Week in Review: New York Times theft, Club Penguin hack, NHS wants blood
Jun 14, 2024
auto_awesome
Guest Janet Heins, CISO at ChenMed, discusses incidents like New York Times source code theft, Disney data breach, and NHS cyberattack. Importance of robust security measures and public awareness highlighted. Multifactor Authentication stressed to prevent cyber risks and ransomware attacks. Town recovery and audience engagement also explored.
Importance of securing access to repositories to prevent data breaches
Segmenting data access and conducting security assessments for breach prevention
Enhanced security measures needed in healthcare facilities to protect patient data
Deep dives
New York Times Source Code Stolen Using Exposed GitHub Token
The New York Times source code, including IT documentation, was stolen from GitHub repositories. This breach also exposed PII for video freelancers. The incident stemmed from inadvertently making credentials public, highlighting the importance of secure software development. Companies must prioritize securing access to repositories to prevent such data breaches.
Angry Club Penguin Hackers Allegedly Steal Disney Data
Club Penguin hackers accessed Disney data, including information on Disney Plus and internal tools, through a Confluence server. This breach showcased the risk of unexpected data exposure during cyber attacks. Lessons focus on segmenting data access and conducting proper security assessments to prevent unauthorized breaches.
NHS Suffers Blood Shortages After Cyber Attack
The UK's NHS faced a cyber attack impacting blood supplies and medical services. This incident highlights the vulnerability of healthcare facilities to cyber threats. The need for enhanced security measures and critical infrastructure protection is emphasized to ensure uninterrupted patient care and data security.
Threat Actor UNC5537 Compromising Organizations through Snowflake
Mandiant warned of UNC5537 targeting organizations via Snowflake, compromising data and extorting victims. Factors like lack of MFA and credential rotation contributed to successful breaches. Organizations need to strengthen security measures and prioritize proactive security practices to defend against evolving cyber threats.
Increase in Federal Cybersecurity Incidents Highlighted in White House Report
US federal agencies reported a rise in cybersecurity incidents, including phishing and improper usage cases. Major breaches impacted agencies like the Department of Health and Human Services. The incidents underscore the urgent need for enhanced security protocols and investments in cybersecurity to safeguard critical government infrastructure.
Arlington, Massachusetts Loses $445,000 in Social Engineering Scam
Arlington fell victim to a social engineering scam, resulting in a financial loss. Cybercriminals compromised employee accounts to request payment method changes. This incident demonstrates the ease of lateral movement in organizations, emphasizing the importance of employee awareness and stringent security measures to combat social engineering attacks.
Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines.
All links and the video of this episode can be found on CISO Series.com
Get the Snipd podcast app
Unlock the knowledge in podcasts with the podcast player of the future.
AI-powered podcast player
Listen to all your favourite podcasts with AI-powered features
Discover highlights
Listen to the best highlights from the podcasts you love and dive into the full episode
Save any moment
Hear something you like? Tap your headphones to save it with AI-generated key takeaways
Share & Export
Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more
AI-powered podcast player
Listen to all your favourite podcasts with AI-powered features
Discover highlights
Listen to the best highlights from the podcasts you love and dive into the full episode