Critical Drupal security update
Drupal has released a critical security update to address a vulnerability in Drupal 7.x, 8.5.x and 8.6.x. The vulnerability is rated critical and impacts third party libraries.
Third-Party Security
NIST SP 800-37 Rev. 2: Risk Management Framework for Information Systems and Organizations
The National Institute of Standards and Technology (NIST) has released a new risk management framework guideline. NIST has named the document Security Publication (SP) 800-37 Rev. 2: “Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy.”
Single account blamed for Clarksons breach
Clarkson PLC (“Clarksons”), a British shipping company, recently revealed a single and isolated user account compromise was the cause of a data breach and theft of confidential information last year.
Malicious MDM targets mobile phones in India
An attacker has used an open-source mobile device management (MDM) system to target iPhones in India.
Third-party breach leads to Delta and Sears customer payment card data exposure
A data breach of third-party [24]7.ai has exposed customer payment card data of Delta and Sears.
Time Warner Cable customer data leak
Nearly four million Time Warner Cable (TWC) customer records were left exposed online via a third party data leak.
UniCredit data breach linked to third party
UniCredit has revealed that 400,000 customer accounts have been breached, exposing personal data and IBAN numbers.
Hard Rock Hotels and Casinos data breach
Hard Rock Hotels and Casinos have again warned of data breach after being notified of security incident through the hotel chain’s third party hotel reservation systems, The Sabre Hospitality Solutions SynXis.