“Consulting firm breach”
The consulting firm Deloitte was hit with a cyberattack that may have revealed the emails of its government and corporate clients, CNET reported Monday. Deloitte uncovered the hack in March, but hackers may have had access to the company’s systems as far back as October.
10Fold clients commented on the incident.
Gaurav Banga, CEO of Balbix had this to say: “Clearly, they don’t exactly practice what they preach. If there is no two-factor authentication on administrative accounts, and unencrypted emails are floating around, then the adversary does not need to work very hard after an initial breach-head is established.”
Rich Campagna, CEO of BitGlass, commented on the event as well: “Breaches involving credential compromise often take months to identify and remediate,” he says. “From an IT perspective, it can be difficult to notice unusual activity from hijacked accounts — it may simply appear that users are going about their jobs normally. At Deloitte’s scale, manual review of each somewhat suspicious transaction isn’t a feasible option.”
— CNET (@CNET) September 25, 2017
“AWS S3 bucket contain sensitive information”
Researchers discovered an unprotected Amazon Web Services S3 bucket containing potentially sensitive information associated with a system used internally by Verizon. The cloud container, discovered by Kromtech Security on September 20, stored roughly 100 Mb of data from a system called Distributed Vision Services (DVS), which is used to retrieve and update billing data on all Verizon Wireless front-end applications.
“Over a half million devices affected”
Once again, security researchers have stumbled upon a cache of information that they were never meant to see. This time the exposed data contained details on more than half a million vehicle tracking devices and their users. The discovery was reported yesterday by Kromtech chief of communications Bob Diachenko. The 540,000-plus exposed records included device information like the tracker’s IMEI (International Mobile Equipment Identity), a unique number that gets assigned to devices with cellular connectivity.
“What data is collected, and why?”
Security teams collect a heck of a lot of data today. ESG research indicates that 38% of organizations collect, process, and analyze more than 10 terabytes of data as part of security operations each month. What types of data? The research indicates that the biggest data sources include firewall logs, log data from other types of security devices, log data from networking devices, data generated by AV tools, user activity logs, application logs, etc.
Enjoy your read? Check out our other content here.