Breach

January 8, 2021

Legal recourse? Nissan balances competitive and security fallout from source code leak

News that source code of Nissan North America tools leaked online because of a misconfigured Git server spurs questions not only about potential cyberattacks by bad actors, but also whether competitors could use the sensitive data against the automobile giant.

The post Legal recourse? Nissan balances competitive and security fallout from source code leak appeared first on SC Media.

January 8, 2021

CISA discovers token abuse around SolarWinds hack, calls for full rebuild of affected networks

The agency has found evidence of authentication token abuse in networks infected with corrupted versions of Orion software and say restoring integrity will require a full network rebuild in certain cases.

The post CISA discovers token abuse around SolarWinds hack, calls for full rebuild of affected networks appeared first on SC Media.

January 7, 2021

The physical breach of the Capitol building opens a cybersecurity pandora’s box

The incident, as well as the response among those on Capitol Hill tasked with securing government technology assets, serves as a dramatic and evolving case study for public and private sector entities on the scope of the cybersecurity risk tied to a physical breach.

The post The physical breach of the Capitol building opens a cybersecurity pandora’s box appeared first on SC Media.

January 5, 2021

SolarWinds hack poses risk to cloud services’ API keys and IAM identities

The SolarWinds hack endangers not just organizations' on-premises systems but also their cloud-based infrastructure.

The post SolarWinds hack poses risk to cloud services’ API keys and IAM identities appeared first on SC Media.

January 5, 2021

Fourth breach at T-Mobile puts focus on security of post mergers

T-Mobile reported a breach that compromised customer data – the company’s fourth in three years – raises questions about whether the mobile carrier’s massive merger with Sprint left the combined company more vulnerable. Indeed, when companies merge, particularly sizable ones, the integration of technology systems and networks can often introduce new security considerations. “The volume…

The post Fourth breach at T-Mobile puts focus on security of post mergers appeared first on SC Media.

January 4, 2021

SolarWinds, top executives hit with class action lawsuit over Orion software breach

Stockholders who purchased company shares in 2020 are suing the IT management software company for materially misleading investors about their security practices.

The post SolarWinds, top executives hit with class action lawsuit over Orion software breach appeared first on SC Media.

January 4, 2021

Microsoft doesn’t treat its source code like a trade secret. Is that smart?

In the course of investigating the impacts of the SolarWinds breach, Microsoft security specialists discovered “unusual activity” within a number of internal accounts, including one that was used to view the company’s internal source code.

The post Microsoft doesn’t treat its source code like a trade secret. Is that smart? appeared first on SC Media.

December 31, 2020

Non-profit founded by Gates Foundation suffers massive exposure of student records

An exposed AWS bucket left hundreds of thousands of student-related records exposed to the internet, but officials from the non-profit say most of the data was old and obsolete.

The post Non-profit founded by Gates Foundation suffers massive exposure of student records appeared first on SC Media.

December 31, 2020

The 2020 SolarWinds reality check: As cleanup continues, community considers implications

What might go down as the most consequential story of the year for the cybersecurity community only surfaced in December. And yet, experts predict years of clean up, both physical and political, and potential shifts in how the nation secures the supply chain.

The post The 2020 SolarWinds reality check: As cleanup continues, community considers implications appeared first on SC Media.