10Fold – Security Never Sleeps – 67

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider:  Trump luxury hotels have suffered a potential mass data breach. Details from the Panama Papers investigation revealed that all of the stolen data is now being hosted in the Amazon cloud. The White House, US department of Homeland Security and industry experts created a certification program for IoT devices. Osterman Research consultants revealed that 18% of companies have suffered malware infections because of social networks.

Some Trump hotels hit by data breach: Report– Publication: CNBC – Reporter name: Jacob Pramuk

A line of luxury hotels linked to businessman and Republican presidential contender Donald Trump is investigating a possible credit card breach, Krebs on Security reported Monday, citing sources. The cyber security news site said financial industry sources noticed a string of fraud on customer credit cards used at the Trump Hotel Collection. The activity appeared on cards used in the past two to three months at properties including the Trump International Hotel New York, Trump Hotel Waikiki in Honolulu and the Trump International Hotel & Tower in Toronto, sources told the outlet.


From Encrypted Drives To Amazon’s Cloud — The Amazing Flight Of The Panama Papers – Publication: Forbes – Reporter name: Thomas Fox-Brewster

It was an epic haul. Whoever caused the Panama Papers breach at tax avoidance and offshore company specialist Mossack Fonseca leaked an astonishing 11 million documents and 2.6 terabytes of data, the largest of all time. Where’s all of that data stored now? In an Amazon cloud data center, accessible to anyone who knows the URL and has a password. The journey of those files, from the leaks to the revelations, is an astonishing example of developers working with journalists to keep whistleblowers and the information they supply safe and, just as crucially, usable. With the extra kicker: it was largely done using free, open source technology.


‘CyberUL’ Launched For IoT, Critical Infrastructure Device Security – Publication: Dark Reading – Reporter name: Kelly Jackson Higgins

Internet of Things (IoT) devices and industrial systems used in critical infrastructure networks now have an official UL (United Laboratories) certification program – for cybersecurity. UL today rolled out its anticipated—and voluntary–Cybersecurity Assurance Program (UL CAP), which uses a newly created set of standards for IoT and critical infrastructure vendors to use for assessing security vulnerably and weaknesses in their products. The UL CAP was created in conjunction with the White House, the US Department of Homeland Security, industry, and academia, and falls under President Obama’s recently unveiled Cybersecurity National Action Plan (CNAP) as a way of testing and certifying networked devices in IoT and critical infrastructure.


One out of five businesses are infected by Malware through Social Media – Publication: Panda Security – Reporter name: STAFF

What at first seems an unimportant habit, can have serious repercussions.  Yes, an employee risks the chance of being caught in the act, but what about the company? Osterman Research consultants have confirmed in their latest report that 18% of companies have suffered malware infections because of social networks.  Employees aren’t the only ones using these platforms, though.  Companies often have business profiles which make it more difficult to detect the source of the problem. According to this document, 73% use Facebook for work purposes, 64% use LinkedIn and 56% use Twitter.  Companies are also showing interest in collaborative platforms designed for them such as Microsoft SharePoint, different Cisco products, the Salesforce Chatter software solution and Connections, a platform developed by IBM.