Fine for failing to protect own data
The English company Interserve Group has to fear a 4.4 million pounds fine from the Information Commissioner Office (ICO). In May 2020, the mentioned company was victim of a phishing attack of an unknown group. 113.000 financial and personal data from current and former employees were stolen. The government has decided that the company failed to put enough effort to protect their employees and enforces that statement with the fine.
Interested in knowing more? Feel free to have a look at the sources below:
- Gone phishing: UK data watchdog fines construction biz £4.4m for poor infosec hygiene (theregister.com)
- Interserve handed £4.4m fine for failing to act on data breach (techmonitor.ai)
Attackers are abusing the information chaos on Twitter. The attacks are directed against users with a verified account. Those accounts receive an e-mail from a fake Twitter support and are threatened with monthly fees or losing their verification status. According to the phishing mail, the only way to stop this, is to reconfirm the accounts. To do this, the victims only have to click on a link, which leads the users to a scam site. On this page, the login data and phone number have to be entered. If a victim follows the instructions, their account will be automatically hijacked by the attacker.
Hard to believe? Here are the sources:
- Verified users beware! Scammers are exploiting Twitter turmoil caused by Elon Musk’s takeover (tripwire.com)
- New phishing warns: Your verified Twitter account may be at risk (bleepingcomputer.com)
OPENSSL Patch 3.0.7
The widely used open-source project OPENSSL released a fix on November 1st for two high rated vulnerabilities, CVE-2022-3786 and CVE-2022-3602.
- The first vulnerability can be triggered with a malicious email address which leads to a buffer overflow and a resulting Denial of Service (DoS).
- The second vulnerability is also taking advantage of a buffer overflow, but the attacker can use it to not only perform a DoS-attack but also to enable remote code execution.
Both vulnerabilities were closed in the latest release of OPENSSL.
For more insights on the OPENSSL patch 3.0.7, check the official news: Vulnerabilities (openssl.org).
Is cybersecurity a topic of interest for your company? As an independent entity with a portfolio of proven security providers, CyberCompare can provide you with comparative offers at no charge and with no obligation. Reach out to us or use our diagnostic to learn more about your cyber risk profile.
Please remember: this article is based our knowledge at the time it was written – but we learn more every day. Do you think important points are missing or do you see the topic from a different perspective? We would be happy to discuss current developments in greater detail with you and your company’s other experts and welcome your feedback and thoughts.
And one more thing: the fact that an article mentions (or does not mention) a provider does not represent a recommendation from CyberCompare. Recommendations always depend on the customer’s individual situation.