Facebook in hot water - again - over data sharing, the importance of hiring a CISO, and blockchain voting - catch up on the week's infosec news with this roundup!
1. Facebook Acknowledges It Shared User Data with 61 Companies by Catalin Cimpanu
Facebook released a 747-page document (.PDF) to the US House of Representatives Energy and Commerce Committee late last Friday that detailed how it gave 61 companies one-time access to Facebook users’ information in order to update their apps to comply with a Terms of Service change pushed in 2015. The six-month extension for these 61 companies had restrictions regarding what type and how much data they could access from Facebook users. Facebook did not specify whether any of these companies abused this access. It also claimed to be unaware whether companies were able to harvest information from Facebook users or their friends. Data that could have been obtained information like a user's name, gender, birthday, location, photos, and page likes.
2. Cybersecurity Remains Non-Core Competency for Most C-suite Executives by Help Net Security
The number of cyberattacks on companies with large amounts of sensitive data are rising. While many companies have hired a CISO to create a plan against hackers, according to a recent study, some have fallen behind in doing so. A majority of the CISOs at companies surveyed said they do not report directly to the CEO. The disconnect this creates can be detrimental when all employees and executives are not aware of the proper strategies the company is taking to detect and prevent cyberattacks. Read more from Help Net Security on how important it is to hire a CISO and how critical it is to have that person be in direct contact with the CEO.
3. Hackers Target Cryptocurrency Investors Using MacOS by Ian Murphy
A new type of malware is targeting people who use chat services to talk about cryptocurrency. Recently a security researcher discovered Slack and Discord chats that were related to cryptocurrency were being invaded by fake accounts trying to get people to download the malware, OSX.Dummy, onto their MacOS computers. According to reports, the malware is unsophisticated and is only targeting a very small number of people. It has been successful however and ultimately tricks people into bypassing the devices' security warnings. Read more about OSX.Dummy and how you could be susceptible to a malware attack on your own MacOS computer.
A History of Ransomware Attacks: The Biggest and Worst Ransomware Attacks of All Time
4. Ransomware: Not Dead, Just Getting a lot Sneakier by Danny Palmer
Recent reports from Kaspersky Lab suggest that ransomware attacks have dropped off around 30% over the past year. While this is a large difference from the previous year, threats like ‘cryptojacking’ and ransomware continue to ask companies for payout in cryptocurrency. Although there has been a solid decline in the amount of attacks, some companies are still feeling the effects of more subtle but advanced ransomware attacks. In some cases, such as GandCrab ransomware, they are taking efforts to the extreme by specifically targeting certain companies that will have higher stakes and need the encrypted software deactivated immediately to continue operations. GandCrab's authors are reportedly updating and patching the ransomware almost every day to fix bugs and keep it running.
Even though attacks have gone down significantly since WannaCry, cryptojacking ransomware attacks are quietly harming companies, showing organizations still need to be on the lookout and be proactive in the fight against ransomware.
5. Blockchain Voting Notches Another Success – This Time in Switzerland by David Meyer
While many people think of blockchain technology as something directly related to cryptocurrency, there are many different realistic uses for it. The world is now seeing more and more of how blockchain can be used in society for other things. We see this happening in Switzerland, where they are attempting to use the technology for voting purposes. Over the past two weeks in Zug, Switzerland, the citizens voted via smartphone with the town’s newly developed electronic ID system. The trial was reported as very successful and easy to use from citizens who took part. The trend to incorporate blockchain technology into everyday uses is becoming more widely accepted and attempted, and Switzerland showcased another example of this.