The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Friday Five: 5/13 Edition



It’s Friday! Catch up on the top infosec headlines with our weekly news roundup.

1. TalkTalk's Profits Halve After Breach by Phil Muncaster

Over the course of the past year or so, TalkTalk has faced several major data breaches, resulting in a stunning $88 million cost of breach. Unfortunately, that was not the only financial setback to result from the breaches. In preliminary financials for FY16, the UK ISP claims that TalkTalk’s pre-tax profits fell from £32 million in the previous year to £14 million. In Q4, TalkTalk lost about 7% of its broadband customers. Though the numbers don’t seem excessive, they speak more to the difficulty of switching providers than about brand loyalty. TalkTalk’s post-breach financial struggles serve as a warning to other companies who may not take cybersecurity protocols as seriously. Read the full article on Infosecurity Mag.

2. Microsoft Windows Zero-Day Exposes Companies to Credit Card Data Theft by Charlie Osborne

A zero-day vulnerability found in the win32k Windows Graphics subsystem allowed for a group of cyber criminals to attack over 100 US companies. The vulnerability affected several Windows systems and servers, including Windows Vista, Windows 10, and Windows Server 2012. The companies were targeted with spear phishing campaigns containing malicious Microsoft Word documents with embedded macros that would execute a downloader called Punchbuggy, a dynamic-link library (DLL) downloader that transports malicious code via HTTPS. Also using Punchtrack, a PoS memory scraping tool, the group was able to steal both track 1 and 2 credit card data stored in PoS systems used by the companies. Read the full article for more on this attack.

3. Ransomware Warning Issued to Congress Following Attack by Michael Heller

Facing scrutiny across several industries, ransomware is a hot topic in the security world right now. Unsurprisingly, ransomware is making news in the government circles. Most recently, the House chief administrative officer (CAO) has sent an email to Congress warning them of ransomware attacks via phishing campaigns. He stated that third-party Web mail services are primary focuses for the attacks, and currently, Yahoo Mail is officially blocked on the House network. This issued warning is indicative of the necessity for proper employee training and using methods that empower them when social engineering is used as a vector of entry. Head to SearchSecurity to read the full article.

4. Wendy’s Comes Clean on Data Breach by Tom Spring

In its Q1 FY16 SEC filings, Wendy’s, the American fast food chain facing a class action lawsuit on behalf of the customers whose credit card data were stolen after a data breach, disclosed that the PoS attack had affected 300 of its franchise restaurants. That’s about 5% of the company’s total North American restaurants. The initial breach was said to have occurred in October of 2015, but the chain was unable to neutralize the attack until March of this year, gaining Wendy’s much criticism. Banks and credit unions complain that five months is an irresponsibly long time, and though Wendy’s stock took a tumble, it’s yet to be seen if there will be long-term financial effects on Wendy’s Wall Street performance. Read the full article for more on Wendy’s story.

5. Crooks Grab W-2s from Credit Bureau Equifax by Brian Krebs

Following ADP’s recent bout with identity thieves, big-three credit bureau Equifax faced a similar breach. Hackers accessed Equifax’s W2Express site and stole tax and salary data from employees of Kroger, one of the nation’s largest grocery chains by revenue. Around 431,000 employees may have been compromised. Earlier this year, both Stanford and Northwestern University reported that hackers had stolen employee data via Equifax. The identity thieves likely used previously compromised Social Security numbers and birthdates, which was all the information they needed to figure out employee default PINs, giving them access to the W2Express site. Read the full article for more information on the breach.

Ellen Zhang

ANALYST REPORTS

Gartner 2017 Magic Quadrant for Enterprise Data Loss Prevention (DLP)

Ellen Zhang

Ellen is the Acquisition Marketing Manager at Digital Guardian, with nearly half a decade of experience in the cybersecurity industry. As the company's SEO and PPC manager, Ellen has spent numerous hours researching information security topics and headlines.