Weekend Must Reads on Infosec

5 ?????????????? ?????????? ???? ?????????????????????? ???????????????? & ????????????????????

1. Will Focus on Compliance First, and Not Technology, Says Paytm CEO

Vijay Shekhar Sharma, CEO of Paytm's parent firm, One97 Communications, emphasizes a shift towards compliance over technology following RBI's restrictions on Paytm Payments Bank. Sharma highlights the importance of making compliance and risk core aspects of the business. Paytm's stock plunged 20%, reaching the lower circuit after the RBI barred new deposits and transactions. Sharma discloses plans to collaborate with other banks, distancing from Paytm Payments Bank. He anticipates a significant impact on Paytm's annual EBITDA, estimating a range of Rs 300 to Rs 500 crore due to the regulatory directive. The company aims to navigate challenges through partnerships with other banks.

Read more on Business Standard . Article written by Ajinkya K.

2. 4 Key Takeaways From the BlackBerry Global Threat Intelligence Report

The recent BlackBerry Global Threat Intelligence report reveals 3.3 million thwarted cyberattacks in three months, providing insights into ransomware, country-specific attack patterns, and actionable intelligence. Emphasizing the prevalence of weak passwords in Active Directory, the report underscores the imperative for businesses, irrespective of size, to adopt proactive defensive strategies against data theft and nation-state attacks.

1. Security Isn’t Improving
2. The Healthcare Sector Remains Vulnerable
3. Ransomware Attacks are Spreading
4. Credentials are a Consistent Culprit

Read more on Security Boulevard . Article authored by Enzoic .

3. Secure Leadership: Why Managers Should Mitigate Internal Risks

The article underscores the critical role of human behavior in posing internal risks to company security, emphasizing the need for robust risk management policies. Internal threats, ranging from digital errors to deliberate sabotage, can harm operations, finances, and reputation. The evolving risk landscape demands proactive measures, including training, IT security courses, and leadership programs for managers. Recognizing the 'risk profile' of employees becomes crucial, with managers needing strategic skills to address internal risks. Building a transparent, risk-aware culture, fostering communication, and rewarding responsible risk reporting are essential for mitigating threats and ensuring organizational resilience.

Read more on IFSEC Insider - Security & fire news . Article written by Dakota Murphey .

4. Uber Hit with 10 Million Euro Fine for Privacy Violations

The Dutch Data Protection Authority (DPA) has fined Uber Technologies 10 million euros for violating privacy regulations related to handling drivers' personal data. Uber's Dutch unit was also implicated. The investigation revealed non-disclosure of vital information in terms and conditions, such as data retention duration and security measures for data transfers outside the European Economic Area. Uber was additionally found guilty of obstructing drivers' access to their personal data by embedding the request form within complex app menus. The case originated from complaints by 170 French drivers, with the French human rights organization escalating it to the Dutch DPA, which criticized Uber's privacy rights hindrance.

Read more on VeerOne . Article written by Emmanuel Abara Benson .

5. Hewlett Packard Data Breach: IntelBroker Alleges Sale of Sensitive Information

On February 1st, a hacker named IntelBroker claimed to have critical information from a purported Hewlett Packard Enterprise (HPE) data breach, offering CI/CD access, system logs, config files, access tokens, and passwords on the dark web. The post detailed HPE StoreOnce files and access passwords, with screenshots of code samples indicating REST API calls and network configurations. HPE, targeted in a recent APT29 cyberattack, has not officially responded, leaving the breach claims unverified. The earlier attack, detected by Microsoft's security team in December 2023, revealed unauthorized access and data exfiltration from specific mailboxes.

Read more on The Cyber Express By Cyble . Article written by Ashish Khaitan .

While jumping into the next task,

If you do one thing:

Do something today that your future self will be thankful for.

Autodit offers Tools & Solutions for

• SMBs' InfoSec Compliances (10-hour effort from Engineering Leadership)
• Large Enterprises' Third Party Risk Assessments, RFP Questionnaire Response Automation, Security Awareness LMS, Trust Center
• Custom Integrations and InfoSec Frameworks for Real-Time Monitoring of your Information Security Readiness Posture.

Ping our Founder, Prithvi Raju Alluri now!