights are from hacking incidents and account for exposing data of almost 19 million people.

 

Google is urging people to please finally update Microsoft Teams

Microsoft Teams was found blocking emergency calls on Android accidentally, with both Microsoft and Google scrambling to find a remedy for the security loophole that made this possible. A full fix for the underlying problem is coming to Android with the January update, but as we all know, it can take quite a while until it rolls out to all phones. That’s why Google is sending out emails to users now, urging them to update their Microsoft Teams app in the meantime. While most people have probably activated automatic updates on their Android phones, a few users might have deactivated them or simply not have enough free space left on their smartphones for updates to be downloaded. These are the only people Google is contacting via email, according to a tweet shared by Mishaal Rahman. It’s likely that your phone has long automatically updated to the version of Teams that fixes the bug, especially if you haven’t received an email from Google like this.

 

How do I Know if a Website is Safe to Use my Credit Card?

With regular news stories about companies being hacked, database breaches, internet-breaking vulnerabilities and online credit card theft, web users are justifiably anxious about making online purchases for fear that their personal information will be compromised by attackers. But where does legitimate concern end and outright paranoia begin? In this post I will try to dispel some of this anxiety and equip users with knowledge on how to make safe purchases online.

 

T-Mobile pins latest data breach on SIM swapping

T-Mobile is still suffering from data breaches, although its latest headache may be more reflective of the phone business at large. The carrier has confirmed to Bleeping Computer that a recent data breach stemmed from SIM swapping attacks. Intruders compromised a “very small number” of customers by reassigning SIM cards or viewing “limited” account info, T-Mobile said. It’s not clear what methods the attackers used, but SIM swaps are frequently used to take control of internet accounts and circumvent SMS-based two-factor authentication. The attacks sometimes rely on tricking or paying carrier staff to make the swaps.

Related Posts