Cybersecurity news provided by Network Tigers on Monday, 15 February 2021
CLAREMONT, CA — Florida water supply attack, Syracuse University employee names and SSNs exposed, new cybersecurity healthcheck service, stolen game source code sold, Washington state to streamline and fortify cybersecurity operations, largest and most complex breach seen by Colorado University and Microsoft estimates over 1,000 developers involved in SolarWinds attack.
Country’s infrastructure feared to be at risk after Florida water supply attack
Experts say that last week’s attack on Oldsmar, Florida’s water supply highlights potential weaknesses in critical parts of the country’s infrastructure. According to cybersecurity firm TrustedSec’s chief executive, more sophisticated hackers could have created a potentially disastrous scenario and residents of the city were fortunate that the criminals’ efforts were relatively harmless and both quickly identified and corrected. Cybersecurity leaders and advocates feel that this hack was a wake up call and will hopefully draw attention to the fact that many water systems across the nation, a vital piece of infrastructure not usually synonymous with cyber crime, are behind the times with regard to safety and potentially vulnerable. Read more.
Unauthorized access to Syracuse University employee email account exposes names and Social Security numbers
Syracuse University has reported that, as of this writing, no information exposed in a security breach in which someone gained unauthorized access to an employee email account has been misused or stolen. SU said that the incident took place at the end of September of last year and emails containing the Social Security numbers and names of almost 10,000 students, applicants, and alumni may have been accessed. Working with consumer credit reporting company Experian, the university is providing students with a free membership that allows them access to tools designed to help prevent identity theft. Additionally, the school is said to be providing further employee training with regard to cybersecurity and phishing scams. Students and alumni remain frustrated with SU’s seeming lack of transparency with regard to this issue. Read more.
Digital privacy platform IDX unveils new “Cybersecurity Healthcheck” service
In the wake of last year’s SolarWinds hack, a growing number of companies are facing greater challenges with regard to data security. For mid-market organizations interested in seeing how their security systems appear to potentially malicious outside actors, digital privacy platform IDX is offering a complimentary “Cybersecurity Healthcheck” with their already no-cost Master Services Agreement. Organizations who take advantage of this new service will receive a summary detailing any vulnerabilities they may have as well as actions they should take based on a rigorous scan of their network. Read more.
Stolen source code from video game developer CD Projekt Red has allegedly been sold
Following a ransom note that cybersecurity experts believe to have come from hacking group HelloKitty, thieves that had stolen code containing data from a number of games developed by developer CD Projekt Red have reportedly made good on their promise to sell the code on the dark web. According to reports, an auction on the online forum XSS was created in order to sell the data with a starting price of $1 million. Darknet intelligence reporter KELA stated that bidding was closed on the auction when hackers said that they had received an outside offer of $7 million. The alleged buyer was not identified and authorities are continuing to investigate the incident. Read more.
Washington state signals desire to streamline and fortify cybersecurity operations
This month’s data breach at Accellion, a software vendor used by the Office of the Washington State Auditor, has led to a reassessment of the state’s Office of Cybersecurity. With the support of Governor Jay Inslee, legislation has been introduced that proposes to consolidate the organization from a widespread group of federal agencies to a single one that monitors the entire state government’s IT security. While many of the proposed changes made in this process would merely formalize already-in-use practices, advocates say that the decentralization of Washington’s cybersecurity organization is long overdue and are in favor of creating new governmentwide standards with regard to data security and mandatory, regular IT audits. Read more.
Colorado University still unaware of extent of damage after January’s cyberattack
Officials are calling January’s cyberattack on Colorado University the “largest, most complex” breach that the university has seen. At risk are employee, student, health, and research records due to an exploit on software provided by file sharing vendor Accellion. Due to the extent of the exposure, the Office of Information Security’s manual review of potentially compromised data is expected to continue for some time. Those deemed to have been affected by the breach will be notified as the process moves forward. Read more.
Microsoft says it found 1,000-plus developers’ fingerprints on the SolarWinds attack
Microsoft president, Brad Smith, estimates that over 1000 developers were involved in creating the SolarWinds hack. Smith did not venture a guess of who those developers might be, but it compared that attack to operations that were done against Ukraine by Russia. Read more.
More cybersecurity news
Read more cybersecurity news and articles brought to you by Network Tigers.
About Network Tigers
Network Tigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, Network Tigers provides consulting and network equipment to businesses and individuals globally. www.networktigers.com
Contact Network Tigers
Mike Syiek, CEO
Network Tigers, Inc.
1029 S. Claremont Ave
San Mateo, CA 94402