New Vulnerabilities Highlight the Importance of Cybersecurity [Weekly Cybersecurity Brief]

The beginning of October officially kicks off Cybersecurity Awareness Month. In its 18th year, the campaign has served as an annual promotion of the significance behind taking a proactive approach to developing individual and organizational cybersecurity practices. And as we jump into the Cybersecurity & Infrastructure Security Agency’s evergreen theme of “#BeCyberSmart,” we have received a few reminders of the issues it seeks to prevent and the actions it aims to encourage.

One cybersecurity problem that persists is the threat of data vulnerability, and Neiman Marcus is one of its latest victims. The department store announced that it was in the midst of contacting 4.6 million customers potentially impacted by a recently discovered breach. The company stated that an “unauthorized party” was able to obtain information such as names, contact information, payment card numbers and usernames and passwords associated with Neiman Marcus online accounts and virtual gift cards. While nearly 85% of the cards included in the breach were invalid, Neiman Marcus is requiring online users to update their passwords and is working with law and cybersecurity authorities on an investigation.

Google Chrome has also been forced to develop a new update due to risky vulnerabilities. As Cyberscoop reported, Google Chrome has “issued emergency updates for two zero-day flaws that attackers are exploiting.” This forced measure comes during an unprecedented year for zero-day issues. In 2021 alone, Chrome has identified 12 zero-days. Although details around the flaws have not been released, it has been summarized that one consisted of a memory-corruption bug and the other “was related to ‘information leak in core’,” according to the article. Intensifying such threats is the sheer number of Chrome users estimated to be around 3.3 billion.

The fact that so many can be impacted by some form of a cybersecurity attack is not only what makes Cybersecurity Awareness Month so important, but also what makes collective action a must. The push for this was reflected in a new 30-country plan recently announced by President Biden and his administration. Biden stated that he intends to cover topics such as combating cybercrime, improving law enforcement collaboration and securing supply chains during this upcoming convening of representatives. “We are bringing the full strength of our capabilities to disrupt malicious cyber activity, including managing both the risks and opportunities of emerging technologies like quantum computing and artificial intelligence,” he said.

Key Takeaways:

“Neiman Marcus notifying 4.6M customers of data breach” – Maggie Miller, The Hill

https://thehill.com/policy/cybersecurity/574918-neiman-marcus-notifying-46-million-customers-of-data-breach

  • Neiman Marcus recently announced that it was in the midst of contacting 4.6 million customers potentially impacted by a recently discovered breach.
  • The company stated that an “unauthorized party” was able to obtain information such as names, contact information, payment card numbers and usernames and passwords associated with Neiman Marcus online accounts and virtual gift cards.
  • It is requiring online users to update their passwords and is working with law and cybersecurity authorities on an investigation.

“Google pushes emergency update for Chrome zero-days, the latest in a hectic year for vulnerabilities” – Tim Starks, Cyberscoop

https://www.cyberscoop.com/google-chrome-zero-days/

  • As Cyberscoop reported, Google Chrome has “issued emergency updates for two zero-day flaws that attackers are exploiting.”
  • In 2021 alone, Chrome has identified 12 zero-days.
  • Although details around the flaws have not been released, it has been summarized that one consisted of a memory-corruption bug and the other “was related to ‘information leak in core’,” according to the article.

“White House to convene 30-country cybersecurity meeting” – Stephanie Condon, ZDNet

https://www.zdnet.com/article/white-house-to-convene-30-country-cybersecurity-meeting/

  • President Biden recently announced a plan to convene 30 countries for a meeting on cybersecurity.
  • Biden stated that he intends to cover topics such as combating cybercrime, improving law enforcement collaboration and securing supply chains.
  • “We are bringing the full strength of our capabilities to disrupt malicious cyber activity, including managing both the risks and opportunities of emerging technologies like quantum computing and artificial intelligence,” he said.
Share
Share on facebook
Share on twitter
Share on linkedin
Share on email