Third Party Risk Management - Consultancy, Assessment & Advisory
TPRM Industry Insights - February 2020
Third Party Risk Management Articles and Reports
FBI warns about ongoing attacks against software supply chain companies
The FBI has sent a security alert to the US private sector about an ongoing hacking campaign that’s targeting supply chain software providers. The FBI says hackers are attempting to infect companies with the Kwampirs malware, a remote access trojan (RAT). ZDNet reports.
ElevenPaths Cybersecurity Report Outlines Cyber Risk Ratings by Sector
ElevenPaths, Telefonica’s Cybersecurity Unit, recently released a new report that summarizes the latest cybersecurity insights from the second half of 2019 — covering everything from relevant incidents and vulnerabilities to cyber risk ratings by sector. The information presented is mostly based on the collection and synthesis of internal data that has been contrasted with public information from high-quality sources, including BitSight Security Ratings. Read more.
Time to patch your lightbulb? Researchers demonstrate Philips Hue exploit
Researchers at Check Point have demonstrated how a vulnerability found in Philips Hue smart lightbulbs could allow intruders to infiltrate networks, highlighting the increasing risk from the prevalance of IoT devices in the home, office and workplace.
Norwegian DPA imposes €120,000 fine on Municipality of Oslo.
The Norwegian DPA also imposed an administrative fine of €120,000 on the Municipality of Oslo, the Education Agency, as a result of poor security of processing in a mobile app. The app is used for communication between school employees, parents and pupils. The fine was issued because the municipality had not implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk. The Municipality of Oslo did not appeal the decision.
Investigation finds 400-plus councils let at least one third party track use of their sites
UK Councils are sharing information about users of their websites – including when they seek help with a benefit claim, or with a disability or alcoholism – with dozens of private companies. More than 400 local authorities allowed at least one third-party company to track individuals who visit their sites, an investigation has revealed.
The report highlights the risks to data privacy and data protection posed by Third-Party data collectors, ad servers and social plug-ins embedded in council websites.