Top Stories for this Week

Register for our CMMC Webinar on December 10,2020

Join this conversation featuring Josh Bobbit, Founder, and CEO of Fortified Logic, and Matt Monroe, Operations Manager at Omnistruct, on how the CMMC may impact your industry and organization, your internal cybersecurity processes, and third-party due diligence processes. Understand key steps your organization can take in the immediate term to become CMMC ready and demonstrate your compliance posture..

Businesses Should Prepare for a New Phase of Privacy Regulation and Enforcement in the United States

The continuing shift in privacy law embodied by the California Privacy Rights Act is set to make a significant impact on businesses’ compliance efforts and operational risk, as well as individuals’ expectations

New Known Breaches in the Past Week

Travel Booking Sites Hit by Massive Data Breach: How Can You Protect Yourself?

A hotel reservation platform has exposed users' data along with the details of at least 10 million customers worldwide. This could affect anyone who has booked a room via an online booking site in the last seven years. By Loraine Centeno I November 22, 2020

Mercy Iowa City Discloses Highly Sensitive Data Breach Impacting Over 60,000 Iowans

Mercy Iowa City hospital has revealed a data breach that may have compromised the personal and health information of 60,473 patients. By Alina Bizga I November 21, 2020

Real Estate Firm The Corcoran Group Exposed Homeowner and Agent Data Online

Secure Thoughts collaborated with Security Expert Jeremiah Fowler to expose a massive leak of property-owner and agent records by a luxury real estate firm. By Jeremiah Fowler I November 23, 2020

Louisiana Hospitals Report Data Breach

The data of thousands of patients has been exposed following a cyber-attack on Louisiana State University medical centers. By Sarah Coble I November 23, 2020

States Score $17.5M Settlement From Home Depot Over 2014 Data Breach

The Home Depot has agreed to pay $17.5 million to settle litigation that came from a multistate investigation over a data breach that stole 40 million consumers’ credit card numbers. By Angela Morris | November 24, 2020

Bad Medicine: Hospital Hit With Multiple Data Breach Class Actions for Unauthorized Access of Patient Records

Healthcare data breaches are on the rise-recent estimates peg the number of patient records breached in 2019 as exceeding 41 million individuals. Additionally, approximately 60% of all healthcare data breaches are caused by internal actors—a statistic underscored by consecutive data breach class actions filed against the Mayo Clinic concerning the unauthorized access of patient records. By Kristin L. Bryan I November 24, 2020

Attack on Vendor Affects Website of Arizona Court System

A internet interruption resulting from a ransomware attack on a hosting provider has limited functionality of the Arizona state court system’s webpage for most of this week, according to the vendor and court officials. By Associated Press I November 23, 2020

Hacker leaks the user data of event management app Peatix

A hacker has leaked this month the data of more than 4.2 million users registered on Peatix, an event organizing platform, currently ranked among the Alexa Top 3,500 most popular sites on the internet. By Catalin Cimpanu | November 24, 2020

General Cybersecurity News

Montana will again join innovative program promoting cybersecurity

Montana will again partner with the SANS Institute to provide high school students with a free and fun opportunity to learn cybersecurity skills and qualify for the National Cyber Scholarship Competition. By KPVI I November 22, 2020

TTU a partner in U.S. Department of Energy-funded Cybersecurity Manufacturing Innovation Institute

The University of Texas at San Antonio formally launched the Cybersecurity Manufacturing Innovation Institute (CyManII), a $111 million public-private partnership. Led by UTSA, the university will enter into a five-year cooperative agreement with the U.S. Department of Energy (DOE) to lead a consortium of 59 proposed member institutions in introducing a cybersecure energy-ROI that drives American manufacturers and supply chains to further adopt secure, energy-efficient approaches, ultimately securing and sustaining the nation’s leadership in global manufacturing competitiveness. by: News Release & Posted | November 21,2020

State Department Facing 'Significant' Information Security Issues, OIG Says

The State Department faces persistent challenges related to information security and management, according to a recently published inspector general report. By Mila Jasper I November 23, 2020

Robotic vacuum cleaners could be hacked to spy on you

According to researchers, robotic vacuum cleaners can be hacked to spy on users by recording both conversations and music. By Sudais Asif I November 24th, 2020

TSTC introduces fast-paced cybersecurity boot camp

Texas State Technical College will offer a fast-paced Workforce Training boot camp in Cybersecurity. The first cohort will begin in February, and the curriculum will feature eight industry-grade foundational courses that will equip students with the knowledge they need to get their foot into the world of cybersecurity. By Watchman I November 24, 2020

Small Business Cybersecurity Concerns

No such thing as a false positive when it comes to cybersecurity

What was supposed to be the exciting start of a new decade quickly became one of the most unpredictable years of this century, as the coronavirus pandemic sent ripples through the cybersecurity sector. What can we expect next year? By Tim Sandle I November 23, 2020

The Widening Security Holes in Our ‘Datasphere’

If it were measured as a country, cybercrime — which is predicted to inflict damages totaling $6 trillion globally in 2021 — would be the world’s third-largest economy after the U.S. and China. By Steve Morgan | November 24, 2020

Cyber Insurance News

Cyber insurance: Most frequent and costly claims revealed

External attacks on companies result in the most expensive cyber insurance losses, but internal failures like employee mistakes and technical problems are the most frequent generator of claims by number (albeit with a lower financial impact), a new report says. By Jason Contant I November 24, 2020

As threats grow, cyber insurance seen as more of a necessity

Businesses are treating cyber liability insurance as less of a luxury and more of a necessity as larger numbers of customers are drawn into the market and existing clients seek higher coverage limits, according to Advisen Ltd. surveys. By Calvin Trice I November 23, 2020

As cyberattacks rise, know how cyber insurance can protect your hard-earned money

As the number of applications, devices, etc. increase, you become more vulnerable to attacks. Just like you insure against illness, natural disasters etc, you need insurance coverage for cyber risks as well. By Harshita Tyagi I November 24, 2020

A security researcher discovered fresh flaws in open source image converter ImageMagick during the process of exploring an earlier vulnerability dating back four years. By John Leyden I November 23, 2020

Hacker posts exploits for over 49,000 vulnerable Fortinet VPNs

A hacker has posted a list of one-line exploits to steal VPN credentials from almost 50,000 Fortinet VPN devices. By Ax Sharma I November 22, 2020

Mount Locker Ransomware Targets U.S. Taxpayers

Mount Locker, a ransomware operation that was first discovered in July, is now preparing to take advantage of the tax season in the U.S. Recently, the ransomware operators have been observed specifically targeting TurboTax returns for encryption. The software is used for the preparation of American income tax returns. By Cyware News I November 24, 2020

Malware creates scam online stores on top of hacked WordPress sites

A new cybercrime gang has been seen taking over vulnerable WordPress sites to install hidden e-commerce stores with the purpose of hijacking the original site's search engine ranking and reputation and promote online scams. By Catalin Cimpanu I November 23, 2020

Critical Unpatched VMware Flaw Affects Multiple Corporates Products

VMware has released temporary workarounds to address a critical vulnerability in its products that could be exploited by an attacker to take control of an affected system. By Ravie Lakshmanan I November 23, 2020

Ransomware gangs hunt for tax software to ratchet up pressure on victims

Ransomware actors are targeting tax software files in a bid to dig up highly sensitive data and increase leverage over their victims, including small businesses whose efforts to be tax-compliant could be seriously disrupted. By Bradley Barth I November 23, 2020

VMware Working on Patches for Critical Workspace ONE Access Vulnerability

VMware on Monday published an advisory to inform users that it’s working on patching a critical command injection vulnerability affecting Workspace ONE Access and some related components. By Eduard Kovacs I November 24, 2020

Latest Version of TrickBot Employs Clever New Obfuscation Trick

The malware takes advantage of how the Windows command line interpreter works to try and slip past anti-detection tools, Huntress Labs says. By Jai Vijayan I November 24, 2020

Regulations, Frameworks, and Controls

Why IT General Controls Are Important for Compliance and Cybersecurity

IT general controls are among the most important elements of effective compliance and IT security. So it’s a bit strange that many businesses — and compliance professionals, for that matter — struggle to understand exactly how “ITGCs” support compliance and the many ways they can fail. By Matt Kelly I November 23, 2020

NIST Updates Control Baselines, Integrates Privacy

The National Institute of Standards and Technology has finalized 800-53B and 800-53 Revision 5, providing updated guidance on selecting security and privacy control baselines for public- and private-sector organizations. By Dan Lohrmann I November 21, 2020