Top Story for this Week

What Exactly is CUI? (and How to Manage It)

CUI, or controlled unclassified information, didn’t have much of an established identity before 2010. It went by any number of aliases and took a back seat to the more glamorous classified category. However, should CUI fall into the wrong hands, something as serious as national security could be at risk. This article will explore CUI—what it is, why it’s so important, how CUI management is changing, and the single most important action your company can take to properly manage CUI today.

New Known Breaches in the Past Week

Flight Center leaks customer data in an incredibly stupid way

Flight Center has confirmed that a significant data breach that occurred in 2017 was the result of sensitive information being left in a database given to hackathon participants. The compromised data included credit card numbers and passport details. By Barclay Ballard I December 07, 2020

Greater Baltimore Medical Center Hit by Ransomware Attack

The Greater Baltimore Medical Center in Towson, Maryland was hit by a ransomware attack that impacted computer systems and medical procedures, the healthcare provider said Sunday. By Mike Lennon I December 07, 2020

Pennsylvania county pays 500K ransom to DoppelPaymer ransomware

Delaware County, Pennsylvania has paid a $500,000 ransom after their systems were hit by the DoppelPaymer ransomware last weekend. By Lawrence Abrams I November 29, 2020

Ransomware attacks target backup systems, compromising the company ‘insurance policy’

Before Clay Heuckendorf and members of his team could even hazard a guess as to why some of a client’s backup data was missing, bad actors launched a ransomware attack right before their eyes. By Teri Robinson I December 07, 2020

FireEye Hacked By Nation-State Group Seeking Government Info

FireEye was recently breached in what’s believed to be a state-sponsored attack designed to gain information on certain of the threat intelligence vendor’s government customers. By Michael Novinson I December 08, 2020

Ransomware forces hosting provider Netgain to take down data centers

Cloud hosting and IT services provider Netgain was forced to take some of their data centers offline after suffering a ransomware attack in late November. By Lawrence Abrams I December 8, 2020

General Cybersecurity News

Hackers threaten to disrupt COVID-19 vaccine supply chain

Government officials and health-care groups are growing increasingly concerned about nation states and criminal hackers targeting the supply chain for COVID-19 vaccines. By Maggie Miller I December 6, 2020

Cyber Exposures Soar During Pandemic

Although it is logical that cyberattacks have risen during the pandemic—and there is anecdotal evidence that it is occurring, including our own experience—an interesting new report on the number and effect of the cyberattacks was recently released by Allianz, which provides cyber liability insurance products. By Linn Foster Freedman I December 8, 2020

California’s CPRA: It’s Time to Cut Ties with Old Data

California has made history once again. In early November, California voters approved a ballot initiative known as Proposition 24, which enacted the California Privacy Rights Act (CPRA). In an attempt to further increase the protection of consumer data, the Golden State has gone beyond any other state to create an omnibus privacy regulation. By Sweeney Williams | December 8, 2020

Experian 2021 Data Breach Industry Forecast wants the public to protect their data

This year has shown many of us that virtually we can achieve many things, but with us utilizing the internet more, cybercriminals can gain easier access to our data. By Nordea Lewis I December 9, 2020

MSP News

How Managed IT Services Benefit the Manufacturing Industry

Nowadays, all types of businesses require IT support to improve the efficiency of their operations. The manufacturing firms also rely on managed IT services to reap the maximum benefits of information technology. The IT support professionals take the IT burden of manufacturing units and enable them to focus on their core business aspects. Also, they take care of the hardware and software assets of the enterprises. By Roger Trevino I December 6, 2020

CVE Announcements This Week

Payment Card Skimmer Group Using Raccoon Info-Stealer to Siphon Off Data

A cybercrime group known for targeting e-commerce websites unleashed a "multi-stage malicious campaign" earlier this year designed with an intent to distribute information stealers and JavaScript-based payment skimmers. December 07, 2020 I Ravie Lakshmanan

QNAP patches QTS vulnerabilities allowing NAS device takeover

Network-attached storage (NAS) maker QNAP today released security updates to address vulnerabilities that could enable attackers to take control of unpatched NAS devices following successful exploitation. By Sergiu Gatlan I December 7, 2020

Chrome, Edge and Firefox May Leak Information on Installed Apps

Two information disclosure vulnerabilities recently identified in the Chrome, Edge, and Firefox web browsers may be exploited to obtain information on applications on the system, Fortinet reports. By Ionut Arghire I December 07, 2020

A new form of cyberattack has been developed which highlights the potential future ramifications of digital assaults against the biological research sector. By Charlie Osborne | November 30, 2020

Forescout reports 33 new TCP/IP vulnerabilities

Forescout Technologies disclosed 33 new vulnerabilities, including four remote code execution flaws, in four different open source TCP/IP stacks used by major IoT, OT and IT device vendors, according to a report published Tuesday. By Alexander Culafi I December 8, 2020

Cisco fixes Security Manager vulnerabilities with public exploits

Cisco has released security updates to address multiple pre-authentication vulnerabilities with public exploits affecting Cisco Security Manager that could allow for remote code execution after successful exploitation. By Sergiu Gatlan I December 7, 2020

PlayStation Now bugs let sites run malicious code on Windows PCs

Security bugs found in the PlayStation Now (PS Now) cloud gaming Windows application allowed attackers to execute arbitrary code on Windows devices running vulnerable app versions. By Sergiu Gatlan I December 7, 2020

All Kubernetes versions affected by unpatched MiTM vulnerability

The Kubernetes Product Security Committee has provided advice on how to temporarily block attackers from exploiting a vulnerability that could enable them to intercept traffic from other pods in multi-tenant Kubernetes clusters in man-in-the-middle (MiTM) attacks. By Sergiu Gatlan I December 8, 2020

Adobe Warns Windows, macOS Users of Critical-Severity Flaws

Adobe Systems has stomped out critical-severity flaws across its Adobe Prelude, Adobe Experience Manager and Adobe Lightroom applications. If exploited, the serious vulnerabilities could lead to arbitrary code execution. By Lindsey O'Donnell I December 8, 2020

Regulations, Frameworks, and Controls

Congress prepares to move on NDAA, which is loaded with cyber provisions

This year’s annual defense policy bill, known as the National Defense Authorization Act (NDAA), is loaded with provisions that would reshape the federal bureaucracy on cybersecurity. It would create a national cyber director in the White House and strengthen the Department of Homeland Security’s Cybersecurity and Information Security Agency (CISA), among other changes. By Tim Starks I December 7, 2020

IoT Cybersecurity Improvement Act Signed Into Law

The IoT Cybersecurity Improvement Act of 2020 requires the National Institute of Standards and Technology (NIST) to develop and publish standards and guidelines on addressing issues related to the development, management, configuring, and patching of IoT devices. By Ionut Arghire I December 08, 2020