Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

Bitglass Security Spotlight: DoD, Facebook & NASA

Published 02/25/2019

Bitglass Security Spotlight: DoD, Facebook & NASA

By Will Houcheime, Product Marketing Manager, Bitglass

Here are the top cybersecurity stories of recent weeks:

—Cybersecurity vulnerabilities found in US missile system
—Facebook shares private user data with Amazon, Netflix, and Spotify
—Personal information of NASA employees exposed
—Chinese nationals accused of hacking into major US company databases
—Private complaints of Silicon Valley employees exposed via Blind

Cybersecurity vulnerabilities found in US missile system
The United States Department of Defense conducted a security audit on the U.S. ballistic missile system and found shocking results. The system’s security was outdated and not in keeping with protocol. The audit revealed that the US’s ballistic system was lacking data encryption, antivirus programs, and multifactor authentication. Additionally, the Department of Defense also found 28-year-old security gaps that were leaving computers vulnerable to local and remote attacks. Obviously, the Missile Defense Agency must improve its cybersecurity posture before the use of defense weaponry is required.

Facebook shares private user data with Amazon, Netflix, and Spotify
The security of Facebook users continues to be in question due to the company’s illicit use of private messages. The New York Times discovered Facebook documents from 2017 that explained how companies such as Spotify and Netflix were able to access private messages from over 70 million users per month. There are reports that suggest that companies had the ability to read, write, and delete these private messages on Facebook, which is disturbing news to anyone who uses the popular social network.

Personal information of NASA employees exposed
The personally identifiable information (PII) of current and former NASA employees was compromised early last year. The organization reached out to the affected individuals notifying them of the data breach. The identity of the intruder was unknown; however, it was confirmed that the breach allowed Social Security numbers to be compromised.

Chinese nationals accused of hacking into major US company databases
A group of hackers working for the Chinese government has been indicted by the U.S. Government for stealing intellectual property from tech companies. While the companies haven’t been named, prosecutors have charged two Chinese nationals with computer hacking, conspiracy to commit wire fraud, and aggravated identity theft.

Private complaints of Silicon Valley employees exposed via Blind
A social networking application by the name of Blind failed to secure sensitive user information when it left a database server completely exposed. Blind allows users to anonymously discuss topics including tech, finance, e-commerce, as well as the happenings within their workplace (the app is used by employees of over 70,000 different companies). Anyone who knew how to find the online server had the ability to view each user’s account information without the use of a password. Unfortunately, this security lapse exposed users’ identities and, consequently, allowed their employers to be implicated in their work-related stories.

To learn about cloud access security brokers (CASBs) and how they can protect your enterprise from ransomware, data leakage, misconfigurations, and more, download the Definitive Guide to CASBs.

Share this content on your favorite social network today!