Top Stories for this Week

What Exactly is CUI? (and How to Manage It)

CUI, or controlled unclassified information, didn’t have much of an established identity before 2010. It went by any number of aliases and took a back seat to the more glamorous classified category. However, should CUI fall into the wrong hands, something as serious as national security could be at risk. This article will explore CUI—what it is, why it’s so important, how CUI management is changing, and the single most important action your company can take to properly manage CUI today.

CPRA Series: New, Expanded and Modified Consumer Rights

On November 3, 2020, Californians approved another significant piece of privacy rights legislation, the California Privacy Rights Act, or the CPRA. The CPRA amends and expands the already (almost) infamous CCPA (California Consumer Privacy Act), which is the privacy law that went into effect in the Golden State last year.

Hackers Attack Every 39 Seconds, On Average 2,244 Times A Day

Computer Security Day on November 30th reminds us to protect our computers. Every day, computers become faster and more advanced. Protecting the resources, tools, and information on them protects the people who use them, too. By SouthFloridaReporter.com I Nov 29, 2020

New Known Breaches in the Past Week

Sophos Suffers Data Exposure Incident

Security firm Sophos has informed customers it suffered a data breach as a result of a misconfigured database. By Matt Milano I November 30, 2020

28 Million Licensed Texan Drivers Hit by a Data Breach

Chances are high that your personal information might have been stolen in a hack of nearly 28 million Texas driver’s license. An insurance software company with access to DMV records says it was breached. By Hrithik V I November 30, 2020

Pennsylvania county pays 500K ransom to DoppelPaymer ransomware

Delaware County, Pennsylvania has paid a $500,000 ransom after their systems were hit by the DoppelPaymer ransomware last weekend. By Lawrence Abrams I November 29, 2020

IoT chip maker Advantech confirms ransomware attack, data theft

Industrial automation and Industrial IoT (IIoT) chip maker Advantech confirmed a ransomware attack that hit its network and led to the theft of confidential, albeit low-value, company documents. By Sergiu Gatlan I November 30, 2020

Notorious Ransomware Gang Hits Producers Of Big Brother, Master Chef And The Voice

A ransomware gang that Microsoft warned about last November has struck yet another high-profile victim. The latest target is Endemol Shine Group, the Amsterdam-based production and distribution giant behind hits like Big Brother, Master Chef and The Voice. By Lee Mathews I November 28, 2020

Healthcare provider AspenPointe data breach affects 295K patients

U.S. healthcare provider AspenPointe notified patients of a data breach stemming from a September 2020 cyberattack that enabled attackers to steal protected health information (PHI) and personally identifiable information (PII). By Sergiu Gatlan I November 30, 2020

Alabama school district shut down by ransomware attack

Ransomware operators have attacked the Huntsville City Schools district in Alabama, forcing them to shut down schools for the rest of the week and possibly next week. By Lawrence Abrams I December 1, 2020

General Cybersecurity News

The US is Number One for Data Theft

The US is the worst-affected country in the world by data breaches, with four times as many cases as second-place South Korea. Price-comparison service Uswitch released a report that goes so far as to name the US the data theft capital of the world. By Sherin Shibu I November 30, 2020

Over 50m cyber attacks recorded in GCC

A combined 56,873,271 e-mail, URL, malware, and banking malware attacks were recorded in the GCC region during the first half of 2020, data by Trend Micro has found. By Khaleej Times I November 29, 2020

Cybersecurity expert offers advice for safe shopping, avoiding scams

While Black Friday and Cyber Monday have come and gone, online shopping is increasingly a part of the holiday shopping experience. Fewer people are choosing to venture out among crowds of people in malls and shopping centers due to the COVID-19 pandemic. By Stefan Modrich I December 1, 2020

Small Business Cybersecurity Concerns

Lack of cybersecurity could threaten key partnerships

When it comes to small businesses, possibly only 10 percent of them have a robust cybersecurity plan in place. That’s concerning considering some cyberthreats could introduce a catastrophic event, one that could cost a company its biggest clients, or sink the business entirely. By: Adam Burroughs I November 30, 2020

Google launches Android Enterprise Essentials to offer “easy, automatic security” to small companies

Companies around the world, large and small, have witnessed a steep rise in cyberattacks (which has led to companies like Microsoft coming up with new solutions), and while those with big pockets can develop their own security solutions, smaller endeavours do not have the same liberty. To solve this issue, Google has announced a new tool to help small companies handle the complicated (and often expensive) task of ensuring cybersecurity, called Android Enterprise Essentials. By Upneet Singh I December 2, 2020

Cyber Insurance News

The Rising Threat of Ransomware: How Trucking Can Fend Off Cyberattacks

Internet and technology experts said ransomware breaches are becoming increasingly common and are not 100% preventable, but fleets and third-party logistics providers can take steps to reduce their risk and safeguard their businesses. By Katie Pyzyk I November 30, 2020

Aon Launches Digital Cyber Insurance for Small and Middle Market Businesses

This digital insurance solution is designed for any business generating up to $100 million in annual revenue across sectors including retail, technology, professional services, manufacturing, and more. The new offering builds on other insurance products that Aon has recently introduced to middle market businesses, providing clients with access to a seamless platform to help manage all of their insurance coverages under this offering in one place. By PRNewswire I December 2, 2020

Verisk, BlueVoyant Forge Strategic Partnership to Drive Cyber Risk Insights for Insurance Organizations

Verisk, a leading data and analytics company, and BlueVoyant, a cybersecurity services company, have announced a strategic partnership that will enable Verisk to exclusively offer insights driven by BlueVoyant’s industry-leading cybersecurity monitoring technology to insurers through the Verisk Cyber Solutions Suite.

CVE Announcements This Week

A new form of cyberattack has been developed which highlights the potential future ramifications of digital assaults against the biological research sector. By Charlie Osborne | November 30, 2020

A critical flaw in industrial automation systems opens to remote hack

Tracked as CVE-2020-25159, the flaw is rated 9.8 out of 10 in severity by the industry-standard Common Vulnerability Scoring System (C VSS) and impacts all versions of EtherNet/IP Adapter Source Code Stack prior to 2.28, which was released on November 21, 2012. By Pierluigi Paganini I November 29, 2020

Credit card skimmer fills fake PayPal forms with stolen order info

A newly discovered credit card skimmer uses an innovative technique to inject highly convincing PayPal iframes and hijack the checkout process on compromised online stores. By Sergiu Gatlan I November 30, 2020 

CISA Warns of Password Leak on Vulnerable Fortinet VPNs

The U.S. Cybersecurity and Infrastructure Security Agency is warning about a password leak that could affect vulnerable Fortinet VPNs, which could lead to possible further exploitation. By Akshaya Asokan I November 28, 2020

Old Vulnerabilities Open the Door for WannaCry Ransomware

One of the more surprising statistics to come from this report was the continued threat of WannaCry ransomware. There is no surprise about ransomware attacks on the network; 2020 has seen a 700% rise in ransomware attacks from the same point last year. By Sue Poremba I December 1, 2020

Critical Oracle WebLogic flaw actively exploited by DarkIRC malware

A botnet known as DarkIRC is actively targeting thousands of exposed Oracle WebLogic servers in attacks designed to exploit the CVE-2020-14882 remote code execution (RCE) vulnerability fixed by Oracle two months ago. By Sergiu Gatlan I December 1, 2020

Malicious npm packages caught installing remote access trojans

The security team behind the "npm" repository for JavaScript libraries removed two npm packages this Monday for containing malicious code that installed a remote access trojan (RAT) on the computers of developers working on JavaScript projects. By Catalin Cimpanu | December 1, 2020

Google Hacker Details Zero-Click 'Wormable' Wi-Fi Exploit to Hack iPhones

Google Project Zero white-hat hacker Ian Beer on Tuesday disclosed details of a now-patched critical "wormable" iOS bug that could have made it possible for a remote attacker to gain complete control of any device in the vicinity over Wi-Fi. By Ravie Lakshmanan I December 01, 2020

Regulations, Frameworks, and Controls

ProcessUnity Introduces Cybersecurity Program Management Solution

ProcessUnity, a leading provider of cloud-based applications for risk and compliance management, today launched a new software solution to automate enterprise-wide Cybersecurity Program Management (CPM). Designed specifically for the Chief Information Security Officer (CISO), ProcessUnity CPM is the industry’s first comprehensive, prepackaged platform to allow you to evaluate and remediate cybersecurity risk effectively; schedule and automate cyber-related activities; prioritize cyber projects; prove compliance; and report on cybersecurity control effectiveness across the organization. By GLOBE NEWSWIRE I December 1, 2020

NIST SP 800-53 Control Families Explained

The National Institute of Standards and Technology (NIST) information technology laboratory is responsible for developing the NIST CSF, seen as the gold standard cybersecurity framework.NIST Special Publication 800-53 operates as one of the forefront cybersecurity guidelines for federal agencies in the United States to maintain their information security systems. By Justin Peacock I December 1, 2020

A Look at the Computer Security Act of 1987

Computer security regulations have come a long way from their early beginnings. Even before the Federal Information Security Management Act (FISMA), there was the Computer Security Act of 1987 (CSA). The Computer Security Act was enacted by the 100th United States Congress in response to a lack of computer security protection measures, and a strong need for internal computer security governance for U.S. Federal agencies. By Tripwire I December 1, 2020