Cyber Security News Update 9/30/2017

Cyber Security News Update

The government asking telecommunication companies and hardware providers for access to their customers’ data and devices is no new thing. There are legitimate reasons for them asking for this data, and sometimes there are less than legitimate reasons for asking for it. The government usually requires a warrant to get access to your files, but that doesn’t stop them from trying to strong-arm companies into doing it without the warrant. According to transparency reports Apple was by far the company that the government was most likely to ask for access to accounts, data, and devices. With a range of 13,250 to 13,499 requests for roughly 9,000 accounts over the course of the year. Google and Facebook also released reports on their numbers, and they’re surprisingly low. Only around 1,500 requests over the course of the year. For Facebook, this may be because their data is public unless otherwise noted by the account in question, so they’re may not be much need for access. Google’s number is surprisingly low, but Google also has a history of working with law enforcement. It’s possible that this number only includes the number of times access was specially requested instead of simply granted.
Source: Apple receives record number of US government national security requests for data

The SEC was hacked, and only recently found out and started assessing the damage that was dealt. They currently don’t know the depth of the intrusion, or exactly what was stolen or seen. The attack occurred in 2016 and was only discovered last month, during a separate review. This review triggered an internal investigation that is still ongoing. The SEC fears that this hack may have allowed people to trade stock illegally, or with insider information that others don’t have access too. The extent of the sales, or if they occurred, is still unknown. The system that was hacked contains information that is released to the public, to let them make their stock decisions but this system sometimes lags. This lag would allow whomever hacked it to have access to information before others, and it may have allowed them to slow down the flow of information.

Source: SEC is hiring more cybersecurity help after breach that may have let hackers profit from stock trades

Keeping your devices up-to-date is critical when it comes to cyber security. The major cyber attacks that have occurred during the course of the year are all from devices that have been out-of-date with their security definitions. Companies spend millions of dollars investigating, patching and updating back-doors and hacks for their devices. These content updates are available for free for all their users, but many people hit the “Update Later” button instead. This is how a major data breach occurs. But what if you’re one of those people who always gets the update, as soon as it comes out? Well, if you’re an Apple user you may not have been getting those updates. As it turns out Apple’s EFI code wasn’t notifying users when their machines failed to update, potentially leaving millions of people with machines they thought were patched that weren’t.

Source: CRITICAL CODE IN MILLIONS OF MACS ISN’T GETTING APPLE’S UPDATES