Hyatt First Major Hotel Chain to Launch Bug Bounty

Infosecurity Magazine | January 10, 2019

Hyatt First Major Hotel Chain to Launch Bug Bounty
In the wake of the massive data breach suffered by Marriott, Hyatt has announced that it will launch a bug bounty program in partnership with HackerOne, making it the first major hotel chain in the world to have a public bug bounty program. “By being the first organization in the hospitality industry to embrace the collaborative efforts of global security researchers, Hyatt hopes to continue to raise its already high level of security standards as well as learn from and collaborate with security researchers,” Hyatt stated in its program policy. With the goal of better protecting its millions of global guests from cyber threats, the Hyatt program will engage with researchers around the globe, offering them the chance to earn cash rewards for reporting valid security flaws on Hyatt.com, m.hyatt.com, world.hyatt.com, and the iOS and Android versions of the Hyatt mobile app. “At Hyatt, protecting guest and customer information is our top priority and launching this program represents an important step that furthers our goal of keeping our guests safe every day,” said Hyatt chief information security officer Benjamin Vaughn in a press release. “As one of the first global hospitality brands to launch this type of program, we extend the ways we care for our guests and deepen our commitment to protecting their sensitive information.”

Spotlight

This Guide provides details about how to handle cyber security incidents in an appropriate manner. It provides you with practical advice on how to prepare for, respond to and follow up an incident in a fast and effective manner – presented in an easy to use format. It is designed to enable you to determine what a cyber security incident means to your organisation, build a suitable cyber security incident response capability and learn about where and how you can get help

Spotlight

This Guide provides details about how to handle cyber security incidents in an appropriate manner. It provides you with practical advice on how to prepare for, respond to and follow up an incident in a fast and effective manner – presented in an easy to use format. It is designed to enable you to determine what a cyber security incident means to your organisation, build a suitable cyber security incident response capability and learn about where and how you can get help

Related News

DATA SECURITY

BitSight and Glass Lewis Partner to Expand Investor Understanding of Cybersecurity

BitSight | September 28, 2021

BitSight, the standard in security ratings, and Glass Lewis, the leading provider of independent global governance solutions, today announced a strategic partnership to include critical cybersecurity information – comprised of BitSight Security Ratings, data, and insights – with Glass Lewis' Proxy Paper research reports. Information on 20,000+ companies will be included in an effort to help investors better understand how cybersecurity issues may affect their investments. Investor concerns around environmental, social, and governance issues continue to rise, leading to closer examinations of management and board effectiveness in addressing these challenges. Failure to adequately manage cyber risk can materially impact a company's revenue and financial performance. BitSight's Security Ratings and data will supply Glass Lewis clients with data-driven, evidence-based cybersecurity intelligence, which, in turn, will provide new visibility into a dimension of company performance and governance. Investors are mostly in the dark when it comes to the cybersecurity of their investments.Providing Glass Lewis clients with BitSight ratings and data alongside its proxy research reports will deliver the insights necessary to have an enhanced understanding of the efficacy of a company's oversight of cybersecurity risks and outcomes. It's a new era in informing investors about cyber risks. Steve Harvey, BitSight's chief executive officer. "The BitSight Security Rating and insights will allow our clients to identify cyber risk exposure, potentially minimizing both reputational risk and long-term financial losses," said Dan Concannon, Glass Lewis Chief Commercial Officer. "We are excited to include the industry's most respected and widely leveraged Security Rating in our Proxy Paper research reports allowing our clients to address this rapidly expanding risk." The landscape of governance, especially as it pertains to cyber controls, is changing rapidly and institutions from the United Nations to the Securities and Exchange Commission (SEC) are increasingly focused on market transparency for global investors. Beginning in 2011 with its landmark cybersecurity guidance, the SEC has signaled that cybersecurity is a material business risk requiring consistent, adequate disclosure. The SEC created a cyber enforcement unit in 2017, updated guidance in 2018, and recently levied a series of fines at companies over inadequate disclosures of cybersecurity issues. Over 1,300 clients, including most of the world's largest pension plans, mutual funds, and asset managers who collectively manage over $40 trillion in assets, use Glass Lewis' research and technology solutions to inform and facilitate their corporate governance activities. About BitSight BitSight is transforming the way that the global marketplace addresses cyber risk with cybersecurity ratings and analytics. The BitSight Security Ratings Platform applies sophisticated algorithms, producing daily security ratings that range from 250 to 900, to help organizations manage their own security performance; mitigate third party risk; underwrite cyber insurance policies; conduct financial diligence; and improve national security. With 2,300 global customers and the largest ecosystem of users and information, BitSight is the Standard in Security Ratings. About Glass Lewis: Glass Lewis is the leading provider of independent global governance solutions. We enable institutional investors and publicly listed companies to make sustainable decisions based in research and data. We cover 30,000+ meetings each year, across approximately 100 global markets. Our customers include the majority of the world's largest pension plans, mutual funds, and asset managers who collectively manage over $40 trillion in assets. Our core solutions include Proxy Paper proxy research and Viewpoint proxy vote management platform.

Read More

Abnormal Security Finds phishing emails Designed to Spoof Notification Messages from Microsoft Teams

Microsoft | May 04, 2020

Attackers are exploiting the surge in the use of Microsoft Teams in an attempt to trap unsuspecting users, says Abnormal Security. Since Microsoft Teams is linked to Microsoft 365 and Office 365, any credentials stolen in the scam could be used to sign into other Microsoft accounts and services. The landing pages that host the phishing pages were created to look just like the real Microsoft pages. Cybercriminals have been taking advantage of virtually every aspect of the coronavirus to try to increase business. Among other consequences, the need to quarantine and work from home has triggered a surge in demand for virtual meeting and video chatting apps, including the business-oriented Microsoft Teams. A new phishing campaign discovered by security provider Abnormal Security is exploiting the greater use of Teams as a way to hijack Microsoft account credentials. The first campaign started on April 14 and went on for two days but hasn't been since since, according to Kenneth Laio, vice president of Cybersecurity Strategy at Abnormal Security. The second campaign began on April 29, lasted a few hours, and has not been recorded since then. The phishing emails were sent to Abnormal customers in such industries as energy, retail, and hospitality, Laio said. However, the attacks weren't targeted to any specific company or industry and, in fact, were designed in a generic way so they could be launched against anyone. The landing pages that host the phishing pages were created to look just like the real Microsoft pages. The images were copied from actual Microsoft notifications and emails, according to Abnormal Security. Plus, the sender email comes from a domain called "sharepointonline-irs.com," which may look legitimate at first glance, but is not registered either by Microsoft or the IRS. Learn more: THE TIME HAS COME TO BRING IN AI, MACHINE LEARNING AND AUTOMATION IN CYBERSECURITY. We would advise organizations and their employees to double-check the sender name and address for messages or notifications coming from Microsoft Teams. ~ Kenneth Laio, vice president Abnormal Security The images can be especially convincing on a mobile device where they take up most of the content on the screen. Further, users who are accustomed to notifications from Microsoft and other vendors might fail to investigate the messages and simply take the bait. Since Microsoft Teams is linked to Microsoft 365 and Office 365, any credentials stolen in the scam could be used to sign into other Microsoft accounts and services. To help organizations defend themselves and their employees from these Microsoft Teams phishing scams, Laio offers two pieces of advice. The phishing emails were sent to Abnormal customers in such industries as energy, retail, and hospitality, However, the attacks weren't targeted to any specific company or industry. ~ Laio said "We would advise organizations and their employees to double-check the sender name and address for messages or notifications coming from Microsoft Teams," Laio said. "For both campaigns, the sender names are innocuous ('chat content' and 'work flow'), but the email addresses that they are sent from have no relation to Microsoft, Microsoft Teams, or the organization itself. "In addition, we would advise everyone to always double check the web page's URL before signing in. Attackers will often hide malicious links in redirects or host them on separate websites that can be reached by safe links. This allows them to bypass link scanning within emails by traditional email security solutions. Learn more: CORONAVIRUS MALWARE ROUNDUP: WATCH OUT FOR THESE SCAMS. v

Read More

Tech Training Leader INE Revolutionizes Cyber Security

prnewswire | October 21, 2020

The COVID-19 crisis has sent cyber attacks soaring 400% according to the FBI's Internet Crimes Complaint Center (IC3). At the same time, there is a severe shortage of qualified professionals to safeguard data from hackers. In response to a booming demand for cyber security experts, Information Technology leader INE is releasing an exclusive all-access Cyber Security Pass, designed to revolutionize the training and certification industry while turning aspiring InfoSec professionals into highly marketable cyber security experts.

Read More