Business Information Security News of the WeekOctober 2, 2020 |
|
NIST 800-53 Revision 5 is now Final! Omnistruct will be evaluating the changes over the next 3 weeks to upgrade their existing customers and to help ensure compliance with the new revision of the NIST 800-53 guidelines. Customers already on 800-53 maintenance will automatically be upgraded to the latest revision. |
New Known Breaches in the Past Week
Trinity Health System says data breach may have exposed patients' personal info A major health system in Michigan is dealing with a data breach that may have exposed protected personal information. Trinity Health System says a third-party vendor of the health system, Blackbaud, was the victim of a cyber-attack between April 18 and May 16. By WWJ NEWS | September 23, 2020
Hackers Take Data for Further Reconnaissance in Breach of Federal Agency Unknown adversaries breached the security of a federal agency and downloaded files that could give them knowledge on how to further infiltrate and control government systems, according to the Cybersecurity and Infrastructure Security Agency. By Mariam Baksh | September 23, 2020
Recently, the U.S. fitness chain the Town Sports International has suffered a data breach, in which more than 600,000 records of its members and employees have been exposed and available publicly on the web without any password or any other authentication. By Balaji N | September 27, 2020
Christ Hospital: Personal information of patients compromised in ransomware attack In a letter to patients this week, Christ Hospital officials said personal information – such as name and date of birth – was stolen in a data breach that has affected organizations across the globe. By Cameron Knight| September 25, 2020
DHS discloses data breach of US agency but doesn’t name which was hacked The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Agency today issued an analysis report in relation to a U.S. federal agency that has suffered a data breach after being hacked. CISA didn’t name the federal agency targeted, but the report makes for sober reading in terms of cybersecurity, and in this case, the basic steps the unnamed agency did not take to prevent the attack. By Duncan Riley | September 24, 2020
Texas Software Provider to Local Governments Reports Data Breach A Texas-based provider of software services to local governments and schools across the United States, Tyler Technologies, told customers on Sept. 23 that an unknown intruder broke into its phone and information technology systems. It could not immediately be determined whether ransomware may have been involved. By Frank Bajak and Jake Bleiberg | September 25, 2020
Airbnb worldwide data breach allowing users to access other users inboxes Airbnb hosts are reporting a series of worrying privacy breaches happening within the app – allowing them to see the private inboxes of other users. This highly sensitive information included people’s addresses and the codes to their properties. The issue appears to be occurring worldwide and poses a major security issue. By Harry S. Johnson | September 25, 2020
Nevada school district refuses to submit to ransomware blackmail, hacker publishes student data Thousands of students have reportedly had their private data released online. A cybercriminal has published private data belonging to thousands of students following a failed attempt to exhort a ransomware payment from a Nevada school district. By Charlie Osborne | September 29, 2020 |
General Cybersecurity News
Cybersecurity Software Firm McAfee Files for Nasdaq IPO Cybersecurity software maker McAfee Corp. has filed to go public, adding to the roster of companies rushing to cash in on a hot market for U.S. initial public offerings. By Crystal Tse and Ian King | September 29, 2020
Ransomware reportedly to blame for outage at US hospital chain Health care provider Universal Health Services, one of the largest chains in the US, has been hit by an apparent ransomware attack, TechCrunch reported. UHS facilities in California, Florida, North Dakota, Arizona, and other locations began noticing problems early Sunday, with some locations reporting locked computers and phone systems. By Kim Lyons | September 28, 2020
Generali Global Assistance Supports Cybersecurity Awareness Month Generali Global Assistance ("GGA"), the developer of a proprietary identity and cyber protection platform, today announced its support of Cybersecurity Awareness Month (CSAM) this October in partnership with the National Cyber Security Alliance (NCSA) and other organizations. By Generali GLobal Assistance | September 29, 2020
Keeping US space interests secure from cyber threats Cybersecurity is an enduring issue for federal agencies, and not just here on earth. Now a presidential executive order has handed the Department of Homeland Security responsibility for cybersecurity of space assets on which so much modern information and technology depends. By Tom Temin | September 28, 2020
As Cyberthreats Grow, Best Practices Are The Best Bet What better time than October, National Cyber Security Awareness Month, for organizations to take steps to assure their networks are secure, to prevent cyber breaches and, for organizations in regulated industries, to avoid the hefty penalties that come with noncompliant systems. By JOSEPH SARACINO | SEPTEMBER 29, 2020 |
Small Business Cybersecurity Concerns
Lawmakers introduce legislation to boost cybersecurity of local governments, small businesses A group of bipartisan House and Senate lawmakers on Friday introduced legislation to increase resources to help local governments, small businesses and nonprofit groups to defend themselves against cyberattacks. By Maggie Miller | September 25, 2020
Small business cybersecurity in a post covid world When your workforce is at home safely away from the COVID virus, they are at the same time exposed to cyber-attacks. To infect a computer, an Internet network and some IT knowledge are needed. Unfortunately, as our lives become more reliant on us being online, there are more and more cybercriminals to take advantage of it. By Ali Raza | September 27, 2020
Bicameral bill proposes cybersecurity assistance and improvements for small organizations With the introduction of the Improving Cybersecurity of Small Organizations Act of 2020 (S. 4731) last week, a bipartisan mix of senators and representatives seek to promote guidance on cybersecurity for small organizations such as businesses, nonprofits and local government agencies. By Chris Galford | September 29, 2020
October Virtual Cyber Carnival Promotes Cybersecurity Awareness Through a Variety of Cyber Games Katzcy, a woman-owned small business dedicated to growth hacking and cyber as a sport, today announced the inaugural month-long, virtual Cyber Carnival Games™ promoting Cybersecurity Awareness Month (CSAM) and the critical role of Cyber Gaming in building a strong workforce and helping individuals #BeCyberSmart. By PRNewswire | September 29, 2020 |
CVE Announcements this Week
Over 247,000 Microsoft Exchange Servers remain unpatched for serious RCE bug The CVE-2020-0688 flaw is being actively exploited in the wild, US federal agencies warned earlier this month. More than 247,000 Microsoft Exchange servers around the world are still exposed to the critical CVE-2020-0688 remote code execution (RCE) vulnerability, which hackers are actively exploiting in the wild. By Dev Kundaliya | September 30, 2020 |
MSP News
Kaseya’s MSP Security Toolkit Adds Anti-Phishing With Graphus Buy Graphus provides advanced phishing prevention technologies that are purpose built for cloud-based email solutions, which about 99 percent of MSPs use and this is geared at the primary means of MSP vulnerability as well as MSP customer vulnerability, which are phishing attacks through a cloud email platform,’ Kaseya CEO Fred Voccola tells CRNtv. By Jennifer Zarate | September 24, 2020
CalTech Completes MSP Verify Certification with SOC 2 Type X Audit CalTech today announced that it has successfully completed the MSPAlliance’s MSP Verify Program (MSPCV) certification and SOC 2 Type X. The MSPCV is based on the 10 control objectives of the Unified Certification Standard for Cloud & MSPs (UCS) and is the oldest certification program for cloud computing and managed services providers. By PrWeb | September 30, 2020 |
Cyber Insurance News
Surging Investments Towards Innovation to Spur the Growth of the Cyber Insurance Market 2017 – 2025 This research report based on ‘ Cyber Insurance market’ and available with Market Study Report includes latest and upcoming industry trends in addition to the global spectrum of the ‘ Cyber Insurance market’ that includes numerous regions. Likewise, the report also expands on intricate details pertaining to contributions by key players, demand and supply analysis as well as market share growth of the Cyber Insurance industry. By Supriya | September 29, 2020
Insurance Pros believe Covid-19 raising risk, severity of cyberattacks Cyberattacks are set to increase as the Covid-19 pandemic drags on, Willis Towers Watson reports. A majority of insurance industry professionals globally, 86%, believe frequency of cyberattacks will increase. And 54% believe the severity of attacks will also increase. By Daily News | September 25, 2020
Ransomware hits US-based Arthur J. Gallagher insurance giant US-based Arthur J. Gallagher (AJG) global insurance brokerage and risk management firm confirmed a ransomware attack that hit its systems on Saturday. AJG is one of the largest insurance brokers in the world with more than 33,300 employees and operations in 49 countries. By Sergiu Gatlan | September 29, 2020
HSB Total Cyber™ Adds New Coverages for Small and Mid-Size Businesses HSB Total Cyber™, which provides cyber insurance and loss prevention services for small and mid-size businesses, has been expanded with new coverages for computer attacks, data system upgrades, and system failures from unintentional computer outages, HSB announced today. By Businesswire | September 28, 2020 |
Regulations, Frameworks, and Controls
NIST Privacy Framework – Governance, risk management and compliance Having an organizational governance structure increases the effectiveness and efficiency in privacy program management. With increasing privacy regulations and evolving security threats, sound privacy governance is more important than ever. By MarketScreener | September 28, 2020 |
|
Sincerely, |
|
Omnistruct, 2740 Fulton Avenue #101-02, Sacramento, CA 95821, USA, (866) 683-8827 |