Cybersecurity News Bulletin

Welcome to our first Cyber Security News bulletin of 2023.

If the first week of the year is anything to go by, it’s safe to say that 2023 is going to be very interesting from a security point of view.

  

Latest cybersecurity news

Hot off the presses; Twitter has been subject to another data breach, resulting in the personal information of over 200 million users, including their email addresses, being dumped on the dark web for free on January 4th. The information released to the dark web can be used to identify users names, locations, and other personal information.

Article Link: https://www.darkreading.com/application-security/200m-twitter-profiles-dumped-dark-web-free-including-emails 

It appears that the hackers gleaned the information by a combination of data scraping and abuse of the Twitter API. The lack of adequate API security is surely a cause for concern for Twitter but this far they have made no comment. The new management structure at Twitter and rapid layoffs in the last quarter are surely contributing to this issue.

  

Landmark Fine for Meta Platforms Ireland Limited 

This week the Data Protection Commission (DPC) in Ireland concluded their inquiries into the data processing operations of Meta Platforms Ireland Limited in relation to the delivery of their Facebook and Instagram services.

It had been a prolonged investigation which ultimately brought their inquiry decisions to the European Data Protection Board (EDPB). Meta has been fined €210 million for their Facebook activities and €180 for their Instagram activities which they found were not compliant with GDPR legislation. 

For the full ruling, which also includes the announcement that the EDPB has directed the DPC to conduct a fresh investigation into all of Meta’s data processing operations, please read here: https://dataprotection.ie/en/news-media/data-protection-commission-announces-conclusion-two-inquiries-meta-ireland 

  

Data Breach Information

• In the US as many as 1,981 schools, 290 hospitals, 105 local governments, and 44 third level institutions were hit with ransomware attacks during 2022 alone.
• The Bluebottle signed malware attack targeting the French-speaking African bank sector has stolen nearly $11 million in the past year.
• If you use a Netgear router you should update it immediately. They have issued a number of hotfix updates so that you can secure your wifi service from known vulnerabilities.

  

Hot topic of the month

It’s the perfect time to clear out all those easily-hacked passwords that you use both at work and in the home. If you think your passwords cannot be breached well then read this article on the world’s most common passwords in use. It also has helpful steps to take if yours is on the list.

For many organisations, a commonly used password can be the chink in their security armour.

 

How our experts can help

Identifying cybersecurity vulnerabilities without the input of an expert can be a difficult task.

At Secora Consulting, our experts provide a range of services that can help you to assess the security of your organisation. Our cybersecurity assessment focuses on gaining an insight into weaknesses in your organisation's current security posture which may make you vulnerable to the most common cyber-attacks.

Our baseline assessments focus on quickly bringing your systems in line with best practices by identifying missing patches and known issues in your systems. If you are interested in a more in-depth assessment of your infrastructure, ask us about our penetration testing services, where we will identify and exploit vulnerabilities in your network, showing just how far an attacker could get.

Get in touch with us today to discuss your specific requirements.