With cyber threats constantly on the rise, staying informed about the latest news and developments in the field is essential for maintaining digital safety. Because of this, cybersecurity remains a critical concern for organisations, governments, and individuals. In this blog post, we will explore the top cybersecurity news stories from this week, shedding light on significant events, and noteworthy security incidents.
This week it has been revealed that Fujitsu leaked sensitive data unnoticed for a year, UK SMEs are likely targets for cyber threats, and a threatened royal hospital data leak.
Fujitsu Spilled Private Client Data, Passwords into the Open Undetected For A Year
A researcher affiliated with the Dutch Institute for Vulnerability Disclosure has revealed that Fujitsu inadvertently exposed private AWS keys, client data, and plaintext passwords for nearly a year. According to Jelle Ursem, Fujitsu had left a public Microsoft Azure storage bucket named "fjbackup" accessible to anyone who stumbled upon it, containing a wealth of sensitive information. This included a comprehensive mailbox backup containing thousands of emails, detailed records of client activities and teams, a CSV file of passwords extracted from the LastPass password manager, numerous Microsoft OneNote files containing extensive customer information, including details about Centrica and Dutch water utility PWN, which serves 1.7 million customers, among others.
One way to mitigate vulnerability risk is to implement Attack Surface Management solutions to scan, manage and detect vulnerability.
UK SMEs Are Leaving Themselves Open to Cyber Threats
A survey has revealed that small and medium-sized enterprises (SMEs) in the UK are deficient in implementing best practice cybercrime protocols and are significantly ill-equipped to respond to incidents, with only 19% having a recommended cyber incident response plan (IRP) in place. Among the survey's most concerning findings is that 77% of UK SMEs do not possess any in-house security measures.
To find out more about securing SMEs, read this post.
Criminal Investigation Into Leicester City Council Cyberattack
Leicester City Council's systems have been disrupted by a cyberattack for over a week, prompting the initiation of a criminal investigation. The council have refrained from providing details about the incident during the ongoing investigation. It also indicated that it couldn't confirm whether there had been a data breach involving personal information of staff or residents. Since March 7th, both systems and phone lines have been offline. The council stated last week that it was collaborating with cyber-security and law enforcement partners to restore functionality.
Kate Middleton at Centre of Huge Security Breach
This week, the hospital where Kate Middleton received treatment for an abdominal condition is embroiled in a significant security scandal following reports of staff attempting to access the Royal's private medical records. The London Clinic has initiated an investigation after allegations surfaced that at least one staff member attempted to access the royal's notes. This attempted breach highlights the importance of privileged access management, which tools like Privileged Access Guard can help with.
Iran May Attack US Water Supplies, Warns Biden Administration
Amid escalating tensions in the Middle East, the Biden administration has cautioned that Iran is prepared to target US drinking water supplies. Jake Sullivan, National Security Adviser to President Joe Biden, issued a warning to state governors, urging them to remain vigilant against potential cyberattacks on their critical infrastructure systems. The advisory letter, jointly authored by Michael Regan, Administrator of the US Environmental Protection Agency, was released to the public on Tuesday.
IMF hit by cyberattack
On March 15, the International Monetary Fund disclosed that it had experienced a cyberattack in February. According to the IMF's statement, the cyber incident was detected on February 16, with an investigation revealing that 11 email accounts had been compromised. The IMF stated that these accounts have since been "re-secured," adding that there is currently no indication of further compromise beyond these accounts. The investigation into the incident is ongoing.
The insurance and finance industry are high targets for cybercriminals. Read more here.
Remaining well-informed about the latest developments in the industry is paramount in combating cybercrime. By staying abreast of relevant news, leaders can make informed decisions, proactively implement security measures, and effectively protect their organizations from cyberattacks. Maintaining a vigilant mindset, adhering to best practices, and leveraging cutting-edge technologies are all essential elements in constructing a secure digital future.