Google Drive Gets Security Enhancements*:
- Over one million paying companies are already using Google Drive, which the company is working to protect with the new updates.
- Google Drive received various security enhancements earlier this year, such as Rights Management, additional password recovery options, custom audit alerts, updated sharing controls, Password Alert, Whitelisted Domain sharing, and the Security Key.
- The new capabilities, which are expected to reach general availability in the coming months, will help enterprises meet legal obligations.
- Google also announced the addition of the new ISO/IEC 27018:2014 privacy standard to their compliance framework, which provides cloud providers with guidance on how to protect the personally identifiable information of their customers.
- Google Drive offers protection of company data on mobile devices with an updated Mobile Device Management.
- Google also announced new features in Gmail, now offering users the possibility to block specific email addresses and to unsubscribe from eligible mailing lists directly from the Gmail app.
*Source: Security Week, September 23, 2016
U.S. Navy Admits to Data Breach*:
- The US Navy has admitted to a data breach that exposed personal and sensitive information of 130,000 current and former sailors.
- The organization was initially made aware of the breach at the end of October by Hewlett Packard Enterprise Services.
- Sensitive information including names and Social Security Numbers (SSNs) of 134,386 sailors was accessed by “unknown individuals.”
- It will be informing all those affected within the next few weeks and is reviewing credit monitoring service options for affected sailors.
- Hewlett Packard Enterprise refused to elaborate on the nature of the compromise or how it was discovered.
- The US military is no stranger to data breaches and the huge hack on the US Office of Personnel Management exposed data on around 20 million people.
- The Army will be offering cash rewards to anyone who finds a vulnerability in public-facing Army websites.
*Source: Info Security, December 15, 2016
One Billion Users Exposed in Another Record Breach from Yahoo*:
- Security professionals slammed Yahoo for being careless with user information after the company disclosed it was the victim of a malicious intrusion in which data associated with more than one billion user accounts was compromised.
- The disclosure comes less than three months after Yahoo reported another intrusion in September involving 500 million accounts.
- Some legal experts believed Verizon would try to negotiate that price down, following the discolsure in September, citing a material adverse change clause in its pending agreement with Yahoo.
- Yahoo's newly disclosed breach happened in August 2013 and exposed names, email addresses, hashed passwords, dates of birth, phone numbers, and in some cases the security questions that people use to verify their identity.
- The August 2013 intrustino appears to be completely separate from the one Yahoo disclosed in September.
- The takeaway from this incident is that organizations need to be looking for intrusinos, expect that they will not always be discoverable and operate in a manner as to minimize losses in the event of an intrusion.
*Source: Dark Reading, December 15, 2016
Faketivists Could Play Havoc with Euro Elections in 2017*:
- Security experts are warning of a rise in so called “faketivists” – state sponsored operatives who take on the personas of solitary hacktivists in order to disseminate sensitive hacked material for political ends.
- One of the cyber intelligence firms which helped uncover Russian involvement in the Democratic National Convention (DNC), claimed the strategy has enabled governments to publicize information gleaned from APT campaigns whilst maintaining plausible deniability.
- The researchers claimed Fancy Bear and Cozy Bear (APT29) are linked to Guccifer 2.0, the ‘hacktivist’ who leaked hugely damaging Democratic Party emails which some said could have cost Hillary Clinton the election.
- Threat Connect’s evidence in this case relies partly on infrastructure used by the hacktivists, which has a lot in common with that used by APT28 and APT29
- Threat Connect concludes that faketivism may well rear its head during important European elections in 2017, with the US “serving as a playbook” for meddling in other countries’ democratic processes.
*Source: Info security Magazine, December 15, 2016