A DDos attack on Portland-based company Cedexis, which helps in speed delivery of content, knocked out several major French news websites including Le Monde and Le Figaro. A DDoS attack makes online services unavailable by overwhelming the target site with unexpected traffic from multiple sources. “At approximately 2 pm GMT, the Cedexis infrastructure came under a unique and sophisticated Distributed Denial of Service (DDOS) attack,” the company said in a statement. “This attack caused a partial but widespread outage that affected many of our customers. Our customers are our number one priority and at this time, the attack is being mitigated, and services are being restored,” it added.
Some Mac users may have fallen victim to a new Mac malware called Proton. Over the weekend, the malware infected unsuspecting users by hitching a ride on a trusted server that hosted downloads for HandBrake, a popular DVD ripper and media encoding program. The malware provides a backdoor for malicious activity, such as stealing stored files. At the point of propagation, none of the 55 most widely-used antivirus services detected Proton. As of writing, the VirusTotal tracking website showed only 12 services that are capable of picking up on the new malware. Researcher Patrick Wardle has plenty of other Proton details listed on his blog.
A round of malware has hit the inboxes of Australians on Wednesday morning posing as Origin Energy bills. The emails, which appear to be genuine bills from the electricity and gas utility, contain a direct link to a malware payload in the form of a JavaScript dropper and will install malicious files like keyloggers. The emails use the subject line “Your Origin electricity bill” and ask for a different amount ranging from $300 to $800 due on 16 May.
Medical records of at least 7,000 people compromised in a data breach involving Bronx Lebanon Hospital Center in New York disclosed patients’ mental health and medical diagnoses, HIV statuses and sexual assault and domestic violence reports, according to records reviewed by NBC News. Other information in the compromised records, which online security experts said spanned 2014 to 2017, included names, home addresses, addiction histories and religious affiliations.
President Donald Trump has signed his long-promised executive order on cybersecurity – and it says the executive branch will take overall command of securing America’s critical IT systems. During his campaign, Trump promised a missive on cybersecurity within 90 days of taking office, but delayed the signing in late January. Now, 111 days after swearing to protect and uphold the constitution of the United States, the order has been signed, and it signals that Trump intends his staff to take command.
The following are several tips any organization can utilize for data leak prevention:
Data leaks can occur through many avenues, including unauthorized access to databases, employee negligence or other security breaches. Due to the many ways information loss can happen, companies should be prepared to prevent data leakage at all costs.
The following are several tips any organization can utilize for data leak prevention:
1) Prepare ahead of time
Companies should recognize the data and systems in need of the most protection and employ data loss prevention systems to ensure the safety of their sensitive information, according to a recent report from The Wall Street Journal. Furthermore, thorough background checks should be completed on employees before giving them high level access to secured information.
2) Monitor access and activity
Businesses should keep a close eye on what information is being shared with partners, suppliers and customers, according to Computerworld. Since many companies have a multitude of endpoints, it is vital to monitor the traffic on all networks.
Administrators should especially watch databases, which can contain extremely sensitive information that would be especially damaging to a company if leaked. Computerworld suggested employing database monitoring tools which enable businesses to supervise database access and activity. Such software monitors and notifies administrators of certain database activity, including when an employee downloads, copies, deletes or modifies any information.
3) Encryption
If they have not already done so, organizations should put all sensitive information under the protection of an encryption code, stated Computerworld. While Dark Reading pointed out that some encryptions can blind certain gateway security products, tech-savvy employees can utilize encrypted network transmission methods like SSH/SCP to prevent this problem.
4) Lock down the network
Two of the most common ways data is leaked are through email and the Web, and thus these should be a primary focus for data leak prevention, Dark Reading stated. Whether it’s an employee who accidentally sent an email to the wrong address or a malicious hacker accessing information through a Web portal, having network security that covers these channels is absolutely vital.
5) Endpoint security
In today’s technological age of BYOD, where more employees utilize personal mobile devices for work purposes, endpoint management is an essential part of company security. Computerworld stated businesses should have the ability to centrally control and monitor personal devices connected to corporate networks.
Industry expert Alex Bakman said without such endpoint protection, data breaches can go unrecognized for a long time.
