Secret CISO 9/30: MoneyGram's data breach, OpenAI drama affects users safety, Iranian spear phishing threat, and new research on router users' security awareness

Secret CISO 9/30: MoneyGram's data breach, OpenAI drama affects users safety, Iranian spear phishing threat, and new research on router users' security awareness

Welcome to today's issue of Secret CISO, your daily dose of the latest in cybersecurity news. Today, we're diving into a whirlwind of data breaches, security investments, and emerging threats. Meta is making headlines after being slapped with a hefty $102m EU fine for a security breach, a stark reminder of the importance of robust security measures. Meanwhile, Attorney General Michelle Henry has launched a new Data Breach Portal for Pennsylvanians, a proactive move in the face of increasing data incidents. In the corporate world, only 2% of organizations are fully implementing cyber resilience measures, with data protection/trust and cloud security being top investment priorities. MoneyGram is under investigation following a data breach, and Amazon has emerged victorious in a recent case, setting a precedent for future data breach prosecutions.

On the global stage, security agencies from the UK and US are warning of a growing Iranian spear phishing threat, while Cameroon's pension fund downplays a recent ransomware attack. In the realm of technology, we explore data security best practices for Cloud CRM systems, the value of security investments for business growth, and the balance between understanding threats and responding to them. Plus, a new vulnerability in Kia's system enables remote access to millions of cars using just a license plate.

Finally, we delve into the world of research, with new studies revealing the key to identifying ransomware attacks, the urgent need for investment in global water security, and the potential vulnerabilities in AI APIs. Stay tuned for more updates and insights in the ever-evolving world of cybersecurity. Stay safe, stay informed.

Data Breaches

  1. Meta Fined for Security Breach: Meta was fined $102 million by the EU for a security breach involving the storage of passwords in plain text, a basic security measure neglect. Source: FinTech Global
  2. MoneyGram Under Investigation Following Data Breach: MoneyGram is under investigation by the ICO following a data breach reported by the company. The extent of the breach is yet to be determined. Source: Computing UK
  3. Cameroon's Pension Fund Data Breach: Cameroon's National Social Insurance Fund reported a data breach, which they claim to be inconsequential. The impact of the breach is still under review. Source: ITWeb Africa
  4. Chile's CCU Loses Data in Cybersecurity Breach: Compañía de Cervecerías Unidas (CCU) reported a cybersecurity breach that impacted its IT systems in South America. The extent of the data loss is yet to be determined. Source: Wine Business
  5. Services Australia Reports Breach Spike: Services Australia reported a 330% increase in breaches, with stolen account details being the primary cause. The agency is working on mitigating the issue. Source: Information Age | ACS

Security Research

  1. New Critical Password Warning—86% Of All Router Users Need To Act Now: A recent study reveals that a staggering 86% of broadband users are unaware of the cybersecurity measures of their devices, emphasizing the need for increased user education on device security. Source: Forbes
  2. Critical printing system bugs affect hundreds of thousands of Linux machines: Security researcher Simone Margaritelli has disclosed several unpatched vulnerabilities affecting Linux systems, highlighting the need for immediate patching and system updates. Source: Cybernews
  3. New Research Reveals Windows Event Logs Key to Identifying Ransomware Attacks: JPCERT/CC has identified that Windows Event Logs can be crucial in identifying ransomware attacks, providing a new tool for cybersecurity professionals. Source: Cybersecurity News
  4. Urgent investment needed to tackle global water security: A new study by researchers at the Advanced Science Research Center at the CUNY Graduate Center identifies regions most vulnerable to water security issues, calling for urgent investment in these areas. Source: Innovation News Network
  5. ChatGPT's New Memory Feature Raises Security Concerns Over Manipulation and False Information Storage: Security researcher Johann Rehberger has identified vulnerabilities in ChatGPT's new memory feature, raising concerns over potential manipulation and false information storage. Source: Times Now News

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO! We've covered a lot of ground, from the drama at OpenAI to the hefty fine Meta had to pay for a security breach. We've also delved into the importance of data protection and the alarming fact that only 2% of organizations fully implement cyber resilience measures. Remember, in the world of cybersecurity, knowledge is power.

So, stay informed, stay vigilant, and most importantly, stay secure. If you found this newsletter helpful, please consider sharing it with your friends and colleagues. Let's work together to create a safer digital world. Until next time, keep your data close and your security settings closer. Stay safe out there!

Read more

Secret CISO 10/7: Comcast, Truist, T-Mobile Breaches, Dutch Police Data Exposed, CISA Warning, Matru Poshan App Breach, USAA System Error, Cybersecurity Misconceptions Debunked

Secret CISO 10/7: Comcast, Truist, T-Mobile Breaches, Dutch Police Data Exposed, CISA Warning, Matru Poshan App Breach, USAA System Error, Cybersecurity Misconceptions Debunked

Welcome to today's issue of Secret CISO, your daily dose of cybersecurity insights. Today, we navigate the fallout of recent data breaches and the essential steps healthcare companies should take to bolster their security programs. We'll delve into the FBCS breach that impacted Comcast and Truist,

By Secret CISO
Secret CISO 10/5: China-linked breach hits U.S. wiretap systems, Hezbollah data breach tops cybersecurity events, Google's Pixel 9 Pro XL privacy flaws under scrutiny

Secret CISO 10/5: China-linked breach hits U.S. wiretap systems, Hezbollah data breach tops cybersecurity events, Google's Pixel 9 Pro XL privacy flaws under scrutiny

Good morning, Secret CISO readers! Today's newsletter is packed with some serious security breaches and data leaks that have been making headlines. Starting off with a major security breach linked to China, U.S. wiretap systems have been targeted, compromising the networks of U.S. broadband providers. This

By Secret CISO