Top Story for this Week
101 Best Security Startups of 2020
Welp Magazine hosts a yearly startup award honouring the most outstanding entrepreneurs and high-growth businesses in the world. Omnistruct got the #30 of best security startups for 2020! | December 17, 2020
SEC filings: SolarWinds says 18,000 customers were impacted by recent hack
IT software provider SolarWinds downplayed a recent security breach in documents filed with the US Securities and Exchange Commission on Monday. By Catalin Cimpanu | December 14, 2020
New Known Breaches in the Past Week
KC suburb spent millions on cyber security protections but still got hit by ransomware
About four months ago, the Independence City Council decided to spend more than $4 million to beef up the city’s cybersecurity protections and upgrade the outdated computer network. By Kevin Hardy I Decemebr 12, 2020
Hacked Software Firm SolarWinds' Clients Include Ford, Microsoft, AT&T
A suspected Russia-led cyberattack that reportedly breached several U.S. government agencies seemingly exploited software from Texas-based software company SolarWinds, with malware pushed via booby-trapped updates. By Jason Murdock I December 14, 2020
California Hospital Notifies 67k Patients of Data Breach
A hospital in California has notified 67,000 patients that their personal data may have been exposed in a cyber-attack. By Sarah Coble I December 16, 2020
Ransomware attack causing billing delays for Missouri city
The City of Independence, Missouri, suffered a ransomware attack last week that continues to disrupt the city's services. By Lawrence Abrams I December 15, 2020
Medical scans of millions of patients exposed online
Over 45 million medical imaging files including x-rays and CT scans have been found sitting on internet-facing unprotected servers and accessible for anyone to view. By Amer Owaida I December 15, 2020
General Cybersecurity News
US Agencies and FireEye Were Hacked Using SolarWinds Software Backdoor
State-sponsored actors allegedly working for Russia have targeted the US Treasury, the Commerce Department's National Telecommunications and Information Administration (NTIA), and other government agencies to monitor internal email traffic as part of a widespread cyberespionage campaign. By Ravie Lakshmanan I December 13, 2020
US orders emergency action after huge cyber security breach
The US has issued an emergency warning after discovering that “nation-state” hackers hijacked software used by almost all Fortune 500 companies and multiple federal agencies to gain entry to secure IT systems. By Financial Times I December 14, 2020
Cybersecurity Is National Security: A calling for American business
In today’s complex geopolitical environment, inadequate business cybersecurity has clear and immediate national security implications. Business drivers for cybersecurity include enterprise risk, compliance, service management, operational resilience and cyber hygiene. These must now be supplemented by a deeper understanding of the national security impacts of business in unprotected digital space. By: Vimy Services LLC I December 14, 2020
Giant U.S. Computer Security Breach Exploited Very Common Software
A hacking campaign has gained access to private information from a number of government and industry organizations, including the U.S. Departments of Treasury, Commerce and Homeland Security. By Sophie Bushwick I December 15, 2020
Small Business Cybersecurity Concerns
The anatomy of a cyberattack on your business
Cybercriminals bank on small businesses being easy targets, and the Covid-19 pandemic has only made it easier for them to wreak havoc, experts say. By Emon Reiser I December 15, 2020
CVE Announcements This Week
PgMiner botnet attacks weakly secured PostgreSQL databases
Security researchers have discovered this week a botnet operation that targets PostgreSQL databases to install a cryptocurrency miner. By Catalin Cimpanu | December 13, 2020
WordPress Easy WP SMTP zero-day potentially exposes hundreds of thousands of sites to hack
The SMTP WordPress plugin is installed on more than 500,000 sites, but despite the security patch has been released earlier this week many sites are yet to be patched. By Pierluigi Paganini I December 12, 2020
MountLocker' Ransomware Adds to Affiliate Extortion Racket
BlackBerry researchers are tracking a relatively new ransomware variant called "MountLocker" and the operators behind it, who are using affiliate cybercriminal gangs to help spread the malware, exfiltrate data and extort victims, sometimes for millions of dollars, according to an analysis. By Scott Ferguson I December 12, 2020
Insecure Communication From WinZip 24 Lets Hackers Drop Malware
In the course of searching for WinZip network communications changes, the experts noticed that through the unsecured tcp, the WinZip archiver was vulnerable to many attacks. By granting a rogue “update,” any threat attacker will easily manipulate this. By Mark Funk I December 12, 2020
Hacking group’s new malware abuses Google and Facebook services
Molerats cyberespionage group has been using in recent spear-phishing campaigns fresh malware that relies on Dropbox, Google Drive, and Facebook for command and control communication and to store stolen data. By Ionut Ilascu I December 14, 2020
Regulations, Frameworks, and Controls
Bank regulators mull stricter rules for reporting of data breaches
The FDIC is poised to take the first public action on the issue with the agency’s board scheduled to vote Tuesday on a proposed rulemaking dealing with “computer-security incident notification.” By Kevin Wack I December 14, 2020
Sincerely, Omnistruct, 2740 Fulton Avenue #101-02, Sacramento, CA 95821, USA, (866) 683-8827 |
Get Social