Due to ongoing high-profile data breaches, cybersecurity is a trending topic in all
kinds of media. It is imperative that information security executives are updated
about the incidents around them. Read on for the most important cybersecurity
stories of the last week.
6Unprotected servers expose 24 million documents
An unprotected Elasticsearch server exposed more than 24 million financial and banking documents online. According to the security researcher Bob Diachenko and online publisher TechCrunch, the exposed server contained highly sensitive data of thousands of individuals who took mortgages over the past decade with the U.S. banks and other financial institutions.
Bob Diachenko stated that he identified the unprotected server on January 10, 2019, which contained 24,349,524 credit and mortgages reports in 51 GB size. The server was taken offline and the data was secured on January 15, 2019, after Diachenko reported the incident to the server’s vendor.
5Technical glitch leaks data of 141 international airlines’ fliers
A bug in the Amadeus online ticket booking system exposed passengers’ private data, allowing potential attackers to view and change information. According to the security researcher Noam Rotem at Safety Detective research labs, the security flaw could let anyone manipulate someone’s ticket reservation for any airline which has used the Amadeus reservation system.
Amadeus is one of the largest reservation systems that serves around 141 airlines including customers of British Airways, Air France, Icelandair, United Airlines, Lufthansa, Air Canada, and Qantas. The company provides searching, pricing, booking, ticketing, and other processing services to international travelers and travel agencies.
4Plexal announces two global partnerships
Global cybersecurity hub Plexal recently announced partnerships with the Global Cyber Alliance (GCA), City of New York, and the New York Economic Development Corporation. The East London-based co-working space and innovation center stated the new partnerships will help the cybersecurity companies under its umbrella to scale globally.
Plexal claims that it provides consultation and demo opportunities for cybersecurity startups through its hub in East London. Plexal also delivers LORCA, a cybersecurity program backed by United Kingdom government, through its cybersecurity innovation hub.
3Human error exposes 20,000 BlackRock’s financial advisers’ information
BlackRock, an investment management company, recently revealed that it suffered a data breach that exposed personal information of around 20,000 of its financial advisers, including 12,000 members in the U.S. independent broker-dealer LPL Financial. The American based corporation stated that the exposed information included names, email addresses, and other sensitive information. BlackRock is a global investment management corporation based in New York City. The company provides various asset, financial and risk management services to customers.
LPL Financial stated it informed its advisers that BlackRock posted details about some of them on its website. It said that data leak affected the advisers who do business with BlackRock’s iShares exchange-traded funds unit.
2Survey finds most Americans are wary of cybercrime
PRNewswire: ERP Maestro, provider of automated and cloud-based controls for access, security and GRC, recently released The Inevitability of Cybercrime, results from a December 2018 survey examining the relationship Americans have with cybercrime and identity theft. The responses revealed that 76 percent of Americans believe they will inevitably become a victim of cybercrime, while 68 percent of cybercrime victims don’t believe they could have prevented the crime from happening.
1Name and shame companies with poor cybersecurity practices: Researchers
A cybersecurity research group from the King’s College London notified the UK government to name and shame the companies that fail to protect consumers’ valuable data.
In its latest report dubbed UK Active Cyber Defence: A public good for the private sector, the research team urged the government to publish the details of companies that are not taking necessary steps to keep users’ data safe online. It opined that this would encourage companies to improve their cybersecurity posture and help prevent cybercrimes. The cybersecurity research group of the King’s College promotes research into cybersecurity and works to solve societal challenges.