Hackers are attacking battery backup devices / Western intelligence suspects Russia hacked Ukraine's U.S.-made satellites / Sephora gets hacked, 500K customers get their data leaked

Plus: There are 600,000 unfilled cybersecurity jobs in the U.S.

Inside.com Part of   Network March 31, 2022

Presented by

Dear Inside Community, Tonight, everything is going to change for Inside.com, and we want you to have a front-row seat. Our brand new social news experience for professionals is going live. When you wake up tomorrow, Inside.com will be ready for you to read, share, and meet experts across all of our topics. Even better, it's all free! Get your first look with Inside.com CEO Jason Calacanis on Thursday at 9 p.m. PST. Jason will be hosting a Twitter Space, giving you all an exclusive first look at Inside.com's new features. Watch it happen here. When you visit Inside.com on Friday, April 1st, you'll see a whole new site and experience. We'll have daily news and trends, recommendations from community members like you, and easy ways to submit stories and comment with your own insights. To celebrate this event, we will host AMAs with CoinPrices.io co-founder Matt Odell and PROOF COO Ryan Carson. We hope to see you there. -The Inside Team Arbër

Hackers are attacking UPS battery backup power devices. The active attacks could result in critical-infrastructure damage, business disruption, economic loss, etc. More: The Cybersecurity and Infrastructure Security Agency has warned that hackers are attacking uninterruptible power supplies that are connected to the internet. Many UPSes have added IoT capabilities for monitoring. Hackers are trying to get remote access to the devices, which are often set up to protect mission-critical IT systems. From there, hackers can shut off systems or use the devices as an entry point to breach the company's network. CISA has advised IT administrators to enumerate the devices and take them offline, or at least change the default username and password (and preferably use multi-factor authentication) in cases where an IoT connection is necessary.

Western intelligence agencies have been investigating a cybersecurity incident in which a Ukrainian satellite was hacked. Ukraine is blaming the Russian government for backing the attack. More: The owner of the satellite, a U.S.-based company named Viasat, released a statement with details of cyberattacks around the world, including this specific hack.  Viasat did not say if they know who hacked the Ukrainian satellite specifically. Ukrainian representatives are blaming the Russian government, while Western intelligence agencies suspect Russia too but are still investigating.  The attack caused a spill-over in most of Europe, causing problems with many devices.

A message from SONRAI SECURITY Get a list of data and identity security measures that you should implement to protect your AWS org. As the market leader, AWS is constantly innovating, creating more powerful and complex ways to set up your cloud infrastructure. Innovation breeds value, but it also requires vigilant updating of your security priorities. That's why we made the AWS Security Checklist for 2022. There are many benefits to using AWS, but how do you manage security, compliance, and access risk within the AWS environment? Ignoring security gaps and relying on a single vendor dramatically increases risk, but with many cloud and security teams being asked to reduce costs in the challenging economic climate, taking a single vendor approach can be tempting. To ease the worry of a misconfiguration, we’ve collected the best tips and tricks from our clients and pulled them together in our AWS Security Checklist. Claim your Free AWS Security Checklist

Cosmetics company Sephora was the victim of a cyberattack that resulted in a data breach. Over 490,000 customers who are located in Mexico had their data breached. More: The affected users are from a rewards program who signed up in 2019. Stolen data include card numbers, account numbers, full names, emails, phone numbers, and reward points. The hackers breached Sephora because the company had left a permissive bucket policy by storing the data in AWS. This is not the first time that either Sephora or AWS has been breached.

Lapsus$ added 70GB of leaked data it got from software company Globant in its Telegram list. The hackers wrote that they were "back from vacation" on their channel. More: The hacker group shared a 70GB torrent file containing Globant's source code, as well as Atlassian admin passwords. They posted screenshots showing a folder directory with files from companies such as Arcserve, Facebook, the Apple Health app, DHL, Citibank, BNP Paribas Cardiff, and Citibanamex. The passwords that the group leaked were easy to guess, and some passwords were reused. Zoom Out: Lapsus$ has recently hacked Brazil's Ministry of Health, Ubisoft, Nokia, Samsung, Microsoft, etc.

There are now around 600,000 unfilled cybersecurity jobs in the U.S. Out of this number, 560,000 are in the private sector. More: Even though 1 million people in the U.S. work in cybersecurity, there are 600,000 jobs unfilled in the industry. Job openings have increased by 29% in the last 12 months, double the growth rate between 2018 and 2019. Most civilian public agencies can’t pay what the public sector can, which is why public agencies contract private companies to perform their cybersecurity tasks.  The need for cybersecurity talent is present across all industries and services.  Zoom Out: The number of cyberattacks has increased recently around the world, including in the U.S., with examples such as the Colonial Pipeline Co. attack, SolarWinds, U.S. election officials hack, etc.  The Department of Homeland Security presented a new hiring policy for cybersecurity personnel in November that would allow federal cybersecurity workers to make as much as $255,800, equivalent to the salary of Vice President Kamala Harris. In 2020, the annual mean wage for information security analysts was $107,580, almost double the mean for all U.S. occupations.

Quick Hits: Quality custom NIGHT GUARDS & TEETH WHITENING KITS for 80% less than the dentist. Use exclusive code INSIDE33 for 33% off your order.* A newly launched information-stealing malware variant called Mars Stealer is rising in popularity, and threat analysts are now spotting the first notable large-scale campaigns using this malware. Online retail and photography platform Shutterfly has announced that it suffered a data breach that exposed employee information. Skiff has raised $10.5M in funding to build out private and collaborative workspaces. Cloaked, a Boston-based startup that lets users generate unique emails and phone numbers, has secured $25M in Series A funding. Give your recruiting team an unfair advantage with Trinsly. Start your 21-day free trial.* *This is a sponsored post.

Upcoming events at Inside: April 04 - Blockchain and the Law (Register Here) April 05 - Venturing in VC - Episode #14 with Jay Kapoor (VSC Ventures) (Register Here) April 06 - Entertainment in the Metaverse (Register Here) April 07 - Road to Autonomy: Sidewalk Robots with Ali Kashani (Serve Robotics) (Register Here) April 14 - Shopping In The Metaverse (Register Here) April 28 - Alternative Investments 2: Crypto Safety Standards (Register Here) May 12 - Making Metaverse Dating a Reality (Register Here) May 19 - Understanding Fractionalization (Register Here) May 24 - Meet Our Fund 3 (Register Here) June 01 - Selling Consumer Goods in Web3 (Register Here)

Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. Editor Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 Ford.

Powered by our identity graph, Sonrai Security combines CIEM, CSPM, and data security into one cloud security platform.

Click to Share ➞

767 Bryant St. #203, San Francisco, CA 94107 Copyright © 2022 Inside.com

Did someone forward this email to you? Head over to inside.com to get your very own free subscription! You received this email because you subscribed to Inside Security. Click here to unsubscribe from Inside Security list or manage your subscriptions.