Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 3-26-2021

Free Security Awareness Training
Join us for our NEVER BORING bi-weekly security awareness training at noon Pacific today, Friday 3/26.
This company was hit by ransomware. Here's what they did next, and why they didn't pay up
Spectra Logic had cyber insurance, which could potentially have covered the cost of paying the ransom. That might have been the simpler short-term decision for restoring the network, but it was quickly decided that with the backups still available, Spectra Logic wouldn't give in to the ransom demand. So instead of communicating with the cyber criminals at all, Mendoza contacted the FBI.
American Hospital Association selects CI Security as Preferred Provider for Managed Detection & Response
“CI Security has been selected as the AHA’s best and most appropriate solution provider for their selected services and we can confidently recommend that our healthcare networks nationwide can rely on CI Security’s solutions to support their never ending efforts to achieve utmost security.”
5 Ways to Update Your Healthcare Incident Response Plan
How long did it take you to find it? Did you have to dust off the physical binder? When was the digital copy last accessed? And, most important, if you were about to launch into an incident response effort right now, how confident would you be with that plan by your side?
CU Denver Study Finds More than 64% Health CEOs are Concerned About Pandemic Challenges 
Specifically, their concerns include keeping up with technology, regulatory changes, fiscal burden, and cyber threats. Nevertheless, CEOs believe that digital and intelligent technologies, new strategic mindsets, and hiring a diverse workforce can sway these challenges into growth opportunities.
Policyholders may be the primary target in hack of cyber insurance provider CNA
“The profit that ransomware groups can extort from a target has historically started as an educated guess, modified as the hostile negotiations proceed. Possessing the cyber insurance policy details at the outset allows ransomware groups to maximize their success by setting a price that falls within the bounds of the coverage.”
Manufacturing’s Cloud Migration Opens Door to Major Cyber-Risk
Among the findings of the report include a consistent characterization of the top five vulnerabilities found in internet-facing apps in the last three months, researchers found. Those flaws are: Information leakage, insufficient session expiration, cross-site scripting, insufficient transport layer protection and content spoofing.
Banks and insurers to face tough cyber stress tests under Bank of England plan
Industry sources said they expected the examination of their ability to withstand a coordinated global series of cyberattacks to form the centrepiece of the Bank of England's stress scenario when it is conducted later this year.
CISO Compass: Our challenge - Gender equity in cyber
Within the Office of Cybersecurity I specifically want to celebrate Judy Bartley, Sarah Colvin, Lisa Kendall, Jenn Somnis and Jenny Regalado. They are all driven to excel, unflappable in stressful situations and bring strong personal values to their professional capacities. OCS, and the state, are very fortunate to have people with their skills working here.
Impatient lawmakers press Biden for cyber director nominee
"I ask that you prioritize immediate action on the new authority granted by the fiscal year 2021 National Defense Authorization Act to nominate a national cyber director," Rep. Carolyn Maloney (D-N.Y.), chairwoman of the House committee on oversight and reform, wrote in a March 24 letter to the White House.
General says attacks by foreign hackers are 'clarion call'
Nakasone said Cyber Command and the National Security Agency are helping plan the Biden administration's response to the SolarWinds intrusion and that “policymakers are considering a range of options, including costs that might be imposed by other elements of our government."
US conducted more than two dozen cyber operations targeting foreign threats to the 2020 election
A US official had previously confirmed to CNN in November that Cyber Command had conducted missions targeting major adversaries including Russia, Iran and China, but the number of such operations ahead of the election was not previously known. The same official also told CNN that such operations would continue after ballots were cast.
New U.K. Currency Honors Alan Turing, Pioneering Computer Scientist And Code-Breaker
"Alan Turing was a gay man, whose transformational work in the fields of computer science, codebreaking, and developmental biology, was still not enough to spare him the appalling treatment to which he was subjected," Bailey said. "By placing him on this new £50 banknote, we celebrate him for his achievements, and the values he symbolises, for which we can all be very proud."
Facebook Disrupts Spy Effort Aimed at Uyghurs
This was all undertaken with selective targeting, according to the post: “This group took steps to conceal their activity and protect malicious tools by only infecting people with iOS malware when they passed certain technical checks, including IP address, operating system, browser, and country and language settings.”
New Wave of ‘Hacktivism’ Adds Twist to Cybersecurity Woes
Three major hacks show the power of this new wave of "hacktivism" - the exposure of AI-driven video surveillance being conducted by the startup Verkada, a collection of Jan. 6 riot videos from the right-wing social network Parler, and disclosure of the Myanmar military junta's high-tech surveillance apparatus.
A strong year ahead for recruiting cyber professionals
Heading into 2021 we have so many reasons to be grateful and positive. Today, there are more job openings than ever and there’s been a diversification of our client portfolio – we are now hiring across more industries than ever before as previously dormant markets begin to hire in cyber and build the needed defenses.
OpenSSL fixes high-severity flaw that allows hackers to crash servers
On Thursday, OpenSSL maintainers disclosed and patched a vulnerability that causes servers to crash when they receive a maliciously crafted request from an unauthenticated end user. CVE-2021-3449, as the denial-of-server vulnerability is tracked, is the result of a null pointer dereference bug.
CISA Adds Two Web Shells to Exchange Server Guidance
Each of these reports, now included in CISA's full "Mitigate Microsoft Exchange Server Vulnerabilities" alert, identifies a Web shell seen in post-compromised Microsoft Exchange servers. CISA has also updated seven existing MARs to include YARA rules developed by CISA to help organizations detect the malware seen so far in these attacks.
Defense Department Took 22 Days to Create 'Silly Bear' Meme to Roast Russian Hackers
Peter Singer, a senior fellow at the think tank New America and expert on cybersecurity and cyberwar, told on Thursday that the episode shows the government is starting to take some necessary steps forward, but still has a long way to go "in the new battle of 'likes' that actually have real-world impact."

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 

We host NEVER BORING free security awareness training every other Friday.
Register and/or send your colleagues and friends. Let's educate users together! 

Add this Email to Your Address Book