Top Story for this Week
What Exactly is CUI? (and How to Manage It)
CUI, or controlled unclassified information, didn’t have much of an established identity before 2010. It went by any number of aliases and took a back seat to the more glamorous classified category. However, should CUI fall into the wrong hands, something as serious as national security could be at risk. This article will explore CUI—what it is, why it’s so important, how CUI management is changing, and the single most important action your company can take to properly manage CUI today.
New Known Breaches in the Past Week
Flight Center leaks customer data in an incredibly stupid way
Flight Center has confirmed that a significant data breach that occurred in 2017 was the result of sensitive information being left in a database given to hackathon participants. The compromised data included credit card numbers and passport details. By Barclay Ballard I December 07, 2020
Greater Baltimore Medical Center Hit by Ransomware Attack
The Greater Baltimore Medical Center in Towson, Maryland was hit by a ransomware attack that impacted computer systems and medical procedures, the healthcare provider said Sunday. By Mike Lennon I December 07, 2020
Pennsylvania county pays 500K ransom to DoppelPaymer ransomware
Delaware County, Pennsylvania has paid a $500,000 ransom after their systems were hit by the DoppelPaymer ransomware last weekend. By Lawrence Abrams I November 29, 2020
Ransomware attacks target backup systems, compromising the company ‘insurance policy’
Before Clay Heuckendorf and members of his team could even hazard a guess as to why some of a client’s backup data was missing, bad actors launched a ransomware attack right before their eyes. By Teri Robinson I December 07, 2020
FireEye Hacked By Nation-State Group Seeking Government Info
FireEye was recently breached in what’s believed to be a state-sponsored attack designed to gain information on certain of the threat intelligence vendor’s government customers. By Michael Novinson I December 08, 2020
Ransomware forces hosting provider Netgain to take down data centers
Cloud hosting and IT services provider Netgain was forced to take some of their data centers offline after suffering a ransomware attack in late November. By Lawrence Abrams I December 8, 2020
General Cybersecurity News
Hackers threaten to disrupt COVID-19 vaccine supply chain
Government officials and health-care groups are growing increasingly concerned about nation states and criminal hackers targeting the supply chain for COVID-19 vaccines. By Maggie Miller I December 6, 2020
Cyber Exposures Soar During Pandemic
Although it is logical that cyberattacks have risen during the pandemic—and there is anecdotal evidence that it is occurring, including our own experience—an interesting new report on the number and effect of the cyberattacks was recently released by Allianz, which provides cyber liability insurance products. By Linn Foster Freedman I December 8, 2020
California’s CPRA: It’s Time to Cut Ties with Old Data
California has made history once again. In early November, California voters approved a ballot initiative known as Proposition 24, which enacted the California Privacy Rights Act (CPRA). In an attempt to further increase the protection of consumer data, the Golden State has gone beyond any other state to create an omnibus privacy regulation. By Sweeney Williams | December 8, 2020
Experian 2021 Data Breach Industry Forecast wants the public to protect their data
This year has shown many of us that virtually we can achieve many things, but with us utilizing the internet more, cybercriminals can gain easier access to our data. By Nordea Lewis I December 9, 2020
MSP News
How Managed IT Services Benefit the Manufacturing Industry
Nowadays, all types of businesses require IT support to improve the efficiency of their operations. The manufacturing firms also rely on managed IT services to reap the maximum benefits of information technology. The IT support professionals take the IT burden of manufacturing units and enable them to focus on their core business aspects. Also, they take care of the hardware and software assets of the enterprises. By Roger Trevino I December 6, 2020
CVE Announcements This Week
Payment Card Skimmer Group Using Raccoon Info-Stealer to Siphon Off Data
A cybercrime group known for targeting e-commerce websites unleashed a "multi-stage malicious campaign" earlier this year designed with an intent to distribute information stealers and JavaScript-based payment skimmers. December 07, 2020 I Ravie Lakshmanan
QNAP patches QTS vulnerabilities allowing NAS device takeover
Network-attached storage (NAS) maker QNAP today released security updates to address vulnerabilities that could enable attackers to take control of unpatched NAS devices following successful exploitation. By Sergiu Gatlan I December 7, 2020
Chrome, Edge and Firefox May Leak Information on Installed Apps
Two information disclosure vulnerabilities recently identified in the Chrome, Edge, and Firefox web browsers may be exploited to obtain information on applications on the system, Fortinet reports. By Ionut Arghire I December 07, 2020
This new cyberattack can dupe DNA scientists into creating dangerous viruses and toxins
A new form of cyberattack has been developed which highlights the potential future ramifications of digital assaults against the biological research sector. By Charlie Osborne | November 30, 2020
Forescout reports 33 new TCP/IP vulnerabilities
Forescout Technologies disclosed 33 new vulnerabilities, including four remote code execution flaws, in four different open source TCP/IP stacks used by major IoT, OT and IT device vendors, according to a report published Tuesday. By Alexander Culafi I December 8, 2020
Cisco fixes Security Manager vulnerabilities with public exploits
Cisco has released security updates to address multiple pre-authentication vulnerabilities with public exploits affecting Cisco Security Manager that could allow for remote code execution after successful exploitation. By Sergiu Gatlan I December 7, 2020
PlayStation Now bugs let sites run malicious code on Windows PCs
Security bugs found in the PlayStation Now (PS Now) cloud gaming Windows application allowed attackers to execute arbitrary code on Windows devices running vulnerable app versions. By Sergiu Gatlan I December 7, 2020
All Kubernetes versions affected by unpatched MiTM vulnerability
The Kubernetes Product Security Committee has provided advice on how to temporarily block attackers from exploiting a vulnerability that could enable them to intercept traffic from other pods in multi-tenant Kubernetes clusters in man-in-the-middle (MiTM) attacks. By Sergiu Gatlan I December 8, 2020
Adobe Warns Windows, macOS Users of Critical-Severity Flaws
Adobe Systems has stomped out critical-severity flaws across its Adobe Prelude, Adobe Experience Manager and Adobe Lightroom applications. If exploited, the serious vulnerabilities could lead to arbitrary code execution. By Lindsey O'Donnell I December 8, 2020
Regulations, Frameworks, and Controls
Congress prepares to move on NDAA, which is loaded with cyber provisions
This year’s annual defense policy bill, known as the National Defense Authorization Act (NDAA), is loaded with provisions that would reshape the federal bureaucracy on cybersecurity. It would create a national cyber director in the White House and strengthen the Department of Homeland Security’s Cybersecurity and Information Security Agency (CISA), among other changes. By Tim Starks I December 7, 2020
IoT Cybersecurity Improvement Act Signed Into Law
The IoT Cybersecurity Improvement Act of 2020 requires the National Institute of Standards and Technology (NIST) to develop and publish standards and guidelines on addressing issues related to the development, management, configuring, and patching of IoT devices. By Ionut Arghire I December 08, 2020
Sincerely, Omnistruct, 2740 Fulton Avenue #101-02, Sacramento, CA 95821, USA, (866) 683-8827 |
Get Social