Omnistruct Newsletters

Cybersecurity News that Matters, February 12, 2021

Written by Omnistruct Marketing | Feb 14, 2021 6:58:19 PM

Omnistruct News

 

Leverage Compliance to Grow Your MSP Business now BY JOINING OUR WEBINAR!

A waterfall of looming cyber checklists from Managed Service Provider customers are becoming increasingly common. New regulations, laws, guidelines, and standards of compliance are driving them. However, the expertise required in areas of risk and privacy are creating operational headaches and creating unnecessary risk when techs consult in areas that are better handled by risk managers and legal teams. We will discuss how the National Institute of Standards and Technology multiple frameworks in privacy and cybersecurity offer relief of risk especially when techs are asked by key accounts about legal compliance and why partnering with a Governance as a Service Provider like Omnistruct works for all involved.

 

Access Restrictions for Change - Video of the Week

 

Enterprise Leadership News

 

Barcode Scanner app on Google Play infects 10 million users with one update

Late last December we started getting a distress call from our forum patrons. Patrons were experiencing ads that were opening via their default browser out of nowhere. The odd part is none of them had recently installed any apps, and the apps they had installed came from the Google Play store. Then one patron, who goes by username Anon00, discovered that it was coming from a long-time installed app, Barcode Scanner. An app that has 10,000,000+ installs from Google Play! We quickly added the detection, and Google quickly removed the app from its store. By Nathan Collier I February 5, 2021

 

Pandemic Proves to Be Fertile Ground for Identity Thieves

Identity thieves were busier than ever as the pandemic erupted nationwide last year, with reports of identity theft in the U.S. skyrocketing to nearly 1.4 million in 2020, more than double the number a year earlier. By Katherine Skiba I February 5, 2021

 

Microsoft: Keep your guard up even after Emotet’s disruption

Microsoft warns customers not to let their guard down even after hundreds of Emotet botnet servers were taken down in late January 2021. By Sergiu Gatlan I February 8, 2021

 

 

Regulations, Frameworks, and Controls

 

NIST testing automated delivery of new security controls

Starting this summer, the National Institute of Standards and Technology will begin to automate delivery of revisions to Special Publication 800-53. By Troy K. Schneider I February 08, 2021

 

NIST posts enhanced requirements for protecting CUI

In the wake of the SolarWinds Orion hack, the National Institute of Standards and Technology has published recommendations for enhanced security requirements that can help organizations protect controlled unclassified information (CUI) against nation-state backed threats. By Justin Katz I February 08, 2021

 

NIST SP 800-172: Enhanced Guidelines & Standards For CMMC

Previously known as NIST SP 800-171B with drafts released in June 2019 and July 2020, the final version of the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-172 arrived in February 2021. By SecureStrux I February 10, 2021

 

NIST posts enhanced requirements for protecting CUI

In the wake of the SolarWinds Orion hack, the National Institute of Standards and Technology has published recommendations for enhanced security requirements that can help organizations protect controlled unclassified information (CUI) against nation-state backed threats. By Justin Katz I February 08, 2021

 

 

Small Business Entrepreneur Cybersecurity News

 

Protect Your Business Against Cyber Threats with a Top-Rated VPN 

Cybercrime doesn't just impact large businesses and unsuspecting individuals. Forty-three percent of all cybercrimes target small businesses because many entrepreneurs overlook the importance of cybersecurity. It's imperative that you protect your business from cybercrime, and one of the easiest ways to do it is to start using a VPN. By Entrepreneur Store I February 8, 2021

 

How to Protect Your Supply Chain From Cyberattack

Cyberthreats evolve constantly, but one rule endures: hackers will never break down your front door if they can get in through an open window. Most retailers are keenly aware that the credit card and customer data on their networks is a prime target for hackers, and so they barricade access points to their websites and ecommerce systems to ward off intrusion. By Ara Aslanian I February 4, 2021

 

 

Enterprise Technical Security That Matters

 

Packaging giant WestRock is still working to resume after recent Ransomware Attack

Packaging giant WestRock revealed this week that the recent ransomware attack impacted the company’s IT and operational technology (OT) systems. By Pierluigi Paganini I February 6, 2021

 

WARNING — Hugely Popular 'The Great Suspender' Chrome Extension Contains Malware

Google on Thursday removed The Great Suspender, a popular Chrome extension used by millions of users, from its Chrome Web Store for containing malware. It also took the unusual step of deactivating it from users' computers. By Ravie Lakshmanan I February 6, 2021

 

Victims of Ziggy ransomware can recover their files for free

The Ziggy ransomware gang has shut down its operations and released the decryption keys fearing the ongoing investigation of law enforcement. By Pierluigi Paganini I February 8, 2021

 

Critical Firefox Vulnerability Can Allow Code Execution If Chained With Other Bugs

An update released last week by Mozilla for Firefox 85 patches a critical information disclosure vulnerability that can be chained with other security flaws to achieve arbitrary code execution. By Eduard Kovacs I February 09, 2021

 

Cyberpunk 2077 bug fixed that let malicious mods take over PCs

CD Projekt Red has released a hotfix for Cyberpunk 2077 to fix a remote code execution vulnerability that could be exploited by third-party data file modifications and save games files. By Lawrence Abrams I February 8, 2021

 

Zeoticus 2.0 Making Infections Are Now Harder to Control, Contain, and Mitigate

Discovered in early 2020, the Zeoticus ransomware has moved into 2021 with new upgrades focused on speed and efficiency. SentinelOne researchers released a detailed report and technical analysis of the latest version - Zeoticus 2.0. By Cyware I February 11, 2021

 

Intel Patches Tens of Vulnerabilities in Software, Hardware Products

The chipmaker’s Patch Tuesday updates for February 2021 were described in 19 advisories, including four that cover high-severity vulnerabilities. By Eduard Kovacs I February 10, 2021

 

 

MSP News

 

What Louisiana’s First MSP Regulation Could Mean for the Channel?

Much like in many other industries such as healthcare and financial services, government entities are making initial steps toward managing the IT channel. Resulting from a spike in costly ransomware and phishing scams, the repercussions of insufficient security have many eyes on Managed Service Providers (MSPs). The first-ever state bill, and the federal roll-out of Cybersecurity Maturity Model Certification offer a glimpse into what future IT channel and MSP regulation could look like.
 
 

How Managed Service Accounts in Active Directory Work

Managed Service Accounts in Windows allow administrators to automate password management for accounts. By Steve Syfuhs I February 4, 2021

 

House Armed Services Adds Cybersecurity-focused Panel for Technology Oversight

The House Armed Services Committee has formed a new cybersecurity-focused subcommittee to oversee the Department of Defense’s use of cyber, emerging technology and information systems. By D. Howard Kass I February 8, 2021

 

U.S Election Security Strategy: CISA Head Vows Back to Basics

How the Cybersecurity Infrastructure and Security Agency (CISA), the nation’s cyber central, will deconstruct the swarm of disinformation buzzing federal elections is front and center on the agency’s to-do list, Acting Director Brandon Wales said. By D. Howard Kass I February 8, 2021

 

Tenable Acquires Microsoft Active Directory Security Company Alsid

Tenable has announced plans to acquire Microsoft Active Directory (AD) security provider Alsid for $98 million in cash. Furthermore, Alsid founders Emmanuel Gras and Luc Delsalle will join Tenable in senior leadership roles focused on the development of AD security solutions. By Dan Kobialka I February 10, 2021

 

 

New Known Breaches in the Past Week

 

Tens of Thousands of Patient Files Leaked in US Hospital Attacks

Patients and employees from 11 hospitals in the US have had their personal information exposed after hackers reportedly published tens of thousands of records online. By Phil Muncaster I February 8, 2021

 

Web developers SitePoint discloses a data breach

The website, and publisher of books, courses and articles for web developers, SitePoint discloses a data breach that impacted 1M users. By Pierluigi Paganini I February 7, 2021

 

Law Firm Data Breach Impacts UPMC Patients

A cyber-attack on a Pennsylvania law firm has potentially exposed the personal health information (PHI) of more than 36,000 patients of University of Pittsburgh Medical Center (UPMC). By Sarah Coble I February 8, 2021

 

Cyberpunk 2077' game studio says hackers exposed data 

Video game company CD Projekt says a cyberattack exposed some of its data, and the intruders left a ransom note claiming they accessed the source code for “Cyberpunk 2077” and other games. By Joe Warminsky I February 9, 2021

 

PyPI, GitLab dealing with spam attacks

Spammers have inundated the Python Package Index (PyPI) portal and the GitLab source code hosting website with garbage content, flooding both with ads for shady sites and services. By Catalin Cimpanu I Zero Day | February 9, 2021

 

Lawsuit filed over data breach at Wilmington Surgical Associates

A lawsuit has been filed against Wilmington Surgical Associates after hackers breached the company’s computer systems and stole sensitive information of nearly 115,000 patients. By WECT Staff | February 10, 2021

 

SU data breach exposes nearly 10,000 names, Social Security numbers 

The names and Social Security numbers of about 9,800 Syracuse University students, alumni and applicants have been exposed after someone gained unauthorized access to an employee’s email account. By Michael Sessa I February 10, 2021

 

 

Sincerely,

Omnistruct Marketing
866-683-8827
www.omnistruct.com

Omnistruct, 2740 Fulton Avenue #101-02, Sacramento, CA 95821, USA, (866) 683-8827

Unsubscribe                   Manage preferences