MakerBot Replicator 3D printer

Thingiverse Breach: 50,000 3D Printers Faced Hijacking Risk

Jeremy Kirk • October 18, 2021

A data breach affecting MakerBot's Thingiverse 3D printing repository website is far bigger than what the company has acknowledged, a former employee claims. Upwards of 2 million users may have been affected by the breach, which left their 3D printers at risk of being hijacked.

Cybercrime

Ransomware: No Decline in Victims Posted to Data Leak Sites

Profiles in Leadership: Dr. Frances Undelikwo, Fidelity Bank

Cybercrime

Google Says Russian APT Targeting Journalists, Politicians

Identity & Access Management

Silicon Valley VC Firm Leaked 'Deal Flow' Data

Latest

Anti-Money Laundering (AML)

Treasury Dept. to Crypto Companies: Comply with Sanctions

Dan Gunderman • October 16, 2021

The U.S. Department of the Treasury unveiled additional steps to curb the illicit use of cryptocurrencies on Friday, warning enterprises not to engage with sanctioned entities exploiting the financial system - particularly to launder ransomware proceeds.

Cybercrime

MirrorBlast Campaign Targets Finance Sector Using Macros

Prajeet Nair • October 16, 2021

Researchers at Morphisec Labs have published fresh details about a new MirrorBlast campaign that they say is run by a Russia-based threat group TA505, targeting financial services organizations. The campaign delivers MirrorBlast via a phishing email that contains malicious links.

Business Continuity Management / Disaster Recovery

US Agencies to Water Facilities: You May Be Next Target

Dan Gunderman • October 15, 2021

U.S. federal agencies issued a joint advisory around potential cyber threats to the nation's water facilities. They cite "ongoing malicious cyber activity - by both known and unknown actors - targeting the IT and OT technology networks, systems and devices" of U.S. water and wastewater systems.

Business Continuity Management / Disaster Recovery

Ransomware Attack on Israeli Medical Center Raises Alarm

Marianne Kolbasuk McGee • October 15, 2021

Government authorities in Israel are warning healthcare sector entities in the country of potential cyberattacks after a ransomware attack this week on Hillel Yaffe Medical Center in the city of Hadera. The hospital said it is "using alternative systems" to care for its patients.

3rd Party Risk Management

ISMG Editors' Panel: Are Our Systems Too Complex to Secure?

Anna Delaney • October 15, 2021

In this update, four editors discuss key cybersecurity issues, including addressing the complexity of security, the rising number of victims targeted by double extortion ransomware and the Information Commissioner's Office's recent consultation on creating an international data transfer agreement.

Account Takeover Fraud

Teenage Cybercrime: Giving Young Hackers A Second Chance

Anna Delaney • October 15, 2021

The latest edition of the ISMG Security Report features an analysis of attempts made by European law enforcement to encourage young cybercriminals to channel their skills in more ethical ways. Also featured: Fraud detection and response; inspiring behavioral change.

Fraud Management & Cybercrime

House Lawmakers Announce Bill Targeting Tech Algorithms

Dan Gunderman • October 14, 2021

Democratic lawmakers on the House Committee on Energy and Commerce announced legislation that would rein in tech algorithms on platforms exceeding 5 million monthly viewers. This follows a high-profile whistleblower case heard before Congress on Facebook's allegedly questionable data policies.

Critical Infrastructure Security

MITRE Launches Centers to Protect Infrastructure and Health

Mihir Bagwe • October 14, 2021

MITRE, the not-for-profit organization that works across governmental and federal agencies, as well as various industrial verticals and academia, has set up The Cyber Infrastructure Protection Innovation Center and The Clinical Insights Innovation Cell to protect healthcare.

Breach Notification

Osteopathic Professional Group Reports Year-Old Breach

Marianne Kolbasuk McGee • October 14, 2021

The American Osteopathic Association has just begun notifying nearly 28,000 individuals about a June 2020 data exfiltration incident involving their personal information. The medical professional organization says workforce challenges during the pandemic led to the notification delay.

Application Security

Flaws In GitHub Actions Bypass Code Review Mechanism

Prajeet Nair • October 14, 2021

Researchers at Cider Security have uncovered a security loophole in GitHub Actions that allows adversaries to bypass the required reviews mechanism and push unreviewed code to a protected branch, allowing it into the pipeline to production.

Breach Notification

Thingiverse Data Leak Affects 228,000 Subscribers

Mihir Bagwe • October 14, 2021

Thingiverse, a popular website dedicated to sharing user-created digital design files, has reportedly leaked a 36GB backup file that contains 2.5 million unique email addresses and other personally identifiable information.

3rd Party Risk Management

Profiles in Leadership: John O'Driscoll, State of Victoria

Jeremy Kirk • October 14, 2021

John O'Driscoll is the first CISO for the Australian state of Victoria, a job that has purview over 1,900 entities with 340,000 public servants. He's an expert in risk and audit, and that has subsequently lead to interesting conversations about who is accountable for risk and how to manage risk.