Weekend Must Reads on Infosec

5 ?????????????? ?????????? ???? ?????????????????????? ???????????????? & ????????????????????

1. Xerox Confirms Data Breach Impacting XBS US

Xerox revealed that its Xerox Business Solutions U.S. subsidiary suffered a recent cybersecurity incident, impacting its U.S. operations' IT environments. While Xerox did not disclose whether customer or partner data was affected, the company mentioned that "limited personal information in the XBS environment may have been affected." The INC Ransom cybercriminal gang claimed responsibility for its dark website. Xerox assured that the breach had no impact on its corporate systems, operations, or data. The company intends to notify any affected individuals. As of now, Xerox has not provided further details regarding the extent of the incident.

Read more on CRN . Article written by Kyle Alspach .

2. G20 Portal Saw 16 Lakh Cyberattacks A Minute During Summit In Sept: Centre

During the G20 summit, the Indian Cybercrime Coordination Centre (I4C) CEO revealed that the G20 account faced a staggering 16 lakh Distributed Denial of Service (DDoS) attacks per minute. These attacks originated from non-national foreign threat actors, with concerns raised about their VPN-disguised locations in China, Cambodia, and Malaysia. The I4C, with multiple Indian agencies, successfully thwarted the attacks. The CEO highlighted the challenges of tracking threat actors through VPNs. Additionally, he shared that over 31 lakh cybercrime complaints have been registered on the National Cybercrime Reporting Portal since August 2019, resulting in 66,000 FIRs. The I4C saved over ?1,100 crore in three years through the National Cyber Helpline Number.

Read more on NDTV .

3. 10 Years After Yahoo Breach, What's Changed? (Not Much)

Yahoo's historic data breaches, with the largest compromising three billion accounts, continue to highlight persistent cybersecurity challenges. Despite occurring 10 years ago, the industry remains vulnerable to core issues. The initial breach, facilitated by a phishing email to a mid-level employee, allowed hackers access to Yahoo's IT systems. The ease of forging cookies exposed weaknesses in authentication practices across organizations. Password flaws persist, with users often reusing them, and multifactor authentication techniques are criticized for worsening user experience. Additionally, a lack of commitment to customer protection and corporate security governance played a role in Yahoo's security failures. Experts warn that similar issues persist in the current cybersecurity landscape.

Read more on Dark Reading . Article written by Nate Nelson .

4. OpenAI Changes Data Controller in Bid to Adhere to GDPR

Facing a GDPR lawsuit, OpenAI plans to shift its official data controller for EU customers to Ireland, aiming to address concerns about data protection breaches. This move follows the establishment of OpenAI's Dublin offices in September and concerns raised by EU member states regarding its handling of personal data. Critics argue that OpenAI lacks a justifiable legal basis for its data practices. The company, like other major US firms, entrusts EU data supervision to the Irish Data Protection Authority to comply with EU laws. Legal challenges and GDPR violations have sparked scrutiny from multiple European countries.

Read more on DIGIT News . Article written by Elizabeth G. .

5. Here We Go Again: 2023’s Badly Handled Data Breaches

Several organizations in 2023 mishandled data breaches by downplaying impacts and refusing transparency. The UK's Electoral Commission concealed details of a major hack for a year, exposing 40 million voters' data. Samsung faced criticism for withholding details on a year-long data breach affecting UK customers. French cloud gaming provider Shadow stayed silent on an October breach, not disclosing the full impact. Lyca Mobile, MGM Resorts, Dish, and CommScope also faced scrutiny for failing to provide adequate information about cyberattacks and data breaches. These incidents highlight a lack of transparency and communication in handling cybersecurity incidents.

Read more on TechCrunch .

While jumping into the next task,

If you do one thing:

Do something today that your future self will be thankful for.

Autodit offers Tools & Solutions for

• SMBs' InfoSec Compliances (10-hour effort from Engineering Leadership)
• Large Enterprises' Third Party Risk Assessments, RFP Questionnaire Response Automation, Security Awareness LMS, Trust Center
• Custom Integrations & InfoSec Frameworks for Real-Time Monitoring of your Information Security Readiness Posture.

Ping our Founder, Prithvi Raju Alluri now!