19/03/2021: Cybersecurity & Tech News Roundup

The New York Department of Financial Services has settled a $1.5 million lawsuit following a data breach

New York's financial services department has settled a hefty lawsuit with a Maine based mortgage lender for failing to report a data breach. New York State's cybersecurity rules require all organisations to disclose cybersecurity incidents within 72 hours of them occurring. The unlucky lender had sat on this secret for over 18 months, and the issue didn't come to light until the DFS's investigation. As a result, they had to pay up a whopping 1.5 million dollars. Read more here.

Facebook's ‘Red Team X’ has been busy hunting bugs outside of the social network's perimeter

Most big organisations, especially tech companies, have an in-house red team; a group of hackers that tries to infiltrate the organisation and spot vulnerabilities before nefarious actors do. For Facebook, this team was working on the tech giant's premises, but when the world went into lockdown, things had to change.

In the Spring of 2020, Red Team X was formed. This group functions outside of Facebook's traditional red team, and take a hybrid approach in probing third-party products whose weaknesses could cause problems for Facebook - especially now that more people than ever before are using social networks to communicate with loved ones and colleagues.

A member of the team had this to say: "Covid for us was really an opportunity to take a step back and evaluate how we’re all working, how things are going, and what might be next for the red team. As the pandemic wore on, we got requests to look into products that were outside of Facebook's traditional scope. Now engineers come to us and request that we look at things they’re using And it can be any kind of tech—hardware, software, low-level firmware, cloud services, consumer devices, network tools, even industrial control."

Read more here.

Did Russian hackers target RAF planes?

Following the government's recent statement that the UK needed to improve its cybersecurity and fight back against nation-state actors, a hostile state launched a cyber-attack. Nation-state hackers have been blamed for a whole lot recently, from Solarwinds to the Microsoft Exchange hack, however there's rarely much proof of who the culprit really was.

In a direct attack on the UK's defences, someone tried to block vital navigation communication used by RAF planes. Thankfully, none of these attacks actually worked, but if they had been successful, people could have been hurt. While the papers are stating that "defence experts" have pointed the finger at both Russia and Syria, how often do defence personnel speak to the press? Read more here.

Want the latest technology news? Check out our Twitter page for upcoming tech world developments and data breach news, or get in contact with a member of our team to see how our security services can keep your organisation out of the headlines.