Omnistruct Newsletters

Business Information Security News of the Week, November 6, 2020

Written by Omnistruct Marketing | Nov 6, 2020 7:01:47 PM

 

Omnistruct Webinar

Staying In Business After Hackers Succeed

Date: Nov 19, 2020 at 01:00 PM in Pacific Time (US and Canada)

Speaker: George Usi

Learn More and Register Now!

 

 

Top Stories for this Week

 

Ransomware Advisory

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) is issuing an advisory to alert companies that engage with victims of ransomware attacks of the potential sanctions risks for facilitating ransomware payments. This advisory highlights OFAC’s designations of malicious cyber actors and those who facilitate ransomware transactions under its cyber-related sanctions program. By U.S Department of the Treasury I October 1, 2020

 

Cybersecurity as we know it will be 'a thing of the past in the next decade,' says Cloudflare's COO, as security moves towards a 'water treatment' model

In 10 years, cybersecurity as we know it will no longer exist, according to Cloudflare cofounder and COO Michelle Zatlyn, who spoke at Business Insider's inaugural roundtable conversation featuring five Enterprise Tech Transformers. By Rosalie Chan I October 30, 2020

 

New Known Breaches in the Past Week

Data breach reports were down 51% in the first three quarters of 2020

Risk Based Security released their 2020 Q3 Data Breach QuickView Report, revealing that the number of records exposed has increased to a staggering 36 billion. There were 2,935 publicly reported breaches in the first three quarters of 2020, with the three months of Q3 adding an additional 8.3 billion records to what was already the “worst year on record.” By Security Magazine | November 2, 2020

 

Aetna, city of New Haven hit with OCR fines after data breach

The U.S. Department of Health and Human Services' Office for Civil Rights leveraged $1,000,000 in fines against Aetna Life Insurance Company and $202,400 against the city of New Haven, Connecticut, to settle potential HIPAA violations. By Kat Jercich I November 02, 2020

 

JM Bullion, the leading online bullion dealer in the United States, has disclosed a data breach, hackers stole customers’ credit card information.

JM Bullion, the online retailer of products made of precious metals (i.e. gold, silver, copper, platinum, and palladium) has disclosed a data breach. By Pierluigi Paganini I November 02, 2020

 

Hackers Selling a Total of 34 Million User Records Stolen From 17 Companies

A threat actor is selling account databases containing a total of 34 million user records that they claim were stolen from seventeen companies during data breaches. By GURUBARAN S I November 2, 2020

 

Financial institutions can sue Sonic as a class over data breach, judge rules

An Ohio federal judge has certified a class of financial institutions in a lawsuit over Sonic Corp’s 2017 data breach that exposed customers’ payment card data from 325 of the fast-food chain’s drive-in locations. By Sara Merken I November 4, 2020

 

Data breach impacts Chesapeake Regional Healthcare

Chesapeake Regional Healthcare has released details about a data breach that affected one of its data hosting service vendors. By 13News Now Staff I November 3, 2020

 

Ransomware Gang Claims International Casino Equipment Supplier As Latest Victim

The REvil ransomware crew has struck again. The same cybercriminals who breached Grubman, Shire, Meiselas & Sacks this spring has claimed Gaming Partners International as its latest victim. By Lee Mathews I October 31, 2020

 

General Cybersecurity News

 

Cybersecurity threats to corporate America are present now ‘more than ever,’ SEC chair says

Securities and Exchange Commission Chairman Jay Clayton is telling corporate America it needs to get much more vigilant on security. By CNBC I November 02, 2020

 

Small can be ugly when it comes to third-party cybersecurity

New research from CyberGRX, based on data collected from the third parties on its exchange, finds that company size correlates with the maturity of cybersecurity programs, more specifically, as companies get smaller, they have fewer controls in place and less mature programs. By Ian Barker I November 02, 2020

 

Small Business Cybersecurity Concerns
 

Cisco Advances Effort to Simplify Security

Cisco Systems has updated SecureX, a free console it provides for its portfolio of security offerings, to include sample extended detection and response (XDR) workflows along with additional analytics and a refreshed Ribbon interface through which security administrators can manage multiple tasks. By Michael Vizard I November 2, 2020

 

MSP News

 

Managed Cloud-Native Services on the Rise

A report published by Information Services Group (ISG) suggests the complexity of cloud-native technologies such as Kubernetes and emerging service mesh platforms is driving more organizations toward consuming managed services delivered via the cloud versus deploying these technologies on their own. By Mike Vizard I November 3, 2020

 

CVE Announcements This Week

Oracle publishes rare out-of-band security update for WebLogic servers

Oracle has published on Sunday a rare out-of-band security update to address an incomplete patch for a recently disclosed vulnerability in Oracle WebLogic servers that is currently being actively exploited in real-world attacks. By Catalin Cimpanu | November 3, 2020

 

Google patches second Chrome zero-day in two weeks

Google has released a security update today for its Chrome web browser that patches ten security bugs, including one zero-day vulnerability that is currently actively exploited in the wild. By Catalin Cimpanu | November 2, 2020

 

CNAs and CVEs – Can allowing vendors to assign their own vulnerability IDs actually hinder security?

Security researchers have highlighted the potential pitfalls of allowing software vendors to assign their own vulnerability report IDs. By Jessica Haworth I November 03, 2020

 

New RegretLocker ransomware targets Windows virtual machines

A new ransomware called RegretLocker uses a variety of advanced features that allows it to encrypt virtual hard drives and close open files for encryption. By Lawrence Abrams I November 03, 2020

 

Adobe Warns Windows, MacOS Users of Critical Acrobat and Reader Flaws

Adobe has fixed critical-severity flaws tied to four CVEs in the Windows and macOS versions of its Acrobat and Reader family of application software services. The vulnerabilities could be exploited to execute arbitrary code on affected products. By Lindsey O'Donnell I November 03, 2020

 

MSP News

How MSPs are generating revenue in today’s marketplace

We’ve witnessed a major seismic shift in the managed services landscape following the disruptive coronavirus pandemic. It has spurred many companies worldwide to adopt remote operations in the face of unpredictable economic conditions. More than ever before, companies are relying on MSPs to maintain business operations. By Grady Gausman | October 27, 2020

Regulations, Frameworks, and Controls

The Top 10 Things to Know About CMMC

In recent years, the DoD has undergone a series of bold cybersecurity initiatives, from embracing responsible vulnerability disclosure to the trailblazing Hack the Pentagon initiative. Now, the DoD has a new risk in its sights: defense contractors. By Jacqueline von Ogden I November 3, 2020

 

6 Reasons to Increase Your Compliance Budget in 2021

Risk management and compliance are critical business capabilities that deserve adequate attention and resources in the current climate. An organization with weak risk management and compliance capabilities invites risks and regulatory trouble, but a strong compliance program can help a business thrive. By Jingcong Zhao I November 3, 2020

 

 

Sincerely,

Omnistruct Marketing
866-683-8827
www.omnistruct.com

Omnistruct, 2740 Fulton Avenue #101-02, Sacramento, CA 95821, USA, (866) 683-8827

Unsubscribe                   Manage preferences