Phishing scheme shows CEOs may be ‘most valuable asset,’ and ‘greatest vulnerability’

Cybercriminals have been using a phishing kit featuring fake Office 365 password alerts as a lure to target the credentials of chief executives, business owners and other high-level corporate leaders. The scheme highlights the role and responsibility upper management plays in ensuring the security of their own company’s assets. By Bradley Barth I January 26, 2021

South Carolina County Suffers Weekend Cyberattack

A coastal South Carolina county says hackers broke into its computer network over the weekend. By Associated Press I January 25, 2021

Risk Based Security releases its Year-End 2020 Data Breach Report

Risk Based Security recently released their 2020 Year End Data Breach QuickView Report, revealing that there were 3,932 publicly reported data breaches, compromising over 37 billion records. By RiskBased Security I January 25th, 2021

Identifier Management - Video of the Week

New Known Breaches in the Past Week

Unsecured Server Exposed Records Containing Sensitive Personal Data and Case Notes From Cook County Court

On September 26, 2020, researchers discovered an unsecured Elasticsearch server exposing more than 323,277 Cook County court related records containing highly sensitive personal data. Cook County, Illinois, is the second most populous county in the U.S., with a population in excess of 5 million people. By Kevin Townsend I January 25, 2021

Bonobos Suffers Huge Data Breach

Men's clothing store Bonobos has suffered a massive data breach exposing millions of customers' personal information. By Jamie Grill-Goodman I January 26, 2021

San Francisco Law Firm Investigating PupBox Data Breach

A San Francisco law firm has launched an investigation into a data breach that took place at a subsidiary of Petco Health and Wellness Company. By Sarah Coble I January 25, 2021

8+ million Teespring user records leaked on hacker forum

A user on a popular hacker forum has leaked an archive containing user and creator data allegedly exfiltrated from Teespring, an e-commerce platform that allows people to design, market, and sell custom (and often controversial) apparel. By Edvardas Mikalauskas I January 25, 2021

Regulations, Frameworks, and Controls

Can the SolarWinds incident spur more action, less talk about supply chain security?

Jon Boyens, the deputy chief of Computer Security Division at the National Institute of Science and Technology, said a 2018 report by the Ponemon Institute found 66% of companies do not have a comprehensive third-party inventory. The 2019 Ponemon report found the average cost of a supply chain attack was $7.5 million and more than 50% of all respondents reported a breach in the two years. By Jason Miller I January 25, 2021

NIST Shares Risk-Based Guide to Information Exchange Security

Newly proposed NIST guidance tackles the use of information exchange channels, providing insights on risk-based considerations to protect and manage shared information. By Jessica Davis I January 27, 2021

Enterprise Technical Security That Matters

Another ransomware now uses DDoS attacks to force victims to pay

Another ransomware gang is now using DDoS attacks to force a victim to contact them and negotiate a ransom. By Lawrence Abrams I January 24, 2021

DreamBus botnet targets enterprise apps running on Linux servers

Chances are that if you deploy a Linux server online these days and you leave even the tiniest weakness exposed, a cybercrime group will ensnare it as part of its botnet. By Catalin Cimpanu | January 25, 2021

Packaging Giant WestRock Says Ransomware Attack Impacted OT Systems

American packaging giant WestRock (NYSE: WRK) on Monday revealed that it was recently targeted in a ransomware attack that impacted both information technology (IT) and operational technology (OT) systems. By Eduard Kovacs I January 25, 2021

Leading crane maker Palfinger hit in global cyberattack

Leading crane and lifting manufacturer Palfinger is targeted in an ongoing cyberattack that has disrupted IT systems and business operations. By Lawrence Abrams I January 25, 2021

Google fixes severe Golang Windows RCE vulnerability

This month Google engineers have fixed a severe remote code execution (RCE) vulnerability in the Go language (Golang). By Ax Sharma I January 26, 2021

Windows 10 NTFS corruption bug gets unofficial temporary fix 

Developers have released an unofficial fix for a Windows bug that could lead to the corruption of an NTFS volume by merely viewing a specially crafted file. By Lawrence Abrams I January 25, 2021

New Known Breaches in the Past Week

Unsecured Server Exposed Records Containing Sensitive Personal Data and Case Notes From Cook County Court

On September 26, 2020, researchers discovered an unsecured Elasticsearch server exposing more than 323,277 Cook County court related records containing highly sensitive personal data. Cook County, Illinois, is the second most populous county in the U.S., with a population in excess of 5 million people. By Kevin Townsend I January 25, 2021

Bonobos Suffers Huge Data Breach

Men's clothing store Bonobos has suffered a massive data breach exposing millions of customers' personal information. By Jamie Grill-Goodman I January 26, 2021

San Francisco Law Firm Investigating PupBox Data Breach

A San Francisco law firm has launched an investigation into a data breach that took place at a subsidiary of Petco Health and Wellness Company. By Sarah Coble I January 25, 2021

8+ million Teespring user records leaked on hacker forum

A user on a popular hacker forum has leaked an archive containing user and creator data allegedly exfiltrated from Teespring, an e-commerce platform that allows people to design, market, and sell custom (and often controversial) apparel. By Edvardas Mikalauskas I January 25, 2021

Small Business Entrepreneur Cybersecurity News

5 Simple Ways to Secure Online Business Transactions

SMBs often assume that cyber attackers wouldn’t target them. In the past, that was mostly true. Cybercriminals would focus almost exclusively on big brands with significant financial resources. Unfortunately, the tide has turned for small businesses. By Akarsh Shekhar I January 25, 2021

PPP Loan Email Scams Target Small Businesses

The U.S. Attorney's Office in Massachusetts has warned businesses of an uptick in bogus emails related to the U.S. Small Business Administration's release last year of the names and addresses of more than 600,000 Bay State PPP loan recipients. By Cbia I January 21, 2021

Ace entrepreneur Jaime Manteiga speaks of some of the data security strategies that can help small organizations to avoid cyber attacks

Manteiga, the founder and CEO of Taptok and Venkon Corp, understands data security like no other. As the world transits from the traditional modes of communication and doing business, the digital world poses many threats, especially to small organizations. From hacking to data theft, there’s a lot small businesses have to consider. Jaime helps small businesses to find better aid against internet threats. By Data Source Hub I January 21, 2021

The Dos and Don’ts for SMB Cybersecurity in 2021

It’s no secret that the COVID-19 pandemic has severely impacted small and medium-sized businesses (SMBs). While dealing with decreased foot traffic, greater local regulations, and growing expenses, cybersecurity has undoubtedly become a lesser priority for SMBs struggling to get back on their feet. By Garrett O’Hara I January 26, 2021

Risk Based Security releases its Year-End 2020 Data Breach Report 

It’s no secret that the COVID-19 pandemic has severely impacted small and medium-sized businesses (SMBs). While dealing with decreased foot traffic, greater local regulations, and growing expenses, cybersecurity has undoubtedly become a lesser priority for SMBs struggling to get back on their feet. By Garrett O’Hara I January 26, 2021

New Known Breaches in the Past Week

Unsecured Server Exposed Records Containing Sensitive Personal Data and Case Notes From Cook County Court

On September 26, 2020, researchers discovered an unsecured Elasticsearch server exposing more than 323,277 Cook County court related records containing highly sensitive personal data. Cook County, Illinois, is the second most populous county in the U.S., with a population in excess of 5 million people. By Kevin Townsend I January 25, 2021

Bonobos Suffers Huge Data Breach

Men's clothing store Bonobos has suffered a massive data breach exposing millions of customers' personal information. By Jamie Grill-Goodman I January 26, 2021

San Francisco Law Firm Investigating PupBox Data Breach

A San Francisco law firm has launched an investigation into a data breach that took place at a subsidiary of Petco Health and Wellness Company. By Sarah Coble I January 25, 2021

8+ million Teespring user records leaked on hacker forum

A user on a popular hacker forum has leaked an archive containing user and creator data allegedly exfiltrated from Teespring, an e-commerce platform that allows people to design, market, and sell custom (and often controversial) apparel. By Edvardas Mikalauskas I January 25, 2021

Enterprise Technical Security That Matters

What is the NIST Cybersecurity Framework?

The National Institute of Standards and Technology, or NIST, helps organizations to better understand and manage their cybersecurity risks. NIST does this through its Cybersecurity Framework. BY DEVOPS.COM I January 11, 2021

Ransomware Attack Hits Short Line Rail Operator OmniTRAX

Colorado-based short line rail operator and logistics provider OmniTRAX was hit by a recent ransomware attack and data theft that targeted its corporate parent, Broe Group. By Yahoo Finance I January 11, 2021

Obfuscation Techniques in Ransomweb “Ransomware”

As vital assets for many business operations, websites and their hosting servers are often the target of ransomware attacks — and if they get taken offline, this can cause major issues for a business’ data, revenue, and ultimately reputation. By Luke Leal I January 12, 2021

Lokibot Stealer Comes with Added Features to Hide Better While Attacking Targets

The Lokibot malware is used by cyber attackers primarily for stealing credentials from a compromised system. In a recent campaign, a new version of the malware has been found equipped with more misdirection and anti-analysis features. By Cyware Alerts I January 13, 2021

Misconfigurations in Spring Data projects could leave web apps open to abuse

A security researcher has detailed how a “critical” bug in the Spring Data project could be abused to expose and modify web application user data. By Jessica Haworth I January 13, 2021

MSP News

What is the NIST Cybersecurity Framework?

The National Institute of Standards and Technology, or NIST, helps organizations to better understand and manage their cybersecurity risks. NIST does this through its Cybersecurity Framework. BY DEVOPS.COM I January 11, 2021

ThreatLocker Elevation Control Adds Privileged Access Management (PAM) to Application Control Suite to Help MSPs Streamline Management of Local Admin Rights

ThreatLocker today announced ThreatLocker Elevation Control, a Privileged Access Management (PAM) solution that provides MSPs with the ability to quickly add or remove administrative rights and easily control application elevation for users, without interrupting application, device or system performance. By Street Insider I January 11, 2021

BCM One Acquires Next-Generation White-Label Communications Platform Provider SkySwitch

BCM One, a leading managed technology solutions provider, announced today that it has acquired SkySwitch, a prominent white-label UCaaS provider based in Tampa, Florida. The acquisition allows BCM One to expand its UCaaS offerings and grow its channel audience reach to a variety of resellers including MSPs, VARs, ISPs, WISPs, interconnects and channel agents, empowering them to white-label the company's next-generation communications services to their customers. By PRNewswire I January 05, 2021

Navisite Acquires Velocity Technology Solutions

Navisite today announced that it has acquired Velocity Technology Solutions, Inc. ("Velocity"), a global cloud managed service provider (MSP). With this acquisition, Navisite enhances its position as a leader of managed cloud and enterprise resource planning (ERP) services for mid-market and enterprise customers, including a base of both fast-growing and established global brands. By Navisite I January 6, 2021

Small Business Entrepreneur Cybersecurity News

What is the NIST Cybersecurity Framework?

The National Institute of Standards and Technology, or NIST, helps organizations to better understand and manage their cybersecurity risks. NIST does this through its Cybersecurity Framework. BY DEVOPS.COM I January 11, 2021

Mastercard Launches Cybersecurity Solution & Advice Center For Small & Medium Businesses

Mastercard announced on Monday the launch of its Mastercard Trust Center. According to Mastercard, the Mastercard Trust Center helps small businesses defend their most important assets, their business and reputation, through free online access to trust cybersecurity research, education, resource, and tools. By Samantha Hurst I January 12, 2021

One in Four Small Businesses Plan to Hire a Financial Consultant in 2021, According to New Survey Data

With the lasting financial impacts of COVID-19, some small businesses will seek insight from financial experts to improve their bottom line. A new survey from Clutch, leading B2B ratings and reviews platform, found 24% of small businesses in the U.S. plan to hire a financial consultant or advisor in 2021. By Clutch I January 12, 2021

Carmen Marsh Selected as SynED's Cyber Hero for Empowering Women in Cybersecurity and Career Technical Education

Today, SynED, a national non-profit organization that identifies emerging best practices for effective articulation between employers, job seekers, and education providers, announced that Carmen Marsh was selected as its national Cyber Hero for January. By SynED I January 12, 2021

Data Classification

Regulations, Frameworks, and Controls

What is the NIST Cybersecurity Framework?

The National Institute of Standards and Technology, or NIST, helps organizations to better understand and manage their cybersecurity risks. NIST does this through its Cybersecurity Framework. BY DEVOPS.COM I January 11, 2021

HITECH Act Amendment Incentivizes Adoption of NIST and Other Recognized Cybersecurity Safeguards as a Defense or Mitigation to HIPAA Enforcement

On January 5, 2020, HR 7898, became law amending the Health Information Technology for Economic and Clinical Health Act (HITECH Act), 42 U.S.C. 17931, to require that “recognized cybersecurity practices” be considered by the Secretary of Health and Human Services (HHS) in determining any Health Insurance Portability and Accountability Act (HIPAA) fines, audit results or mitigation remedies. By THE NATIONAL LAW REVIEW I January 12, 2021