Each morning MSSP Alert broadcasts a quick lineup of news, analysis and chatter from across the global managed security services provider, SOC (security operations center) and IT outsourcing ecosystem.
Here’s the lineup for Monday, April 9, 2018:
8. Facebook Privacy Meetings: Facebook CEO Mark Zuckerberg will hold meetings with some U.S. lawmakers on Monday, a day before he is due to appear at Congressional hearings over a political consultancy’s use of customer data, Reuters says. On a potentially related note, Facebook has suspended Canadian political consultancy AggregateIQ from its platform after reports that the data firm may have improperly had access to the personal data of Facebook users, according to Reuters.
7. Slack Privacy Policy: Slack has updated its privacy policy. Unlike many of the privacy policy updates announced since the Facebook–Cambridge Analytica data harvesting scandal, this update enables employers to view and download everything users share in Slack, even conversations shared in private channels, according to CMS Wire.
6. Arizona Hack: A hack on an Arizona election database during the 2016 U.S. presidential campaign was carried out by suspected criminal actors and not the Russian government, a senior Trump administration official told Reuters on Sunday.
5. Panera Breach Lawsuit: Panera Bread was hit with a putative class action in Illinois federal court last week, according to Law360. The suit involves an alleged data breach that apparently involved Panera's customer reward systems. Panera, which has not yet admitted it suffered a breach, had allegedly known about a security issue since at least August, but had yet to do anything to close vulnerabilities within its systems, the suit said, according to Law360.
4. Iran Cyberattack: Iran’s Telecommunications minister has criticized the government’s cyber-attack monitoring center for failing to detect an attack that led to the hacking of several Iranian data centers on the evening of April 6, despite a warning about the attack 10 days before it took place, Radio Farda reports. The attacks apparently involve a documented Cisco router vulnerability.
3. IoT DDoS Attacks: A variant of the Mirai botnet was used recently to launch a series of distributed denial of service campaigns against financial sector businesses, according to ThreatPost. The attacks utilized at least 13,000 hijacked IoT devices generating traffic volumes up to 30 Gbps, considerably less intense than the original Mirai assaults clocked at 620 Gbps, the report says.
2. IAM Advice: The White House's Office of Management and Budget issued draft guidance Friday, telling officials to coordinate federal Identity, Credential, and Access Management (ICAM) policies, according to CyberScoop.
1. M&A - Cyber Consulting: KPMG in Canada has acquired Egyde, a Quebec City-based cyber security firm specializing in continuous security testing and proactive cyber security services. The deal closed April 5. Financial terms were not disclosed. All Egyde employees have joined KPMG, and continue to work out of their current offices in Quebec City and Montreal. We'll share more details soon. Related: KPMG is a Top 100 MSSP for 2017.
