In 2023, the Federal Trade Commission (FTC) released a warning to five of the most popular tax preparation companies, stating they could face civil penalties if they used confidential data collected from consumers – for unrelated purposes. 

Two years after the warning was published, an even greater concern has emerged — the integrity of the tax prep companies’ software. Gartner predicts that by this year, 45% of organizations worldwide will have experienced attacks on their software supply chains. If compromised, for tax prep businesses and their customers, the consequences of a software supply chain attack could be devastating. The potential threats and damages would extend well beyond the April 15 tax deadline.  

The Hidden Risks in Tax Software 

Sensitive data within tax prep software includes anything from finances to personal details such as marital status and children, and even health details — all of which are a top target for cybercriminals. Adversaries can use this information to conduct identity theft, tax refund, and other forms of financial fraud, targeted phishing attacks, and even extortion and blackmail. 

One of the most common ways that adversaries attempt to penetrate tax prep companies’ networks is by exploiting vulnerabilities in their software. Tax software, like the overwhelming majority of all software today, is made up of open-source components. Unfortunately, these dependencies often bring a multitude of security weaknesses. 

Nearly all (95%) of security weaknesses originate within open-source packages, with half of these vulnerabilities, across all severity levels, having no known fixes. In addition, nearly three-fourths of open-source components are either poorly or no longer maintained. 

With the demand that tax season brings on these organizations’ developers, it is nearly impossible for them and security teams to keep up with software supply chain maintenance and governance needs, leaving wide open gaps for threat actors to infiltrate. Plus, the recent IRS reduction in force could also increase IT security threats and make it easier for cybercriminals to break in due to fewer employees, delayed security updates and patches, and diminished security threats and inquiries. 

Strengthening Tax Software from the Inside Out 

Fortunately, there are steps tax companies’ developers and security teams can take to stay secure all year long. 

1. Get to Know What’s in Your Software: Developers and security teams don’t have X-Ray vision, so tax companies need to have a solution that can generate a comprehensive software bill of materials (SBOM). SBOMs can provide visibility into all open-source, third-party, and custom-developed software components, ensuring that even the deepest layers of dependencies meet the current compliance standards and don’t introduce risk. 
2. Keep Your SBOMs Organized: Sometimes tax prep companies need to access an SBOM quickly to either verify the origin of software, provide it for a third-party, or pull information for other software. Tax prep companies need to have a secure channel to share SBOMs and security attestations when needed, all while maintaining confidentiality. 
3. Hold Third-Parties to a High Security Standard: Tax prep companies work with a variety of third-party vendors, including e-filing and payment processors, identity verification and fraud prevention companies, cloud and hosting providers, and even marketing and analytics companies. Tax organizations must have the ability to verify the safety of third-party software and track, share, and manage SBOMs across multiple partners to ensure the integrity of the entire software ecosystem.
4. Don’t Wait for a Vulnerability to Present a Problem: Identifying vulnerabilities is only half of the battle. Tax organizations also need to take action to fix them quickly, especially for open-source code that might not even have a patch available. Fortunately, there are solutions on the market that can help developers prioritize which vulnerabilities to address first and provide guidance on how to fix them. 

In order for tax companies to stay safe throughout the busy tax prep season, it’s imperative that they focus on proactive cybersecurity measures such as utilizing multi-factor authentication, ensuring that there are regular software updates, conducting strong encryption protocols, and providing security user education programs. 

While all of these measures certainly help, all of it is futile without a strong, secure software supply chain. Tax prep companies can protect user data year-round by maintaining SBOMs, holding partners accountable, and proactively managing vulnerabilities. 

The post Tax Season’s Silent Threat: The Importance of Securing the Software Supply Chain first appeared on Cybersecurity Insiders.

The post Tax Season’s Silent Threat: The Importance of Securing the Software Supply Chain appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/ETPHA58
via IFTTT

In today’s digital age, personal and professional data are constantly being stored, transferred, and backed up across various devices. Among these devices, hard drives and smartphones often contain an immense amount of sensitive information—data that, if left unprotected or improperly discarded, can pose significant cybersecurity threats.

As people upgrade their technology, it’s easy to forget that the devices they no longer use still contain vast amounts of data. Whether you’re clearing out old hard drives, passing along smartphones, or simply discarding outdated technology, you might be unknowingly opening the door to a host of cybersecurity risks. Let’s dive into why old devices can be a cybersecurity minefield and how to protect your data from potential breaches.

The Data Dilemma: Why Old Devices Are Cybersecurity Hazards

1. Residual Data on Hard Drives

When a hard drive is no longer needed, many people make the mistake of simply deleting files, formatting the drive, or tossing it away. However, these actions don’t fully erase the data. When you delete a file, the operating system marks the space as available for use, but the actual data remains intact until overwritten by new information. Without specialized tools, recovering these files is relatively easy.

Cybersecurity Risk: If an attacker gains access to an old hard drive, they can recover sensitive information like passwords, banking details, business files, and even personal communications. This data can be used for identity theft, financial fraud, corporate espionage, or further cyberattacks.

2. Smartphones: A Treasure Trove of Personal Information

Old smartphones, especially when they are sold or donated without proper data erasure, can be a goldmine for cybercriminals. A smartphone doesn’t just store your contacts and photos; it may also contain sensitive information such as passwords, email accounts, banking apps, GPS history, and more.

Cybersecurity Risk: If a device is sold or disposed of without clearing all data, the new owner can easily access personal information. Smartphones are often not just personal, but interconnected with various services like social media accounts, cloud backups, and even your workplace’s internal networks. If not wiped correctly, an attacker could use the data for malicious activities such as social engineering, theft, or identity fraud.

3. Inadequate Factory Resets

People often believe that performing a factory reset on their smartphones or laptops will completely remove all data from the device. However, factory resets are not foolproof. In some cases, the data remains on the device in a recoverable format. While a factory reset does delete data from the operating system, it may leave traces of your information in other areas of the device, especially in hidden or encrypted storage locations.

Cybersecurity Risk: Without fully erasing or encrypting data before disposing of a device, there’s always the risk that critical data will remain intact and accessible by malicious actors. It’s not uncommon for thieves to buy old smartphones or hard drives and use advanced data recovery software to retrieve sensitive files.

4. Weak Security on Older Devices

Old hard drives and smartphones may also suffer from outdated security protocols. As hardware ages, manufacturers stop updating the device’s software, leaving it vulnerable to known exploits and security loopholes. For example, older smartphones that are no longer supported by the manufacturer may still run outdated operating systems with security flaws, making them easy targets for hackers.

Cybersecurity Risk: These outdated devices, when connected to a network, can act as a weak point in a larger system. If a cybercriminal gains access to an old device with outdated security, they might be able to exploit vulnerabilities to infiltrate networks, gain unauthorized access to files, or launch attacks on other devices.

How to Safeguard Your Data: Best Practices for Old Devices

To ensure that your sensitive data doesn’t fall into the wrong hands, it’s essential to take certain precautions when dealing with old hard drives and smartphones.

1. Use Data Destruction Tools

Simply deleting files or doing a factory reset isn’t enough to safeguard your data. Specialized data destruction software, such as DBAN (Darik’s Boot and Nuke) for hard drives, can overwrite data multiple times to ensure it is unrecoverable. This software uses secure algorithms to render the data irretrievable.

For smartphones, apps like iShredder or Factory Reset Protection can help completely wipe your device clean before disposal. If possible, use encryption to make sure that even if data is recovered, it remains unreadable without the decryption key.

2. Physically Destroy the Device

For high-value or extremely sensitive data, physical destruction of the device may be the best option. You can crush, shred, or melt down hard drives to render them unusable. For smartphones, remove the battery (if possible), smash the device, and ensure the internal memory is destroyed. While this may seem extreme, it’s the most secure way to ensure that the data is completely unrecoverable.

3. Don’t Trust Factory Resets Alone

If you decide to use a factory reset, it’s important to encrypt your device first, especially on smartphones. Encryption adds an extra layer of protection by ensuring that even if the data is somehow retrieved, it will be unreadable. After encrypting, perform a factory reset, and if possible, do a second reset to further reduce the chances of residual data.

4. Recycle Devices Properly

Instead of simply discarding old devices, consider donating or recycling them. Many organizations offer secure data destruction services and may even provide certificates of data destruction for peace of mind. Certified recycling centers ensure that your devices are properly wiped or destroyed before being disposed of.

5. Be Aware of Data on External Storage Devices

It’s not just hard drives and smartphones that pose risks. External storage devices like USB drives, SD cards, and even cloud backups can harbor old, sensitive data. Always ensure that any external storage devices are fully wiped using trusted data-erasure tools before you part with them.

The Bottom Line

Old hard drives and smartphones are much more than just outdated technology; they are storage devices that may contain an alarming amount of personal, financial, and professional data. Whether you’re upgrading your phone or clearing out your old storage devices, always take the time to ensure that your data is securely erased.

The cybersecurity risks posed by improperly disposed of devices are real, and the consequences can be severe, ranging from identity theft to corporate espionage. By following best practices for data destruction and remaining vigilant about device security, you can significantly reduce the likelihood of your old devices becoming a gateway for cyberattacks.

The post The Hidden Cybersecurity threats in Old Hard Drives and Smartphones first appeared on Cybersecurity Insiders.

The post The Hidden Cybersecurity threats in Old Hard Drives and Smartphones appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/rJquQRC
via IFTTT

In a troubling development for enterprise cloud users, federal authorities are investigating a major data breach involving Oracle—one of the world’s leading cloud infrastructure providers. Hackers reportedly gained unauthorized access to Oracle systems, stealing sensitive client login credentials including usernames, passkeys, and encrypted passwords. According to a Bloomberg report, this is Oracle’s second cybersecurity disclosure in just a month, raising serious concerns about the security of cloud platforms and what businesses should do in response.

The incident is being jointly investigated by the FBI and cybersecurity firm CrowdStrike. Early findings suggest that the attacker may have demanded an extortion payment from Oracle, highlighting the growing trend of cybercriminals using ransomware-style tactics even against major tech giants.

So what does this breach mean for Oracle’s cloud customers—and potentially for any business relying on third-party cloud services?

For one, it’s a harsh reminder that even the biggest cloud providers are not immune to breaches. And when credentials are compromised, the fallout can cascade across systems, especially if those credentials are reused or tied to critical business operations. It underscores the urgent need for cloud customers to revisit and strengthen their security posture.

Akash Mahajan, cybersecurity expert and CEO of Kloudle, outlines five immediate actions companies should take if they believe they may have been affected by the Oracle breach—or if they want to proactively guard against similar threats.

1. Force Password Resets Across All Systems

If your organization uses Oracle services, assume credentials may be compromised. Immediately reset all passwords associated with these accounts. Adopt strong password policies—minimum 16 characters, complex combinations, and absolutely no reuse across systems. Consider deploying password managers to help staff generate and store secure credentials.

2. Implement Multi-Factor Authentication (MFA)

Even if attackers have stolen credentials, MFA can act as a critical line of defense. Enable MFA across all systems, especially cloud services, administrative accounts, and remote access portals. Mahajan recommends using app-based authenticators or hardware tokens over SMS, which is more vulnerable to interception.

3. Audit Access Logs for Suspicious Activity

Comb through your logs for red flags—unusual login times, logins from unfamiliar IP addresses, or unexpected data exports. Focus on systems connected to Oracle and accounts that share similar credentials. Pay close attention to privileged accounts, which are prime targets for attackers.

4. Review and Restrict Third-Party Integrations

If your Oracle environment connects with other systems—whether through APIs, OAuth tokens, or service accounts—those credentials could also be exposed. Audit all third-party connections and revoke or rotate any potentially compromised tokens. Apply the principle of least privilege to limit access and reduce the blast radius of any future breach.

5. Implement Enhanced Monitoring and Threat Detection

This isn’t a one-and-done scenario. Set up systems to detect brute force attacks, credential stuffing, or other signs of compromise. Configure alerts for any login attempts using known compromised credentials. Lock out accounts after a set number of failed attempts and consider implementing behavior-based monitoring to spot anomalies.

A Breach With Lingering Consequences

“This breach is particularly concerning because of the potential for credential reuse across multiple systems,” warns Mahajan. He advises organizations to not only take immediate protective steps but also to conduct a full security assessment, engage their cyber insurance provider, and explore tools like privileged access management (PAM) solutions.

It’s also worth remembering: attackers don’t always strike immediately. Stolen credentials may lie dormant for weeks or months before being used. That’s why long-term vigilance—backed by strong monitoring, incident response planning, and regular security audits—is essential.

As the investigation into the Oracle breach unfolds, one thing is clear: trust in the cloud must be accompanied by a strong, proactive security strategy.

The post The Oracle Breach Is Bigger Than You Think—5 Urgent Steps to Take Now first appeared on Cybersecurity Insiders.

The post The Oracle Breach Is Bigger Than You Think—5 Urgent Steps to Take Now appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/EXsIRjT
via IFTTT