The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Friday Five 8/27

by Chris Brook on Friday August 27, 2021

Contact Us
Free Demo
Chat

Tech companies pledge billions to bolster security, a ransomware group shuts down, and the top data breach culprits - catch up on the infosec news of the week with the Friday Five!

1. Data Breach Culprits: Phishing and Ransomware Dominate by Mathew J. Schwartz

The Information Commissioner's Office's quarterly reports are chockfull of interesting data but it's historically a lot to parse through. Thankfully, BankInfoSecurity's Mathew J. Schwartz does that from time to time.  The ICO, for those not in the know, is in charge of data protection in the UK. According to their most recent report, phishing and ransomware are largely to blame for breaches in the country; there were responsible for 284 reports and 144 reports in Q2. The graph posted below does a good job identifying trends over the last year or so. Also, Schwartz digs into some of the more notorious breaches from Q2 in the UK, military documents and leaked video footage.

Read more

2. White House rolls out pipeline, supply chain security initiatives as companies pledge billions in cyber spending by Tim Starks

In what might the week's biggest news, aside from CISA warning about the Microsoft ProxyShell vulnerabilities being exploited in the wild, was the cybersecurity summit held at the White House on Wednesday. Cyberscoop has a piece on the takeaways, including plans to strengthen supply chain and natural gas pipeline security following last year's SolarWinds hack and this year's Colonial Pipeline ransomware attack. Of course, the major headlines from the summit came Thursday, when it was disclosed tech companies like Microsoft and Google were fronting billions of dollars the former $20 billion, the latter $10 billion, to better incorporate security into products.

Read more

3. What To Know About The Spying Scandal Linked To Israeli Tech Firm NSO by Daniel Estrin

Another solid piece here via NPR's Daniel Estrin recapping Israel's NSO and its spyware Pegasus, which in case you missed it, has been embroiled in some controversy as of late. Estrin does a good job going over the story so far, gives a brief history of NSO, and how the Pegasus Project's reports have played out in Israel and on the broader tech world stage.

Read more

4. Ragnarok ransomware releases master decryptor after shutdown by Ionut Ilascu

As we said two weeks ago, with ransomware, you have to celebrate the tiny victories. A tiny glimmer of hope came this week for users who may have had their files encrypted by the Ragnarok ransomware as the group behind it have called it quits. The news comes only a few weeks after another group, SynAck, rebranded and released the master decryption keys for victims. While some users automatically think it's game over after their machine has been hit by ransomware, if you're patient, decryption keys could someday become available.

Read more

5. Java deserialization vulnerabilities explained and how to defend against them by Ax Sharma

Okay, not a news item but an interesting feature story here, via CSO's Ax Sharma on java deserialization vulnerabilities. It's a helpful explainer how how data serialization figures into applications, how unsafe object deserialization vulnerabilities occur and how to protect against them. It's a lengthy piece but a good crash course into the topic with plenty of extra links to examples, applicable research, and a GitHub repository that could help pen testers and researchers.

Read more

Tags: Data Breaches, Government, Ransomware

Recommended Resources


  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.