Cyber Security Today, Oct. 12, 2022 – Toyota blames contractor for five-year data leak, code from Intel is leaked and more

Share post:

Toyota blames contractor for five-year data leak, code from Intel is leaked and more.

Welcome to Cyber Security Today. It’s Wednesday, October 12th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Third parties such as partners and contractors who have access to your IT systems and applications have long been known as a security risk. The latest example is Toyota’s admission that email addresses of just under 300,000 customers were copied by someone because of a mistake by a contractor. Five years ago the contractor mistakenly uploaded part of the source code of Toyota’s T-Connect app that they were working on to the open Github software development platform. That code included an access key to a data server that held the personal information. Uploading the code was a violation of Toyota’s software handling rules with the contractor. Toyota only learned of the breach last month. As of the recording of this podcast on Tuesday afternoon, Toyota hadn’t replied to a request to clarify if the email addresses of American or Canadian customers were stolen. The Toyota notice of the breach was written in Japanese on the company’s Japan website.

UPDATE: After this podcast was recorded Toyota Canada said the victims were only in Japan.

The incident is another example of why any organization with a software development team must have controls in place to check where code is going at all times. And organizations that allow third parties to develop applications shouldn’t give them real customer or corporate data for testing. Fortunately in this case, no other customer information – such as names, addresses, phone numbers, or credit card details — was involved. But stolen email addresses can be used to send phishing messages.

In August the U.S. Cybersecurity and Infrastructure Security Agency issued a best practices guide for developers for securing the software supply chain. There’s a link to it here. 

Intel has confirmed some of source code for its UEFI chip firmware has leaked for its 12th generation Core processors. SecurityWeek said a researcher believes Intel’s Boot Guard feature, which protects the integrity of the boot process can no longer be trusted. For its part Intel told SecurityWeek the leak doesn’t create any new vulnerabilities. However, a Hong Kong cybersecurity firm argued that the leaked code might help an attacker find a vulnerability.

On Monday I reported that Fortinet is advising some customers to take action due to the discovery of a serious vulnerability. Now Fortinet is reporting this hole has already been exploited against an unnamed organization. IT security leaders are urged to apply the recommended workarounds.

Critical infrastructure providers in the United States and Canada were warned months ago to be ready for cyber attacks from Russian-backed threat actors. The theory is they would want to hit back against Western nations supporting Ukraine. Last week a pro-Russian group called KillNet claimed responsibility for forcing several American airports to take their websites offline after launching distributed denial-of-service attacks.

As part of Cybersecurity Awareness Month several security companies are releasing studies with interesting statistics. Here’s one with disappointing numbers from Kaspersky. It surveyed 1,300 business owners and decision-makers in small and medium-sized firms in 13 countries: Only 39 per cent of respondents said they have an IT disaster recovery plan. Twenty-three per cent said they are working on one. Thirty-one per cent of firms said they’d consider using a pirated copy of software in a crisis to save money.

Here’s another survey released this week, this time by Cisco Systems of 2,600 adults in 12 countries. The results suggest how important data handling is to a company’s reputation. Eight-one per cent of respondents agreed the way an organization treats personal data is indicative of how it views and respects customers. Seventy-six per cent said they would not buy from a company they don’t trust with their data.

Finally, a reminder that next week IT World Canada is hosting another session of its free MapleSec cybersecurity summits. The Wednesday, October 19th session will be in-person at Toronto’s Aga Khan Museum in mid-town. One panel discussion will be on ransomware. Another will feature a panel of CISOs. The Thursday, October 20th sessions will be online and includes a presentation on cybersecurity essentials for SMBs. Click here to see the full agenda and register.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Oct. 12, 2022 – Toyota blames contractor for five-year data leak, code from Intel is leaked and more first appeared on IT World Canada.

Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

40 thousand routers compromised: Hashtag Trending for Wednesday, March 27th, 2024

A new cyberthreat is taking down home routers. Germany passes a law insisting on end to end encryption. Reports expose the craziness of tech hiring practices, the US government has had it with SQL injection attacks and Elon Musk gets a smackdown from a federal judge as we see more from the X files –

Cyber Security Today, March 27, 2024 – A botnet exploits old routers, a new malware loader discovered, and more warnings about downloading code from...

This episode reports on a new network of 40,000 infected small and home office routers and other devices that are part of a criminal botnet

Apple gets hammered by the EU again: Hashtag Trending for Tuesday, March 26, 2024

Apple gets hammered by the EU once again while there’s a threat in the US of breaking up the big tech giants. Google appears to have another problem AI implementation, Steve Wozniak is back as an unlikely critic of the TikTok ban, a new open source AI that runs on your computer an an Amazon

CIOs complain of “application sprawl” – Hashtag Trending, Monday March 25th, 2024

Apple may get an unexpected penalty from the US Governments new lawsuit, survey of CIOs complains of application sprawl but proposes that the way to get out of it is “more applications”, 1% of employees cause 89% of data loss events and information surfaces about some potentially enormous developments in AI in the coming months.

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways