El Diario del CISO El Diario del CISO (The CISO Journal) Edición 22 | Page 5

International InfoSec & Cybersecurity News
Is SMS 2FA Enough Login Protection?
www.darkreading.com
Experts say Reddit breach offers a prime example of the risks
of depending on one-time passwords sent via text.
Compromised MikroTik routers power
extensive cryptojacking campaign
www.helpnetsecurity.com
A massive MikroTik cryptojacking campaign that relies on
compromised routers serves users with pages injected with
the Coinhive mining script.
Facebook CSO Takes Job at Stanford
www.infosecurity-magazine.com
Facebook’s outspoken CSO Alex Stamos has announced he
has accepted a role at Stanford University and will leave the
firm later this month.
Dixons Carphone: 10 Million Records
Exposed in 2017 Breach
www.bankinfosecurity.com
Struggling European electronics giant Dixons Carphone says
its investigation into a 2017 data breach has found that 10
million customers' personal details - up from
Researchers reveal 20 vulnerabilities in
Samsung SmartThings Hub
www.csoonline.com
Samsung released firmware to patch 20 flaws that if
exploited, could have let attackers remotely control and even
physically damage IoT gadgets connected the SmartThings
Hub.
DOJ reveals arrest and indictment of three
FIN7 cybercriminal masterminds
www.scmagazine.com
Three key players in the infamous FIN7 cybercriminal
organization that since 2015 has specialized in stealing credit
card and financials data from businesses around the world
have been arrested and charged in one of the largest FBI
cyber investigations of its kind, U.S
Amnesty International Targeted by
Nation-State Spyware
threatpost.com
A suspicious WhatsApp message carried the mobile
cyberweapon known as Pegasus – sold by Israel-based
company NSO Group to state-level actors around the world.
Boys Town Healthcare Data Breach
Exposed Personal Details ...
thehackernews.com
Massive healthcare data breach at Boys Town National
Research Hospital exposed personal details of patients and
employees
Yale data breach discovered 10 years too
late
searchsecurity.techtarget.com
Details on a Yale data breach that occurred in 2008 have
been released, and one expert said the amount of data in the
breach could give threat actors plenty of ammunition for
social engineering attacks.
Iran-Linked Actor Targets U.S. Electric
Utility Firms
www.securityweek.com
Likely operating out of Iran, the Leafminer cyber-espionage
group has been targeting entities in the United States,
Europe, Middle East, and East Asia, industrial cybersecurity