Top Story for this Week

101 Best Security Startups of 2020

Welp Magazine hosts a yearly startup award honouring the most outstanding entrepreneurs and high-growth businesses in the world. Omnistruct got the #30 of best security startups for 2020! | December 17, 2020

SEC filings: SolarWinds says 18,000 customers were impacted by recent hack

IT software provider SolarWinds downplayed a recent security breach in documents filed with the US Securities and Exchange Commission on Monday. By Catalin Cimpanu | December 14, 2020 

New Known Breaches in the Past Week

KC suburb spent millions on cyber security protections but still got hit by ransomware

About four months ago, the Independence City Council decided to spend more than $4 million to beef up the city’s cybersecurity protections and upgrade the outdated computer network. By Kevin Hardy I Decemebr 12, 2020

Hacked Software Firm SolarWinds' Clients Include Ford, Microsoft, AT&T

A suspected Russia-led cyberattack that reportedly breached several U.S. government agencies seemingly exploited software from Texas-based software company SolarWinds, with malware pushed via booby-trapped updates. By Jason Murdock I December 14, 2020

California Hospital Notifies 67k Patients of Data Breach

A hospital in California has notified 67,000 patients that their personal data may have been exposed in a cyber-attack. By Sarah Coble I December 16, 2020

Ransomware attack causing billing delays for Missouri city

The City of Independence, Missouri, suffered a ransomware attack last week that continues to disrupt the city's services. By Lawrence Abrams I December 15, 2020

Medical scans of millions of patients exposed online

Over 45 million medical imaging files including x-rays and CT scans have been found sitting on internet-facing unprotected servers and accessible for anyone to view. By Amer Owaida I December 15, 2020

General Cybersecurity News 

US Agencies and FireEye Were Hacked Using SolarWinds Software Backdoor

State-sponsored actors allegedly working for Russia have targeted the US Treasury, the Commerce Department's National Telecommunications and Information Administration (NTIA), and other government agencies to monitor internal email traffic as part of a widespread cyberespionage campaign. By Ravie Lakshmanan I December 13, 2020

US orders emergency action after huge cyber security breach

The US has issued an emergency warning after discovering that “nation-state” hackers hijacked software used by almost all Fortune 500 companies and multiple federal agencies to gain entry to secure IT systems. By Financial Times I December 14, 2020

Cybersecurity Is National Security: A calling for American business

In today’s complex geopolitical environment, inadequate business cybersecurity has clear and immediate national security implications. Business drivers for cybersecurity include enterprise risk, compliance, service management, operational resilience and cyber hygiene. These must now be supplemented by a deeper understanding of the national security impacts of business in unprotected digital space. By: Vimy Services LLC I December 14, 2020

Giant U.S. Computer Security Breach Exploited Very Common Software

A hacking campaign has gained access to private information from a number of government and industry organizations, including the U.S. Departments of Treasury, Commerce and Homeland Security. By Sophie Bushwick I December 15, 2020

Small Business Cybersecurity Concerns

The anatomy of a cyberattack on your business

Cybercriminals bank on small businesses being easy targets, and the Covid-19 pandemic has only made it easier for them to wreak havoc, experts say. By Emon Reiser I December 15, 2020

CVE Announcements This Week

PgMiner botnet attacks weakly secured PostgreSQL databases

Security researchers have discovered this week a botnet operation that targets PostgreSQL databases to install a cryptocurrency miner. By Catalin Cimpanu | December 13, 2020

WordPress Easy WP SMTP zero-day potentially exposes hundreds of thousands of sites to hack

The SMTP WordPress plugin is installed on more than 500,000 sites, but despite the security patch has been released earlier this week many sites are yet to be patched. By Pierluigi Paganini I December 12, 2020

MountLocker' Ransomware Adds to Affiliate Extortion Racket

BlackBerry researchers are tracking a relatively new ransomware variant called "MountLocker" and the operators behind it, who are using affiliate cybercriminal gangs to help spread the malware, exfiltrate data and extort victims, sometimes for millions of dollars, according to an analysis. By Scott Ferguson I December 12, 2020

In the course of searching for WinZip network communications changes, the experts noticed that through the unsecured tcp, the WinZip archiver was vulnerable to many attacks. By granting a rogue “update,” any threat attacker will easily manipulate this. By Mark Funk I December 12, 2020

Hacking group’s new malware abuses Google and Facebook services

Molerats cyberespionage group has been using in recent spear-phishing campaigns fresh malware that relies on Dropbox, Google Drive, and Facebook for command and control communication and to store stolen data. By Ionut Ilascu I December 14, 2020

Regulations, Frameworks, and Controls

Bank regulators mull stricter rules for reporting of data breaches

The FDIC is poised to take the first public action on the issue with the agency’s board scheduled to vote Tuesday on a proposed rulemaking dealing with “computer-security incident notification.” By Kevin Wack I December 14, 2020