Bitglass Security Spotlight: US Government Breaches Abound

By Jacob Serpa, Product Manager, Bitglass

man reading cybersecurity headlines in newspaperHere are the top cybersecurity headlines of recent weeks:

— breached
—US weapons systems contain cybersecurity gaps
—Over 35 million US voter records for sale
—National Guard faces ransomware attack breached

75,000 people had their personal details stolen when hackers breached a government system that is frequently used to help individuals sign up for healthcare plans. Obviously, the information contained in the system was highly sensitive; for example, Social Security numbers. There are plans in motion for helping those affected through services like credit protection.

US weapons systems contain cybersecurity gaps

A new report finds that American weapons systems contain cybersecurity vulnerabilities. The US Department of Defense is reported to have neglected best security practices in these systems. These security gaps are described as being “mission-critical.”

Over 35 million US voter records for sale

An online forum that is well known for selling information exposed in data breaches was recently found to boast more than 35 million US voter records. Exposed data includes names, phone numbers, physical addresses, and much more belonging to residents of 19 states. Unfortunately, the accuracy of these private details was confirmed by experts. As such, anyone can purchase this sensitive information whenever they please.

National Guard faces ransomware attack

In Indiana, the National Guard was recently the victim of a ransomware attack. A system housing the personal details of military personnel and civilians was compromised in the event. The good news is that the attack is not believed to be a part of a coordinated assault on the National Guard – the organization was supposedly not specifically targeted. Regardless, information was exposed.

To learn about cloud access security brokers (CASBs) and how they can protect your enterprise from ransomware, data leakage, misconfigurations, and more, download the Definitive Guide to CASBs.

Bitglass Security Spotlight: Twitter, PyRoMine, & Stresspaint

By Jacob Serpa, Product Marketing Manager, Bitglass

man holding coffee cup and reading newspaper cybersecurity industry newsHere are the top cybersecurity stories of recent weeks:

—Twitter exposes user credentials in plaintext
—PyRoMine mines Monero and disables security
—Stresspaint malware hunts Facebook credentials
—MassMiner malware mines cryptocurrency
—Access Group Education Lending breached

Twitter exposes user credentials in plaintext

Despite the fact that Twitter doesn’t store or display users’ credentials in plaintext, the social media company recently had a security mishap. Passwords were stored in internal logs before they were successfully obfuscated, exposing them to employees in plaintext. While the information wasn’t made viewable to outside parties, it’s still a cause for concern for Twitter’s users.

PyRoMine mines Monero and disables security

New malware, PyRoMine, leverages a host of previously disparate capabilities featured in other strains of malware. For example, it uses NSA exploits while mining Monero, a cryptocurrency. Malware is continuing to grow more sophisticated, compelling organizations to adopt advanced anti-malware solutions.

Stresspaint malware hunts Facebook credentials

Disguised as a stress-relieving paint program, Stresspaint is a piece of malware that is attacking users in an attempt to gather their Facebook credentials. In particular, the malware is targeting influential users – those who manage Facebook pages or have numerous friends and followers. It is primarily distributed through emails and messages on Facebook.

MassMiner malware mines cryptocurrency

MassMiner is the latest in a slew of malware strains that engage in malicious cryptomining. This threat seeks to take advantage of known vulnerabilities in order to commandeer web servers and mine Monero – which continues to be a common target in malicious cryptomining.

Access Group Education Lending breached

Unfortunately for those who have used the organization’s services for their student loans, Access Group Education Lending has been breached. Nearly 17,000 borrowers had their information exposed when a loan processing vendor working for the group shared their information with an unauthorized, unknown company.

Fortunately for the enterprise, cloud access security brokers (CASBs) can defend against zero-day malware and countless other threats. To learn more, download the Zero-Day Solution Brief.