This section has to do with current trends in cyber security. Our President, Bill Palisano hand selects articles he thinks are pertinent to read and understand every few weeks. Keeping up with this section will enable you to stay updated, informed and current so that you never find yourself without the tools to secure your information.
5 traits all the best CISOs have:
I know many CISO’s. If you’re an Owner, CEO, President, or C-Suite, you’ll want to read this. It is RIGHT ON TARGET! As a career entrepreneur and business person, #3 resonates with me. It is what separates a GOOD CISO from a GREAT CISO. Think about yours… Is he/she good, or great?:
FBI Issues DDoS amplification attack alert:
The Federal Bureau of Investigation (FBI) in the U.S. has issued an alert warning organizations that distributed denial of service (DDoS) amplification attacks are on the rise. With all of the attention to Ransomware, DDoS attacks have taken a back stage, but, they’re still there. Get Ready to be attacked:
Cracking the cyber liability code leads to better insurance coverage:
Many clients/friends I’ve spoken with ‘think’ (hope) they’re insured properly for cyber-liability. And in some cases, I get the hint that they’d rather not dig into it (ignorance is bliss?). Well, ‘hope’ is NOT a strategy, nor a contingency plan. This 5 minute read has a GREAT explanation and 5 item listing of MUST HAVE’s for cyber-liability coverage:
The Lesson here is really Behind the Scenes:
A somewhat ‘typical’ ransomware against a city in Alabama. But the educational value is within the “Comments” section.
Read the article and then: READ THE COMMENTS at the end. Especially the conversation thread started by this question:
“Can someone kindly explain to me how a security firm in Wisconsin can “see” what’s happening with regards to an attack inside a network in
Cyber security 101: Protect your privacy from hackers, spies, and the government
Simple steps can make the difference between losing your online accounts or maintaining what is now a precious commodity: Your privacy.
U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs
With the huge surge in unemployment claims, and state unemployment systems being over-run, you had to know this would be coming:
1 Day, 3 New Ransomware Attacks reported, not all successful. Why?
Magellan Health – proving (during this COVID Crisis) “There is no Honor among the Thieves.” Threat Vector: Phishing (as usual). Undetermined: Was exfiltrated data anonymized and do they need to notify breached individuals?
Pitney Bowes – After their previous Ransomware Attack – 7 months ago, a New Successful Attack & Breach BUT Unsuccessful Ransomware Execution! New endpoint detection & response and advanced threat protection tools deployed – Won the Day!
Texas Court – Partially shut down by Ransomware. Although they “will not pay” the ransom, they do acknowledge the need for more/better security training of their employees. As government branches continue to be targeted by these types of attacks, they continue to struggle to keep pace with the security required to deliver information to citizens, yet protect it from nefarious use by bad actors:
Threat Spotlight: Coronavirus-Related Phishing.
As much of the world grapples with the new coronavirus, COVID-19, and how to handle it, attackers are taking advantage of the widespread discussion of COVID-19 in emails and across the web..
5 ways COVID-19 is reshaping the cybercrime economy.
As the COVID-19 pandemic pushes the above-ground economy to the brink of a major recession, the cybercrime economy appears to still be hard-charging ahead. And yet, the virus has rapidly reshaped the way business is being done on the dark web, as buyers and sellers jump on the opportunity to capitalize on global fears, as well as dramatic shifts in supply and demand.
SBA emergency loan applicants’ data likely exposed.
breach at the Small Business Administration may have exposed personal information on almost 8,000 small businesses that applied to the agency’s Economic Injury Disaster Loan program (EIDL), recently expanded to include organizations affected by the COVID-19 pandemic..
Zoombombing provides teachable moment for cybersecurity teams.
Most of the instances of conference calls being hacked, popularly known as Zoombombing, are from a cybersecurity perspective a self-inflicted wound. The fact that malicious actors could, for example, use publicly posted meeting links, guess meeting IDs, and discover personal meeting IDs posted online to join a meeting uninvited is not some newly discovered set of vulnerabilities. It’s only been with the need for large swaths of the population to remain at home that these issues are coming to the fore. Zoom, as the most popular video collaboration platform of the moment, is naturally at the center of the storm.
Preventing Eavesdropping and Protecting Privacy on Virtual Meetings.
Conference calls and web meetings—virtual meetings—are a constant of modern work. And while many of us have become security-conscious in our online interactions, virtual meeting security is often an afterthought, at most. Who hasn’t been finishing one call when attendees of the next call start joining – because the access code is the same? In the moment it may be annoying, or even humorous, but imagine if you were discussing sensitive corporate (or personal) information. Unfortunately, if virtual meetings are not set up correctly, former coworkers, disgruntled employees, or hackers might be able to eavesdrop or disrupt them. Using some basic precautions can help ensure that your meetings are an opportunity to collaborate and work effectively – and not the genesis of a data breach or other embarrassing and costly security or privacy incident.
Working from Home? SANS Security Awareness Deployment Guide (for businesses) & Top 5 Tips for Working from Home Securely (for employees)
With the coronavirus disrupting business as usual, organizations and school districts worldwide are implementing work-from-home policies. Not only does this pose new challenges for organizations that lack the processes and technologies required to secure a remote workforce, it puts an even greater burden on families who must quickly adapt to a new way of working and learning from home — and do so safely and securely.
Five billion records exposed in open ‘data breach database’
More than five billion records were exposed after a Keepnet Labs Elasticsearch “data breach database” housing a trove of security incidents from the last seven years was left unprotected.
Malicious coronavirus map hides AZORult info-stealing malware:
Cyberattackers continue to seize on the dire need for information surrounding the novel coronavirus. In one of the latest examples, adversaries have created a weaponized coronavirus map app that infects victims with a variant of the information-stealing AZORult malware.
The SHIELD Act: NY’s New Data Protection Requirements Take Effect:
In his Health Law column, Francis J. Serbaroli discusses New York’s new SHIELD Act, which imposes new data security and data breach reporting requirements on any entity in possession of private information of New York residents regardless of whether the entity is located in New York. The Act also levies higher penalties for non-compliance with its data security and reporting requirements, but does not provide for a private cause of action.
25 Tech Predictions for 2020:
Much will be different, relative to ten years ago. The year 2020 opens a new decade and much will be different, relative to ten years ago. Here are more than two dozen predictions about what to expect, according to industry experts and executives.
Ring camera hacks show the need for better IoT security:
Ring camera doorbells gained fame for catching porch pirates steal packages but after several high-profile cases where hackers gained control of them they are being held up by the cybersecurity industry as a prime example why companies and homeowners need to take IoT security seriously.
Snatch ransomware reboots PCs into Safe Mode to bypass protection:
Cyberthreats to financial institutions 2020: Overview and predictions:
BEST PRACTICES: Resurgence of encrypted thumb drives shows value of offline backups - in the field:
Ransomware attack on nursing homes’ services provider threatens lives:
How to negotiate with hackers:
How tape backup systems improve data protection:
What it takes to preserve business continuity, recover quickly from a cyber disaster
VPN to world:
Reports of my death are greatly exaggerated
How ready are you to respond to a ransomware attack?