• Mohinee Singh
  • October 20, 2020

CF BYTES- ISSUE#16

Dear All,

Welcome to the October 2020 first fortnight edition of CF Bytes. The government agency CISA released a Telework Essentials Toolkit to help organizations strengthen their cybersecurity measures for long term remote work. Companies like Barnes and Noble proactively reached out to their customer for resetting their passwords via email, warning them that its network was breached. China as a nation is strictly keeping her kids away from addictive digital content by passing a law coming effect on June 1, 2021. Microsoft also partnered with the NIST cybersecurity division to develop and enhance standards and guidelines for best practice patch management.

Coming to security breaches, millions of customer records which included information on patients who had tested positive for COVID-19; were exposed in Dr. Lab PathLabs Ltd. a medical testing firm in India. This was due to poor configuration and not following proper IT hygiene in Cloud storage.

Blackbaud software’s ransomware attack and subsequent data breach have admitted that sensitive customer data such as bank account information, Social Security numbers, usernames were accessed by attackers.
The nuisance of credential stuffing attacks continued in Walmart-owned Sam’s Clubs, an American chain of membership-only retail warehouse clubs. The company proactively started sending the automated password reset emails and security notifications to affected customers as a result.

Meanwhile, Google and Intel released security advisories regarding a high severity vulnerability in BlueZ, the Linux Bluetooth protocol stack; called ‘Zero-Click’ Kernel Bug in Linux-Based IoT Devices.

Security News

Facebook launches Forecast, a community for crowdsourced predictions and collective insights. Forecasts will let users ask questions and predict the outcomes. Forecasts will be trackable over time and shareable on other platforms. Typical use cases can be US presidential elections 2020 or COVID -19. Read more

The Cybersecurity and Infrastructure Security Agency (CISA) released a Telework Essentials Toolkit to help organizations strengthen their cybersecurity measures as they transition to long-term remote work models. Read more

American bookselling giant Barnes & Noble is contacting customers via email, warning them that its network was breached by hackers, and that sensitive information about shoppers may have been accessed. Read more

China is implementing stricture measures in its bid to keep kids away from addictive digital content. It has plans to pass a revamped law that will ban internet products and services which “induce addiction” in kids. The updated law will take effect on June 1st, 2021. Read more

Microsoft has partnered with the NIST National Cybersecurity Center of Excellence (NCCoE) to develop clearer industry standards and guidelines for best practice patch management. Read more

Attacks / Breaches

The Clop group attacked Software AG, a German conglomerate with operations in more than 70 countries, threatening to dump stolen data if the whopping $23 million ransom isn’t paid. Read more

Blackbaud ransomware attack and subsequent data breach likely had access to more unencrypted data than previously disclosed, including bank account information, Social Security numbers, usernames, and or passwords, according to a recent Securities and Exchange Commission filing. Read more

Sam’s Club has started sending the automated password reset emails and security notifications to customers who were hacked in credential stuffing attacks. Read more

Millions of customer records belong to Dr. Lab PathLabs Ltd., one of India’s largest medical testing firms, has been found exposed online which included COVID -19 tested patients. This is in the latest case of a medical testing company failing to secure its cloud storage due to poor IT hygiene. Read more

Google and Intel are warning of a superior-severity flaw in BlueZ, the Linux Bluetooth protocol stack that supplies guidance for core Bluetooth layers and protocols to Linux-dependent internet of issues (IoT) units. Read more

× How can I help you?