CSTI
    breachThe Commercial Era (2010-2019) Daily Briefing Landmark Event

    Significant Cybersecurity Breaches and Developments on December 12, 2018

    Wednesday, December 12, 2018

    Today, the cybersecurity landscape shifts as several significant events unfold.

    This morning, Quora announces a major security breach affecting approximately 100 million users. The breach, which occurred in late 2018, allowed unauthorized access to user data including email addresses and encrypted passwords. This incident underscores the constant threat posed by malicious actors seeking to exploit user data vulnerabilities. The implications are profound, as the breach not only affects Quora’s user trust but also highlights the broader challenges faced by social platforms in safeguarding user information.

    In another significant development, Google+ reveals it has suffered a data breach exposing user profile information from around 52.5 million accounts. This breach stems from improperly granted developer access, allowing unauthorized exposure of sensitive information. As Google+ is set to shut down, this incident raises questions about the security protocols in place for user data, especially during transitions and shutdowns.

    Overnight, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2018-4063 to its Known Exploited Vulnerabilities (KEV) Catalog. This vulnerability allows for unrestricted file uploads, which attackers could exploit to execute malicious code. The addition of this CVE is a reminder of the importance of proactive vulnerability management in the face of ongoing threats. Organizations must prioritize patching and monitoring to mitigate such risks that can lead to severe compromises.

    In legislative news, the European Parliament has passed a new Cybersecurity Act aimed at strengthening the EU's cybersecurity framework. This new legislation is particularly noteworthy as it includes provisions for conducting audits of cloud services. With the rise in data breaches related to cloud misconfigurations throughout 2018, this law reflects a crucial response to the growing need for accountability and security in cloud environments.

    These events collectively illustrate a concerning trend in cybersecurity: the rapid increase in data breaches and vulnerabilities. As we close out 2018, the frequency of such incidents emphasizes the urgent need for enhanced security protocols, robust legislation, and ongoing vigilance from both organizations and users alike. The evolving landscape necessitates that cybersecurity practices adapt to counteract these persistent threats effectively.

    Sources

    data breach cybersecurity legislation vulnerabilities cloud security