Security News for the Week Ending March 1, 2024
Five Eyes Agencies: SolarWinds Hackers Adopting New Tactics
As businesses move to the cloud, hackers are adopting new techniques since Software as a Service providers are much better at patching than most companies are. Instead, the Russian hackers are stealing authentication tokens and using them to get access to the cloud, including creating new accounts with those tokens. Credit: The Record
NIST Releases New Version of Cybersecurity Framework
The last version was released ten years ago. Although it will take a while to translate this into practice, a lot has changed in ten years. Use of the framework is only mandatory for the federal government, but unless you have a business requirement for a different governance framework (such as if you are a defense contractor), this is the one for you. If you have questions about it, please contact us. Credit: Security Week
Employees Input Sensitive Data into AI Tools Despite Risks
The headline kind of says it all. Who would guess employees would do this? This includes customer information, sales figures, financial data and PII. Likely this is due to the lack of clear policies and their enforcement. The risks are only going to climb as use increases. Read the stats at the link. Credit: ZDNet
Brazilian Appeals Court Tells Meta to Stop Calling Itself Meta
Anyone who has tried to name a company knows how hard it is. Meta Services in Brazil has been around for about 20 years. Meta Facebook, maybe two or three. Brazilian Meta says it has been included in over a hundred lawsuits and had its Instagram profile suspended for impersonating the Zuck. The court says it will cost Facebook $20,000 a day if they don’t comply. Credit: Cybernews
White House EO Blocks Mass Transfer of Sensitive Data to “Countries of Concern”
The Executive Order covers personal and sensitive information such as biometric, financial, genomic, geolocation, and personal health data, as well as specific types of personally identifiable information. The sale of Americans’ data raises significant privacy, counterintelligence, blackmail and other national security risks. We will see how effective it is. Credit: Security Week