Top Stories for this Week

Ransomware Advisory

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) is issuing an advisory to alert companies that engage with victims of ransomware attacks of the potential sanctions risks for facilitating ransomware payments. This advisory highlights OFAC’s designations of malicious cyber actors and those who facilitate ransomware transactions under its cyber-related sanctions program. By U.S Department of the Treasury I October 1, 2020

Cybersecurity as we know it will be 'a thing of the past in the next decade,' says Cloudflare's COO, as security moves towards a 'water treatment' model

In 10 years, cybersecurity as we know it will no longer exist, according to Cloudflare cofounder and COO Michelle Zatlyn, who spoke at Business Insider's inaugural roundtable conversation featuring five Enterprise Tech Transformers. By Rosalie Chan I October 30, 2020

New Known Breaches in the Past Week

Data breach reports were down 51% in the first three quarters of 2020

Risk Based Security released their 2020 Q3 Data Breach QuickView Report, revealing that the number of records exposed has increased to a staggering 36 billion. There were 2,935 publicly reported breaches in the first three quarters of 2020, with the three months of Q3 adding an additional 8.3 billion records to what was already the “worst year on record.” By Security Magazine | November 2, 2020

Aetna, city of New Haven hit with OCR fines after data breach

The U.S. Department of Health and Human Services' Office for Civil Rights leveraged $1,000,000 in fines against Aetna Life Insurance Company and $202,400 against the city of New Haven, Connecticut, to settle potential HIPAA violations. By Kat Jercich I November 02, 2020

JM Bullion, the leading online bullion dealer in the United States, has disclosed a data breach, hackers stole customers’ credit card information.

JM Bullion, the online retailer of products made of precious metals (i.e. gold, silver, copper, platinum, and palladium) has disclosed a data breach. By Pierluigi Paganini I November 02, 2020

Hackers Selling a Total of 34 Million User Records Stolen From 17 Companies

A threat actor is selling account databases containing a total of 34 million user records that they claim were stolen from seventeen companies during data breaches. By GURUBARAN S I November 2, 2020

Financial institutions can sue Sonic as a class over data breach, judge rules

An Ohio federal judge has certified a class of financial institutions in a lawsuit over Sonic Corp’s 2017 data breach that exposed customers’ payment card data from 325 of the fast-food chain’s drive-in locations. By Sara Merken I November 4, 2020

Data breach impacts Chesapeake Regional Healthcare

Chesapeake Regional Healthcare has released details about a data breach that affected one of its data hosting service vendors. By 13News Now Staff I November 3, 2020

Ransomware Gang Claims International Casino Equipment Supplier As Latest Victim

The REvil ransomware crew has struck again. The same cybercriminals who breached Grubman, Shire, Meiselas & Sacks this spring has claimed Gaming Partners International as its latest victim. By Lee Mathews I October 31, 2020

General Cybersecurity News

Cybersecurity threats to corporate America are present now ‘more than ever,’ SEC chair says

Securities and Exchange Commission Chairman Jay Clayton is telling corporate America it needs to get much more vigilant on security. By CNBC I November 02, 2020

Small can be ugly when it comes to third-party cybersecurity

New research from CyberGRX, based on data collected from the third parties on its exchange, finds that company size correlates with the maturity of cybersecurity programs, more specifically, as companies get smaller, they have fewer controls in place and less mature programs. By Ian Barker I November 02, 2020

Cisco Advances Effort to Simplify Security

Cisco Systems has updated SecureX, a free console it provides for its portfolio of security offerings, to include sample extended detection and response (XDR) workflows along with additional analytics and a refreshed Ribbon interface through which security administrators can manage multiple tasks. By Michael Vizard I November 2, 2020

CVE Announcements This Week

Oracle publishes rare out-of-band security update for WebLogic servers

Oracle has published on Sunday a rare out-of-band security update to address an incomplete patch for a recently disclosed vulnerability in Oracle WebLogic servers that is currently being actively exploited in real-world attacks. By Catalin Cimpanu | November 3, 2020

Google patches second Chrome zero-day in two weeks

Google has released a security update today for its Chrome web browser that patches ten security bugs, including one zero-day vulnerability that is currently actively exploited in the wild. By Catalin Cimpanu | November 2, 2020

CNAs and CVEs – Can allowing vendors to assign their own vulnerability IDs actually hinder security?

Security researchers have highlighted the potential pitfalls of allowing software vendors to assign their own vulnerability report IDs. By Jessica Haworth I November 03, 2020

New RegretLocker ransomware targets Windows virtual machines

A new ransomware called RegretLocker uses a variety of advanced features that allows it to encrypt virtual hard drives and close open files for encryption. By Lawrence Abrams I November 03, 2020

Adobe Warns Windows, MacOS Users of Critical Acrobat and Reader Flaws

Adobe has fixed critical-severity flaws tied to four CVEs in the Windows and macOS versions of its Acrobat and Reader family of application software services. The vulnerabilities could be exploited to execute arbitrary code on affected products. By Lindsey O'Donnell I November 03, 2020

MSP News

How MSPs are generating revenue in today’s marketplace

We’ve witnessed a major seismic shift in the managed services landscape following the disruptive coronavirus pandemic. It has spurred many companies worldwide to adopt remote operations in the face of unpredictable economic conditions. More than ever before, companies are relying on MSPs to maintain business operations. By Grady Gausman | October 27, 2020

Regulations, Frameworks, and Controls

The Top 10 Things to Know About CMMC

In recent years, the DoD has undergone a series of bold cybersecurity initiatives, from embracing responsible vulnerability disclosure to the trailblazing Hack the Pentagon initiative. Now, the DoD has a new risk in its sights: defense contractors. By Jacqueline von Ogden I November 3, 2020

6 Reasons to Increase Your Compliance Budget in 2021

Risk management and compliance are critical business capabilities that deserve adequate attention and resources in the current climate. An organization with weak risk management and compliance capabilities invites risks and regulatory trouble, but a strong compliance program can help a business thrive. By Jingcong Zhao I November 3, 2020