Copy
Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 2-15-2021

Live Panel this Wed: 2020 Healthcare Data Breach Report from CI Security
Join us this Wed., 2/17, at 12pm PT as we look back at an unprecedented year in healthcare, and review the lessons learned with CI's recently released 2020 Healthcare Data Breach report. Using in-depth analysis from this year's HHS data breach reports, the panel will be discussing the report's findings, including the most pressing risks healthcare security teams need to manage in 2021 to avoid ending up on the HHS 'Wall of Shame.'
https://app.livestorm.co/ci-security/the-2020-healthcare-data-breach-report
 
Welcoming the FDA Acting Director of Medical Device Cybersecurity
While only a twelve month post, Fu will lead the FDA’s ongoing efforts to ensure the safety and effectiveness of medical devices, including pacemakers, insulin pumps, hospital imaging machines, and other electronic devices all of which are being connected to healthcare organization networks.
https://securityboulevard.com/2021/02/welcoming-the-fda-acting-director-of-medical-device-cybersecurity/
 
mHealth Apps Expose Millions to Cyberattacks
According to the resulting report from Approov, out of 30 popular mHealth apps analyzed, 77 percent of them contained hardcoded API keys, which would allow an attacker to intercept that exchange of information — some of which don’t expire. Seven percent of these belonged to third-party payment processors that explicitly warn against hard-coding their secret keys in plain text.
https://threatpost.com/mhealth-apps-millions-cyberattacks/163966/
 
Microsoft is going to have lots of clouds for industries. Here's why they matter
The plan is to create several more industry clouds where there are opportunities for Microsoft partners and integrators to use their deep industry knowledge and Microsoft tools to create specific end-to-end solutions that fit those types of businesses.
https://www.zdnet.com/article/microsoft-is-going-to-have-lots-of-clouds-for-industries-heres-why-they-matter/
 
Cybersecurity in Financial Services: Securing the Future of Organizations in the Post-COVID World
Two-factor authentication is no longer sufficient in the new normal, given its susceptibility to be broken into by threat actors. While banks need to re-think all three mentioned methods, any changes need to be made without taking away from a frictionless banking experience.
https://www.infosecurity-magazine.com/opinions/cybersecurity-financial-services/
 
Cyber Risk Poses Increased ESG Challenges to Municipal Govts
The recent cyberbreach of the Florida city of Oldsmar is an important moment in the evolving nature of municipal cyber risk, Fitch Ratings says. The breach was one of the first cases of the use of a municipality’s cyber infrastructure for a kinetic attack with the potential for human casualties. Though unsuccessful, the attack was evidence of the increasing frequency of cyber-attacks and the significant risks they pose to public finance entities, their constituencies and management.
https://www.fitchratings.com/research/us-public-finance/cyber-risk-poses-increased-esg-challenges-to-municipal-govts-12-02-2021
 
U.S.'s First Cyber Insurance Risk Framework Issued by New York Department of Financial Services
The Framework requires all insurers to sustainably and effectively manage their cyber insurance risk. While noting that each insurer's risk will vary based on many factors including size, resources, geographic distribution, market share, and industries served, the Framework requires all insurers to review its best practices and take an approach proportionate to its risk.
https://www.jdsupra.com/legalnews/u-s-s-first-cyber-insurance-risk-4755476/
 
How the United States Lost to Hackers
Iran emerged from a digital backwater into one of the most prolific cyber armies in the world. China, after a brief pause, is back to pillaging America’s intellectual property. And, we are now unwinding a Russian attack on our software supply chain that compromised the State Department, the Justice Department, the Treasury, the Centers for Disease Control, the Department of Energy and its nuclear labs and the Department of Homeland Security, the very agency charged with keeping Americans safe.
https://www.nytimes.com/2021/02/06/technology/cyber-hackers-usa.html
 
SolarWinds: How Russian spies hacked the Justice, State, Treasury, Energy and Commerce Departments
Brad Smith: I think this target list tells us that this is clearly a foreign intelligence agency. It exposes the secrets potentially of the United States and other governments as well as private companies. I don't think anyone knows for certain how all of this information will be used. But we do know this: It is in the wrong hands.
https://www.cbsnews.com/news/solarwinds-hack-russia-cyberattack-60-minutes-2021-02-14/
 
Microsoft asks government to stay out of its cyber attack response in Australia
"Microsoft has significant concerns about this authority …  we believe that a policy allowing for direct governmental intervention would undermine the government's objectives of defence and recovery," it wrote. "Rather, in many cases, it is the individual organisations themselves, and not the government, that are best positioned to determine how to appropriately respond to and mitigate the impact of cyber incidents.
https://www.zdnet.com/article/microsoft-asks-government-to-stay-out-of-its-cyber-attack-response-in-australia/
 
CMMC: Stopping Cyber Espionage Like Chinese Theft of F-35 Data
The persistence of nation-state efforts to conduct industrial espionage and steal intellectual property means there is value in making every entry point harder to breach. The CMMC features tiers of security, and if program managers and prime contractors are mindful of those tiers, suggests Bostjanick, they ensure smaller subcontractors are not given controlled unclassified information that they cannot protect.
https://breakingdefense.com/2021/02/cmmc-stopping-cyber-espionage-like-chinese-theft-of-f-35-data/
 
Myanmar Junta Tightens Control, Orders New Internet Blackout
Last week, the junta proposed a cyber security law that could see social media users fined or jailed for posts containing what it construes as “misinformation or disinformation that causes public panic.” [...] “Anyone can be arrested anytime,” said Maung Saung Kha, executive director of Athan, a Yangon-based freedom of expression advocacy group. “No one feels safe at this point.”
https://www.bloomberg.com/news/articles/2021-02-14/myanmar-junta-amends-law-for-more-power-on-detentions-spying
 
Will this Utah proposal quash lawsuits from victims of data breaches?
Rep. Walt Brooks, R-St. George, said his bill, HB80, uses a carrot in lieu of a stick to incentivize companies to build and maintain robust cyber protections for sensitive personal information they collect from customers. So long as they do, those companies can reside in a so-called legal “safe harbor” created by Brooks’ bill in which they would find some protections from tort claims following any data breach or hacking incidents.
https://www.deseret.com/utah/2021/2/14/22279124/utah-legislature-data-breach-hacking-personal-privacy-porn-filtering-mobile-devices
 
Egregor ransomware operators arrested in Ukraine
The Egregor gang, which began operating in September 2020, operates based on a Ransomware-as-a-Service (RaaS) model. They rent access to the actual ransomware strain, but they rely on other cybercrime gangs to orchestrate intrusions into corporate networks and deploy the file-encrypting ransomware.
https://www.zdnet.com/article/egregor-ransomware-operators-arrested-in-ukraine/
 
Fifth-generation cyberattacks are here. How can the IT industry adapt?
Cyberattacks have reached a new level of sophistication, ranging from international espionage to massive breaches of personal information to large-scale internet disruption. Advanced “weapons-grade” hacking tools have been leaked, allowing attackers to move fast and infect large numbers of businesses and entities across huge swaths of geographic regions.
https://www.weforum.org/agenda/2021/02/fifth-generation-cyberattacks/
 
The Untold History of America’s Zero-Day Market
The Snowden leaks made clear that the US was the biggest player in this space, but I knew that it was hardly the only one. Oppressive regimes were catching on, and a market was cropping up to meet their demand. There were vulnerabilities everywhere, many of them of our own making, and powerful forces—including our own government—were ensuring it stayed this way. Many did not want this story to be told.
https://www.wired.com/story/untold-history-americas-zero-day-market/
 
Major Hospitals Promise to Guard Privacy in Forming Company to Capitalize on Patient Data
The company, Truveta Inc., promises to preserve the privacy of the millions of patients whose records will be packaged for sale, including seeking stringent security certifications. It will need to: Healthcare is a prime target for hackers, with more than 28 million records breached last year, as WSJ Pro’s James Rundle has reported.
https://www.wsj.com/articles/cyber-daily-major-hospitals-promise-to-guard-privacy-in-forming-company-to-capitalize-on-patient-data-weekend-reading-11613141725

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


 

CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 


Add this Email to Your Address Book





unsubscribe