Tag Archives: First American

Security News Bites for the Week Ending July 24, 2020

Cloudflare DNS Goes Down Taking A Big Chunk of the Internet Down

Good news and bad news. For companies like Shopify, League of Legends and Politico, among many others, Friday afternoon gave you a headache. You outsourced your DNS to Cloudflare and they had a burp. The good news is that because they are Cloudflare they were able to diagnose it and mitigate the problem in 25 minutes. While no one wants to be down, could you fix your internal DNS server meltdown in 25 minutes? Credit: Techcrunch

Great Article on How Norsk Hydro Dealt with a Ransomware Attack

Bloomberg has a great article on how Norsk dealt with their ransomware attack. Couple of thoughts. They spent $60 million to recover. Their insurance has paid them $3.6 million. You do the arithmetic. And, they weren’t dealing with ransomware 2.0 which really changes things. Check out the article on Bloomberg.

Grayshift Has a New Form of Spyware

Grayshift, the company that breaks into cell phones for cops and “other entities”, has come up with a new tool. Take a locked iPhone and put it on the Grayshift box. They install malware onto your locked iPhone. Then they give it back to the suspect under the guise of, say, calling their lawyer. The suspect unlocks the phone and the malware records the unlock code. Then the cops take the phone back and can unlock the phone without you. Likely Apple will figure out how they are doing this, but for now, it works. Credit: NBC News

First American (Title Company) Makes History

New York’s Department of Financial Services released a highly detailed set of security standards a couple of years ago for businesses that they regulate called DFS 500. This set of security standards dictates what controls and processes banks, mortgage companies, insurance companies and others must implement to protect the data that they store. First American is the first company that DFS has sued for messing up. There were 885 million records exposed and the fine can be $1,000 per record. You do the math and start the negotiations. Credit: PYMNTS.Com

Security news for the Week Ending May 24, 2019

SalesForce Gives Users Access To All of Your Company’s Data

In what can only be called an Oops, SalesForce deployed a script last Friday that gave users of certain parts of SalesForce access to all of the data that a company had on the system.  The good news is that it didn’t show you anyone else’s data,  but it did give users both read and write access to all of their company’s data.

In order to fix it, Salesforce took down large parts of its environment, causing some companies that depend on SalesForce to shut their company down and send employees home.

This brings up the issue of disaster recovery and business continuity.  Just because it is in the cloud does not mean that you won’t have a disaster.  It is not clear if replicating your SalesForce app to another data center would have kept these companies working.  Source: ZDNet.

Google Tracks Your Online Purchases Through GMail

While this is probably not going to show up as a surprise, Google scans your emails to find receipts from online purchases and stores them in your Google purchase history at https://myaccount.google.com/purchases .  This is true whether you use Google Pay or not.  One user reported that Google tracked their Dominos Pizza and 1-800-Flowers purchases, as well as Amazon, among other stores.

You can delete this history if have masochistic tendencies, but I doubt anyone is going to do that because it requires you to delete the underlying email that caused it to populate the purchase, one by one.  There is also no way to turn this “Feature” off.

It appears that it keeps this data forever.

Google said they are not using this data to serve ads, but they did not respond to the question about if they use it for other purposes.  Source: Bleeping Computer.

President Trump Building An Email List to Bypass Social Media

Welcome to the world of big data.  The Prez has created a survey for people to submit information about how they have been wronged by social media.  And get you subscribed to his email list.  Nothing illegal.  Nothing nefarious.  Just a big data grab.

If you read the user agreement, it says you “grant the U.S. Government a license to use, edit, display, publish, broadcast, transmit, post, or otherwise distribute all or part of the Content.  (NOTE: That “content” includes your email address and phone number).  The license you grant is irrevocable and valid in perpetuity, throughout the world, and in all forms of media.” 

This seems to be hosted on the Whitehouse.Gov servers.  It is not clear who will have access to this data or for what purpose.  Source: Vice.

Colorado Governor Declares Statewide Emergency After Ransomware Attack

Last year the Colorado Department of Transportation suffered a ransomware attack.  Initially the state thought it was getting a handle on the attack, but ten days later it came back.

It was the first time any state had issued a Statewide Emergency for a cyberattack.  Ever!  Anywhere!

It had the affect that the state was able to mobilize the National Guard, call in resources from other departments, activate the state Department of Homeland Security and Emergency Management and get help from the FBI and the US Department of Homeland Security.  It also allowed them to call for “Mutual Aid”, the process where neighboring jurisdictions  – in this case neighboring states – provided assistance.

It worked and since then, other states have begun to do this.

When you have a disaster, even a cyber disaster, you need a lot of resources and an emergency declaration is one way to do it. Source: StateScoop.

 

Latest Breach – 885 Million Records

First American Financial, one of the largest title insurance companies, exposed 885 million records going back to 2003 due to a software design flaw.  The records include all kinds of sensitive records that are associated with real estate closings.  Source:  Krebs on Security.