Top Stories for this Week

FBI warns ransomware assault threatens US healthcare system

Federal agencies warned that cybercriminals are unleashing a wave of data-scrambling extortion attempts against the U.S. healthcare system designed to lock up hospital information systems, which could hurt patient care just as nationwide cases of COVID-19 are spiking. By Frank Bajak | October 29, 2020

What Tech Companies Need to Know About the SAFE DATA Act

You’re probably well aware of the General Data Protection Regulation (GDPR) in Europe and California’s Consumer Privacy Act (CCPA). These two privacy laws provide fairly stringent requirements for businesses to uphold consumers’ and employees’ right to privacy, and they use significant monetary penalties to punish those who break the law. By Jingcong Zhao | October 26, 2020

New Known Breaches in the Past Week

The Five Biggest Data Breaches of the 21st Century

Data is evolving to be one of the most valuable assets in the digital world. The tech giants that monopolize data are the most powerful companies in the world. However, despite the overwhelming value of data controlled by these entities, they are often becoming vulnerable to data breach epidemic. By Adilin Beatrice | October 26, 2020

SecOps Struggles as Data Breaches and Security Threats Soar

Even before the COVID-19 pandemic struck the globe in March, security operation teams were already struggling with a seemingly never-ending series of security alerts, as well as a growing number of sophisticated data breaches and other cyber-threats that can harm an organization. By Dice Staff | October 22, 2020

Stelco Announces Cybersecurity Attack

Stelco Holdings Inc. ("Stelco" or the "Company") (TSX: STLC) a low-cost, integrated and independent steelmaker and 100% owner of the operating company Stelco Inc., announced that it was subject to a criminal attack on its information systems. By Newswire | October 25, 2020

Pfizer Suffers Huge Data Breach on Unsecured Cloud Storage

Pfizer suffered a huge data breach because of unsecured cloud storage. The exposed data, including email addresses, home addresses, full names, and other HIPAA related information, was found on a misconfigured Google Cloud storage bucket. By Sonrai Security Marketing | October 22, 2020

General Cybersecurity News

Is the IoT Cybersecurity Improvement Act Enough?

It’s no secret that the current state of internet of things, or IoT, security is sub-par. We all see the steady drumbeat of headlines detailing new vulnerabilities in just about every connected device, from smart vacuums to digital assistants. By Erez Yalon | October 23, 2020

Compliance: Cybersecurity, COVID covered in NCUA briefing

October marks Cybersecurity Awareness Month, and CUNA’s Compliance staff take a deep dive into the briefing received by the NCUA Board earlier this month in a recent CompBlog entry. By CUNA News | October 26, 2020

Military leader says cyber engineering is critical to the nation’s future

As our physical and digital systems become increasingly integrated, cybersecurity is an issue that should be on the radar of all engineers, says Australia’s Head of Information Warfare. By Elle Hardy | October 27, 2020

Cybersecurity provides opportunities for auditors to serve

Cybersecurity challenges require a response from every sector of the economy. Public company auditors can do their part by providing services to clients beyond the financial statements, according to a Center for Audit Quality (CAQ) report published Tuesday. By Ken Tysiac | October 28, 2020

Cyber coverage should be factored into every small business' insurance portfolio

As the business risk landscape evolves, so too should that small business insurance portfolio. Today - in the era of technology, the internet, and COVID-19 pandemic-induced remote working – there’s one insurance product, in particular, that all businesses regardless of size should be factoring into their risk management equation: cyber insurance. By Bethan Moorcraft | October 26, 2020

Cyber Insurance News

Cyber insurance — is it necessary?

Risk consultants advise cyber insurance is necessary, but policyholders are not always sure why. When business owners and professionals truly understand the value of their personal and financial properties, like one’s identity and hard-earned investments, it becomes easier to understand why it is necessary to “prepare for the worst and hope for the best.” By Ryan J. Beal, CLCS, and Emilyjo Levy October 23, 2020

Patching up problems with innovative cyber solutions

With the frequency and severity of claims on the rise, cyber insurers in the US have started to tighten their risk appetites and underwriting guidelines. In doing so, they have created some new coverage gaps or problems that need patching up with innovative cyber solutions. Bethan Moorcraft | October 23, 2020

City poised to re-up $20M in cyber insurance adopted after ransomware attack

A panel of Baltimore’s top officials is set to renew $20 million worth of cybersecurity insurance acquired last year in the wake of a massively disruptive ransomware attack. By Ethan McLeod | October 27, 2020

MSP News

How MSPs are generating revenue in today’s marketplace

We’ve witnessed a major seismic shift in the managed services landscape following the disruptive coronavirus pandemic. It has spurred many companies worldwide to adopt remote operations in the face of unpredictable economic conditions. More than ever before, companies are relying on MSPs to maintain business operations. By Grady Gausman | October 27, 2020

More Announcements This Week

Experts Warn of Privacy Risks Caused by Link Previews in Messaging Apps

Cybersecurity researchers over the weekend disclosed new security risks associated with link previews in popular messaging apps that cause the services to leak IP addresses, expose links sent via end-to-end encrypted chats, and even unnecessarily download gigabytes of data stealthily in the background. By Ravie Lakshmanan | October 26, 2020

Malware Authors Leveraging Telegram-based Command and Control

Malware authors can be increasingly seen using Telegram-based tactics to enhance their malware capabilities. In recent attacks, the trend of using Telegram as a command and control (C&C) system has been picking up traction as compared to a web-based administration panel. By Cyware Alerts - Hacker News | Cyware Alerts - Hacker News

Mirai Botnet's Extended Army Takes Aim at IoT Devices

Mirai botnet has given rise to several variants since its appearance in 2016. Through the years, the outgrowing variants of the botnet accompanied by their ability to target IoT devices have become a major concern for security experts. By Cyware Alerts - Hacker News | October 24, 2020