Janus Associates Blog - Bringing You Cybersecutity Industrty News and Threat Reports

Cyber Threat Report: Cyber Security News for 08/22/2024

Written by Janus Associates | Aug 22, 2024 11:00:00 AM

National Public Data Published Its Own Passwords
New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today. Read More

DoD Issues Proposed DFARS Rule to Implement CMMC 2.0
The most notable aspects of the Proposed DFARS Rule are its emphasis that the CMMC level specified in a particular solicitation and contract “is required for all information systems, used in the performance of the contract, that will process, store, or transmit” FCI or CUI. Read More

TP-Link finds itself in congressional crosshairs over ties to China
Open-source information indicates that the company may represent a serious threat to U.S. ICTS security. Read More

US businesses struggle to obtain cyber insurance, lawmakers are told
Rising premiums and restrictive policies are creating uncertainty among American businesses about whether insurance policies will cover breaches.
Read More

Vulnerability disclosure policies eyed for federal contractors in Senate bill
The legislation would require federal contractors to adhere to NIST’s guidelines on VDPs.
 Read More

Don’t Mess With Texas Privacy: AG Sues GM for $18 BILLION
The state of Texas … accused the automaker of installing technology on more than 14 million vehicles to collect data about drivers, which it then sold to insurers and other companies without drivers’ consent.
 Read More

Most Ransomware Attacks Now Happen at Night
The reason for launching attacks at night, and at weekends, is simple: try to ensure there are limited IT staff around to handle detection and response.
 Read More

MIT delivers database containing 700+ risks associated with AI
Called the AI Risk Repository, the goal, its creators say, is to provide an accessible and updatable overview of risk landscape.
 Read More

Toyota confirms data breach after info leaked on cybercrime forum
Carmaker confirms losing hundreds of gigabytes of sensitive customer data. Read More

Plane tracker FlightAware admits user passwords, SSNs exposed for years
Notification omits a number of key details. Read More

Deadbeat dad faked his own death by hacking government databases
Hoped to dodge child support payments, now faces 81 months inside – and a bigger bill than ever. Read More

HEADLINE PRIVACY & IT SECURITY COMPLIANCE NEWS

In April, a cybercriminal named USDoD began selling data stolen from NPD. In July, someone leaked what was taken, including the names, addresses, phone numbers and in some cases email addresses for more than 272 million people (including many who are now deceased).

NPD acknowledged the intrusion on Aug. 12, saying it dates back to a security incident in December 2023. In an interview last week, USDoD blamed the July data leak on another malicious hacker who also had access to the company’s database, which they claimed has been floating around the underground since December 2023.

Following last week’s story on the breadth of the NPD breach, a reader alerted KrebsOnSecurity that a sister NPD property — the background search service recordscheck.net — was hosting an archive that included the usernames and password for the site’s administrator.

Get in touch with us to learn more about how the team of experts at JANUS can help protect your business effectively. Follow us on Twitter and LinkedIn.