Week in review: Marriott breach details, public-interest technology, the quantum computer threat

Here’s an overview of some of last week’s most interesting news and articles:

Marriott CEO reveals more details about the massive data breach
Equifax CEO Mark Begor and Arne Sorenson, the CEO of Marriott International, appeared before a US Senate subcommittee to testify about the massive data breaches their companies have suffered.

Mozilla releases Firefox Send, a free encrypted file transfer service
Mozilla has released the finalized version of Firefox Send, its free encrypted file transfer service that allows users to share files from any browser.

Unsecured Gearbest server exposes millions of shoppers and their orders
Chinese e-commerce giant Gearbest has exposed information and orders of millions of its customers through an unsecured Elasticsearch server, security researcher Noam Rotem and his team have found.

How susceptible are hospital employees to phishing attacks?
Cybersecurity threats are a rising problem in society, especially for healthcare organizations. Successful attacks can jeopardize not only patient data but also patient care, leading to cancellations and disruptions in the critical services that hospitals provide.

Data breach reports delayed as organizations struggle to achieve GDPR compliance
Businesses routinely delayed data breach disclosure and failed to provide important details to the ICO in the year prior to the GDPR’s enactment.

How can healthcare organizations remedy their cybersecurity ailments?
For healthcare organizations, there is no silver bullet in the fight against cybercrime. Combatting existing and future threats – large or small – requires a strategy that embraces a combination of suitable technologies, watertight policies, and flexible working practices.

Is your company leaking sensitive data via its Box account?
Companies that use Box for sharing files and folders inside and outside the company are inadvertently leaving sensitive corporate and customer data exposed, cybersecurity firm Adversis warns.

The threat of quantum computers and the solutions that can protect us today
In this Help Net Security podcast recorded at RSA Conference 2019, Avesta Hojjati, Head of R&D at DigiCert, talks about the threat of quantum computers and the solutions that are available to protect us today against the threat of quantum computers.

Urgent need for IT security legal framework in Europe
Information transmission, transport, industrial production, research, administration – hardly any area can manage without modern information and communication technologies. At the same time, the number of cyber attacks that become known is increasing constantly.

Researchers unveil February 2019’s most wanted malware
Coinhive has once again led Check Point’s Global Threat Index for the 15th consecutive month, despite the announcement that its services have been shut down from March 8th 2019.

Two thirds of Android antimalware apps are ineffective or unreliable
Choosing an effective Android antimalware app is a shot in the dark for many users and they may end up in more danger of malicious apps, not less.

Moving from traditional on-premise solutions to cloud-based security
In this Help Net Security podcast recorded at RSA Conference 2019, Gary Marsden, Senior Director, Data Protection Services at Gemalto, talks about the feedback they’re getting from the market and how Gemalto is helping businesses with a move away from traditional on-premise solutions to cloud-based security.

IT managers can’t ignore endpoints because most cyberattacks start there
IT managers are more likely to catch cybercriminals on their organization’s servers and networks than anywhere else, according to the 7 Uncomfortable Truths of Endpoint Security survey by Sophos.

Public-interest technology: Why companies should get involved
“For the last 15 or 20 years, anything Silicon Valley companies did was seemingly in the public interest, and society has encouraged that view until quite recently,” Mozilla Corp’s Chairwoman Mitchell Baker noted last week at the RSA Conference in San Francisco. “But those fantasy days are over.”

Researchers expose massive mobile adware and data stealing campaigns with 250 million downloads
Check Point Research has uncovered two massive mobile adware and data stealing campaigns, which have already had over 250 million downloads combined globally. Both target mobiles using Android, and exploit the mobile app development supply chain to infect devices and perform malicious actions.

The impact of spear phishing on organizations and how to combat this growing threat
In this Help Net Security podcast, Scott Olson, the VP of Product Marketing at iovation, talks about the impact of spear phishing, and offers practical suggestions on how to prevent this growing threat.

Free decrypters for BigBobRoss ransomware released
Here’s some good news for users whose files have been encrypted by the BigBobRoss ransomware: both Avast and Emsisoft have released decrypters.

Cybersecurity skills gap worsens, security teams are understaffed
80 percent of 336 IT security professionals Dimensional Research polled on behalf of Tripwire believe it’s becoming more difficult to find skilled cybersecurity professionals, and nearly all respondents (93 percent) say the skills required to be a great security professional have changed over the past few years.

Webinar – DevSecOps at Hulu: When security and DevOps meet
While most DevOps manuals talk about how and why you should embed security into a company’s DevOps culture, the reality is that most security teams are built in a silo—and breaking free from that silo can be incredibly difficult to achieve.

Thinking of threat intelligence as a contributing member of your security team
Threat intelligence is widely considered as a significant asset for organizations, but implementation of this intelligence within security operations can often be cumbersome. In this Help Net Security podcast recorded at RSA Conference 2019, Nicholas Hayden, Senior Director of Threat Intelligence at Anomali, talks about the intelligence-driven security operations center.

Exploitation of vulnerabilities in Moxa industrial switches could disrupt communication between ICS components
Positive Technologies experts Ivan Boyko, Vyacheslav Moskvin, and Sergey Fedonin have discovered multiple vulnerabilities in Moxa industrial switches in the EDS-405A, EDS-408A, EDS-510A, and IKS-G6824A series. These switches are used to build industrial networks for oil and gas, transportation, maritime logistics, and numerous industrial sectors.

What happened to trust and transparency in cybersecurity?
We need proactive security measures that protect the organization responsibly, mitigate risk, and adapt to an ever-changing world. This can only be truly achieved with transparency across the organization.

The reality of container escapes
In this Help Net Security podcast recorded at RSA Conference 2019, Brandon Edwards, Chief Scientist at Capsule8, talks about container escapes.

Hidden third-party tags could be leaving Fortune 100 companies at risk
Crownpeak found more than 1,700 tag redirectson websites belonging to companies in the Fortune 100. These hidden third-party tags leave the sites open to potential data breaches under the GDPR and cause a total average latency of 5.2 seconds, in a world where every 100 milliseconds costs sites 1% of their conversions.