Hi readers,
Every Monday, I share insights from leading CISOs through exclusive interviews, podcast summaries, and thought leadership articles. In this issue, I interview Terence Jackson, CISO at Thycotic, about the ongoing challenges that CISOs face.
This issue also includes the popular CYBER BREACH MONDAY feature, a summary of the latest data breaches worldwide. Here's a sampling of recent breaches:
Albert Einstein Hospital (Sao Palolo, Brazil): 16 million breach victims; The health information of Brazilian COVID-19 patients was leaked by a hospital employee who uploaded an unsecured spreadsheet on GitHub.
AspenPointe (Colo.): 295,617 breach victims; network server hacking/IT incident.
Recently, I expanded Inside Security to five times per week and added more premium content, such as my CUTTING EDGE feature on Tuesdays. On Wednesday, I am running my PATCH WATCH column, to ensure you never miss critical security updates from leading vendors, as well as my SECURITY FUNDING feature.
To enjoy this great content and more, upgrade to premium! For a limited time, we are offering a 14-day free trial of our premium content.
Thanks for the support.
|
Fred
|
|
|
|
Thycotic CISO Terence Jackson shares his thoughts on the challenges CISOs face in these difficult times.
- On the biggest security threats: "The most significant security threat that we are still seeing is phishing."
- On the evolving role of the CISO: "The CISO has to be multifaceted and to operate as the advisor, guardian, risk manager, and privacy guru."
- Click here to upgrade to premium and read the full interview!
|
|
Serious vulnerabilities in SD-WAN products made by Cisco, Citrix, VMware, and HP's Silver Peak can be used by an attacker to redirect traffic or shut down a network, warned researchers from Realmode Labs. The bugs can be exploited to carry out remote code execution (RCE) attacks. The vendors issued patches for the bugs after being informed about the issues by the researchers.
More:
- Cisco's SD-WAN vManager network management system has four bugs: two directory traversal issues, a shell injection bug, and a privilege escalation bug.
- Citrix's SD-WAN Center has two authentication bypass flaws and two shell injection bugs.
- VMware's SD-WAN (VeloCloud) Orchestrator has backdoor, path traversal, SQL injection, and file inclusion bugs.
- Silver Peak's Unity Orchestrator has authentication bypass, file delete path traversal, and arbitrary SQL query execution bugs.
SECURITY WEEK
|
|
CYBER BREACH MONDAY
Every Monday, I summarize the most important breaches, so you stay up-to-date on the latest cybersecurity incidents. In today's issue:
Albert Einstein Hospital (Sao Palolo, Brazil): 16 million breach victims; Health information of Brazilian COVID-19 patients was leaked by a hospital employee who uploaded an unsecured spreadsheet on GitHub.
AspenPointe (Colo.): 295,617 breach victims; network server hacking/IT incident.
To read the rest of today's data breaches and get access to full newsletters on a daily basis, take advantage of our 14-day free trial offer for premium content!
UPGRADE NOW
|
|
|
|
A county in Pennsylvania paid a $500K ransom to get the decryption key from the DoppelPaymer ransomware gang. Delaware County had to take its network offline after discovering the ransomware infection. The county's Bureau of Elections and Emergency Services Department were not impacted by the attack.
More:
- The attackers were able to access police reports as well as payroll and purchasing databases.
- The DoppelPaymer gang is one of a growing number of ransomware groups that engage in double extortion: holding both data and encrypted systems for ransom.
- Other ransomware groups adopting the double-extortion strategy include REvil (Sodinokibi), Clop, Mespinoza, Nefilim, Nemty, Netwalker, RagnarLocker, Sekhmet, and Snatch.
BLEEPING COMPUTER
|
|
The Supreme Court on Monday is hearing oral arguments about the scope of the Computer Fraud and Abuse Act (CFAA), a case that could have implications for cybersecurity research. The case, Van Buren v. United States, focuses on whether individuals who misuse their authorized access to a computer could be held liable under CFAA.
More:
- In an amicus brief, the Electronic Frontier Foundation and other groups argued that a broad interpretation of the law could discourage researchers from searching for and disclosing security flaws.
- The plaintiff, Nathan Van Buren, a Georgia police officer, was convicted of searching a license plate database for personal purposes in addition to law enforcement purposes.
- The case is expected to turn on an interpretation of the CFAA's vague language, which sanctions any person who "exceeds authorized access" on a computer.
BLOOMBERG LAW
|
|
Drupal has released emergency patches for two critical code execution (RCE) bugs in the Drupal core because of known exploits in the wild. The bugs are in the open-source PEAR Archive_Tar library, which Drupal uses to handle TAR files in PHP.
More:
- The bugs are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them.
- Drupal stressed that these flaws are different from critical RCE bugs it patched last year.
- A week ago, Drupal fixed another RCE bug in Drupal core.
HELP NET SECURITY
|
|
Trend Micro researchers have uncovered a backdoor in the macOS that could be related to the Vietnamese-based Ocean Lotus group. The researchers noted that the new variant of the malware includes new behavior and domain names. Ocean Lotus (aka, APT32) targets organizations in the media, research, and construction industries.
More:
- The malware is an app bundled in a ZIP archive, which disguises itself as a Word document.
- Ocean Lotus was recently discovered to be using fake websites and Facebook groups to deploy malware.
- The group carries out cyberespionage for the Vietnamese government.
TREND MICRO
|
|
Advantech has been hit by a ransomware attack that disrupted its network and leaked confidential corporate documents. The Conti ransomware group is demanding a hefty $14M ransom from Advantech to provide the decryption key and stop leaking stolen data.
More:
- Taiwan-based Advantech is a provider of Internet of Things systems and embedded platforms for industrial customers and has a workforce of more than 8,000.
- The company said that the attackers stole low-value documents from some of its servers but its important operating systems are functioning normally.
- The Conti group began publishing some of the stolen data on its website on Nov. 26 and threatened to publish more if the ransom is not paid.
BLEEPING COMPUTER
|
|
Small and medium-sized businesses (SMBs) that disclose data breaches proactively suffer 40% less financial harm than those that don't, according to research from Kaspersky Lab. Firms that fail to provide timely public information about a data breach increase the financial and reputational consequences of that breach, Kaspersky found.
More from Kaspersky:
- 28% of enterprises suffer less financial damage by proactively disclosing breaches than those that don't.
- Financial losses were 32% lower for enterprises that detected a breach quickly, compared to those that took a week or longer.
- SMBs reduced losses by 17% through early breach detection.
- Kaspersky surveyed 5,266 IT decision-makers in 31 countries for the report.
SECURITY BRIEF
|
|
QUICK HITS:
- During this holiday season, find out how SimpliSafe is protecting over 3 million homes with less markup and more security.*
- The Consumer Financial Protection Board is developing rules to cover consumer privacy, data breach liability, and information sharing regarding consumers' financial data.
- A Canadian soldier is seeking C$60K ($46K) in damages after colleagues and superiors shared his confidential medical information without permission.
- Suspected North Korean hackers have been targeting U.K. drugmaker AstraZeneca, which is one of the firms developing a COVID-19 vaccine.
- A report claims that the CIA and the German spy agency used a second Swiss encryption company to spy on governments.
- Revtown’s changing the denim game by applying the best parts of workout clothes—comfort, flexibility & durability—to jeans.*
* This is sponsored content.
|
|
|
|
Fred Donovan is a professional writer, editor, and content specialist with decades of experience, most recently in the areas of information technology and cybersecurity. He has written for such publications as HealthITSecurity.com, FierceITSecurity, InfoSecurity Magazine, Report on Patient Privacy, TechGenix, and NetDefense. Fred has a B.A. from Harvard University in government and an M.S. in national security from Georgetown University.
|
|
Editor
|
Alexander Huls is a Toronto-based journalist. He has contributed articles about true crime and pop culture to The New York Times, Men's Health, Popular Mechanics, and other fine publications. Follow him on Twitter @alxhuls.
|
|