Omnistruct News

Leverage Compliance to Grow Your MSP Business now BY JOINING OUR WEBINAR!

A waterfall of looming cyber checklists from Managed Service Provider customers are becoming increasingly common. New regulations, laws, guidelines, and standards of compliance are driving them. However, the expertise required in areas of risk and privacy are creating operational headaches and creating unnecessary risk when techs consult in areas that are better handled by risk managers and legal teams. We will discuss how the National Institute of Standards and Technology multiple frameworks in privacy and cybersecurity offer relief of risk especially when techs are asked by key accounts about legal compliance and why partnering with a Governance as a Service Provider like Omnistruct works for all involved.

Remote Access - NIST Video of the Week

Enterprise Technical Security That Matters

Evolving Tricks and Techniques of Conti

Conti is a relatively new addition to the ransomware landscape, however, it has turned to be quite destructive. It is a more accessible variant of Ryuk and works in a RaaS model. Cyware Alerts I February 16, 2021

Vulnerability in VMware vSphere Replication Can Facilitate Attacks on Enterprises

VMware last week informed customers about the availability of patches for a potentially serious vulnerability affecting its vSphere Replication product. By Eduard Kovacs I February 15, 2021

Agora SDK Bug Left Several Video Calling Apps Vulnerable to Snooping

A severe security vulnerability in a popular video calling software development kit (SDK) could have allowed an attacker to spy on ongoing private video and audio calls. By Ravie Lakshmanan I February 17, 2021

QNAP patches critical vulnerability in Surveillance Station NAS app

QNAP has addressed a critical security vulnerability in the Surveillance Station app that allows attackers to execute malicious code remotely on network-attached storage (NAS) devices running the vulnerable software. By Sergiu Gatlan I February 17, 2021

SQLite patches use-after-free bug that left apps open to code execution, denial-of-service exploits

SQLite has issued a security patch after the discovery of a use-after-free bug that, if triggered, could lead to arbitrary code execution or denial of service (DoS). By Adam Bannister I February 16, 2021

First Malware Designed for Apple M1 Chip Discovered in the Wild

One of the first malware samples tailored to run natively on Apple's M1 chips has been discovered, suggesting a new development that indicates that bad actors have begun adapting malicious software to target the company's latest generation of Macs powered by its own processors. By Ravie Lakshmanan I February 18, 2021

Cred-stealing trojan harvests logins from Chromium browsers, Outlook and more, warns Cisco Talos

Cisco Talos has uncovered a credential-stealing trojan that lifts your login details from the Chrome browser, Microsoft's Outlook and instant messengers. By Gareth Corfield I February 18, 2021

Enterprise Leadership News

Do this right now to keep all your passwords safe

A single data breach of a computer network belonging to anything from a hotel chain to a restaurant or any number of otherwise run-of-the-mill businesses can spawn a host of negative consequences — putting, for example, a massive amount of customer data at risk and opening up those customers to fraud and other nefarious actions as a result. By Andy Meek I February 15, 2021

New Federal Law for IoT Cybersecurity Requires the Development of Standards and Guidelines Throughout 2021

At the end of the Trump Administration, the bipartisan Internet of Things (IoT) Cybersecurity Improvement Act of 2020 (“the Act”) was enacted after passing the House of Representatives on a suspension of the rules and the Senate by unanimous consent. The Act requires agencies to increase cybersecurity for IoT devices owned or controlled by the federal government. Despite its seemingly limited scope, the Act is anticipated to have a significant, wide-ranging impact on the general development and manufacturing of IoT devices. By Gibson Dunn I February 17, 2021

Regulations, Frameworks, and Controls

57% of vulnerabilities in 2020 were classified as critical or high severity

NIST logged more than 18,000 vulnerabilities in 2020, over 10,000 of which were critical or high severity – an all-time high. Redscan’s analysis looks beyond severity scores, detailing the rise of low complexity vulnerabilities as well as those which require no user interaction to exploit. By Help Net Security I February 17, 2021

NIST Guidance on Internet of Things (IoT)

Standard, everyday appliances like dishwashers and ovens, and necessary devices such as lights and thermostats, are increasingly likely to be Wi-Fi enabled, allowing them to send and receive data. These objects are widely called the internet of things (IoT). These IoT devices have cybersecurity and privacy considerations that differ from normal information technology (IT) devices (e.g., laptops, smartphones, servers). By McDermott Will & Emery I February 17, 2021

New NIST framework strives for cleaner, more secure power grid

Whether it's a new set of solar panels glistening on a neighbor's roof or a freshly installed smart thermostat at home, burgeoning renewable and smart technologies represent steps toward a sustainable future. But much of their potential will remain untapped unless the power grid is managed in a much more flexible way. By Eureka Alert I February 18, 2021 

Small Business Entrepreneur Cybersecurity News

Sentar Formally Designated as CMMC Registered Provider Organization (RPO)

Sentar Inc. (Sentar), a women-owned business specializing in advanced cybersecurity and intelligence solutions and technology, announced today that Sentar has received an official designation as a Cybersecurity Maturity Model Certification (CMMC) Registered Provider Organization (RPO) from CMMC-AB. By Business Wire I February 18, 2021

Experts in Cisco webinar call on businesses to increase level of cybersecurity defense

Restrictions brought by the COVID-19 pandemic lurched businesses toward the digital space, and as work-from-home continues to be the norm, there is also an increased awareness of cybersecurity. Enterprises both big and small are faced with cyber threats, and the need to adopt security measures is more critical than ever. By Back End News I February 19, 2021

Ask Your Developer, book review: How to prosper in a ‘build or die’ business landscape

Digital transformation is as much about the business as it is about the technology. Better communication with ‘software people’ could bring the two together, argues Twilio CEO Jeff Lawson. By Mary Branscombe I February 18, 2021

A Sticker Sent On Telegram Could Have Exposed Your Secret Chats

Cybersecurity researchers on Monday disclosed details of a now-patched flaw in the Telegram messaging app that could have exposed users' secret messages, photos, and videos to remote malicious actors. By Ravie Lakshmanan I February 15, 2021

MSP News

Guardforce AI Acquires Penetration Testing Firm Handshake Networking

Guardforce AI has acquired information security and penetration testing consultants Handshake Networking. Financial terms of the deal were not disclosed. By Joe Panettieri I February 14, 2021

Palo Alto Networks Acquires Cloud Security Posture Management Startup Bridgecrew: Report

Palo Alto Networks has acquired Bridgecrew for cloud security posture management (CSPM) and DevOps-related security capabilities, according to two third-party reports. By Joe Panettieri I February 16, 2021

Palo Alto Networks Updates SASE Security Platform for Remote Workers

Palo Alto Networks has upgraded its Prisma Access security access service edge (SASE) platform to help organizations protect their remote workers against cyberattacks, according to a prepared statement. By Dan Kobialka I Feb 17, 2021

CompTIA ISAO Names Executive Advisory Council

Fourteen luminaries spanning managed security service providers, IT and cybersecurity providers, venture capital and academia have been named to the security-centric CompTIA Information Sharing and Analysis Organization’s (ISAO) inaugural executive advisory council. By D. Howard Kass I February 16, 2021

FireEye Report: MSSPs Have ‘Fear of Missing Incidents’ (FOMI)

Fear of missing incidents (FOMI) and alert fatigue are “real” problems for many MSSP security analysts and managers, according to “The Voice of the Analysts: Improving Security Operations Center Processes Through Adapted Technologies” report from FireEye. By Dan Kobialka I February 16, 2021

New Known Breaches in the Past Week

Adorcam App Leaks Millions of User Records via ElasticSearch Database

Hoffman data breach exposes security challenges

Washington auditor’s office warned agencies of data-breach risks. Then it got hacked

On Christmas Eve last year, Washington State Auditor Pat McCarthy’s office issued a dire warning that state agency computer systems and data make “attractive targets for cyberattacks.” By Settletimes I February 15, 2021

14 million Amazon and eBay accounts sold online in new leak

An unknown user was offering the data of 14 million Amazon and eBay customers’ accounts for sale on a popular hacking forum. The data appears to come from users who had Amazon or eBay accounts from 2014-2021 in 18 different countries. By Bernard Meyer I February 17, 2021

110,000+ user records from car-sharing service CityBee leaked and sold on hacker forum

The leak could put 110,000+ Lithuanian CityBee users at risk of identity theft and credential stuffing attacks. A database that belongs to CityBee, a car sharing service that operates in the Baltic states and Poland, has appeared on a popular hacker forum. By Edvardas Mikalauskas I February 17, 2021

Files stolen as law firm Jones Day hit by Clop ransomware attack

International law firm Jones Day has been targeted in a ransomware attack and the stolen files were dumped on the internet. By Duncan Riley I February 16, 2021

Notion’s hours-long outage was caused by phishing complaints