Hi readers,
Every Monday, I share insights from leading CISOs through exclusive interviews, podcast summaries, and thought leadership articles. In this issue, I interview Terence Runge, CISO at Reltio, about the ongoing challenges that CISOs face.
This issue also includes the popular CYBER BREACH MONDAY feature, a summary of the latest data breaches worldwide. Here's a sampling of recent breaches:
- Chinese Communist Party (Beijing, China): 1.95 million breach victims; hackers gained access to a register of party members that included names, party position, birthday, national ID number, and ethnicity, as well as information on 79,000 party branches around the world.
- AMITA Health (Ill.): 261,054 breach victims; network server hacking/IT incident.
Recently, I expanded Inside Security to five times per week and added more premium content, such as my CUTTING EDGE feature on Tuesdays. On Wednesdays, I run my PATCH WATCH column, to ensure you never miss critical security updates from leading vendors, as well as my SECURITY FUNDING feature.
To enjoy this great content and more, upgrade to premium! For a limited time, we are offering a 14-day free trial of our premium content.
Thanks for the support.
|
Fred
|
|
|
|
Welcome to my CISO CORNER feature for paid subscribers. Every Monday, I share insights from leading CISOs through exclusive interviews, article summaries, and thought leadership pieces. Below is my exclusive interview, conducted by email, with Terence Runge, CISO at Reltio, a Redwood Shores, Calif.-based master data management platform provider. [The interview has been edited for readability and length.]
Inside Security: Could you explain your role as CISO?
Terence Runge: I focus on securing our customer's information assets, intellectual property, cloud infrastructure, and the Reltio platform. This is achieved through a combination of policy, training, awareness, and continual assessment of our readiness, compliance, and technology. Beyond the technical aspects, I work with an amazing group of executives on vision, strategic planning, and goals.
IS: What would you say are the most significant security threats?
Runge: I am concerned with security misconfiguration and vulnerabilities associated with...
|
|
A SolarWinds supply chain attack is being blamed for recent breaches of U.S. government agencies and security firm FireEye. The attackers deployed malicious updates on SolarWinds' Orion platform used to monitor and manage IT resources at large organizations.
More:
- FireEye issued a report in which it described the SolarWinds attack method.
- Over the weekend, press reports indicated that Russian-based hackers had been spying on internal email traffic at the U.S. Treasury and Commerce Departments.
- Sources told Reuters that the attackers used the SolarWinds flaw to breach the U.S. government agencies.
- The Cybersecurity and Infrastructure Security Agency issued an alert warning that the SolarWinds Orion flaw enables attacks to gain access to network traffic management systems.
- SolarWinds recommended that users upgrade to Orion Platform version 2020.2.1 HF 1 as soon as possible.
- The government agency breaches reportedly led to a National Security Council meeting at the White House on Saturday.
- The Russian government denied any responsibility for the attacks on the U.S. government.
ZDNET
|
|
CYBER BREACH MONDAY
Every Monday, I summarize the most important breaches, so you stay up-to-date on the latest cybersecurity incidents. In today's issue:
Chinese Communist Party (Beijing, China): 1.95 million breach victims; hackers gained access to a register of party members that included names, party position, birthday, national ID number, and ethnicity as well as information on 79,000 party branches around the world.
AMITA Health (Ill.): 261,054 breach victims; network server hacking/IT incident.
To read the rest of today's data breaches and get access to full newsletters on a daily basis, take advantage of our 14-day free trial offer for premium content!
UPGRADE NOW
|
|
|
|
The Pay2Key ransomware group has hit Habana Labs, an Intel-owned developer of artificial intelligence processors, and has stolen confidential data. The group leaked some of the data, including domain account data, DNS zone data for the domain, a file listing from Habana's Gerrit development code review system, other business documents, and source code images.
More:
- Intel acquired Israel-based Habana Labs in 2019 for $2B.
- The Profero security firm believes that Pay2Key ransomware group is Iranian.
- Iran is also suspected of being behind an attack on Amita Data, an Israeli company that provides software to logistics firms.
BLEEPING COMPUTER
|
|
A botnet is infecting vulnerable PostgreSQL databases running on Linux servers with cryptomining malware, warned researchers from Palo Alto Networks' Unit 42. The PGMiner botnet bombards internet-linked databases with brute-force attacks and deploys malware that mines for Monero cryptocurrency.
More from Unit 42:
- PostgreSQL is among the most used open-source relational database management systems for production environments.
- The PGMiner attackers exploit a disputed remote code execution vulnerability in PostgreSQL databases.
- PGMiner constantly reproduces itself by recursively downloading certain modules.
- None of the vendors on VirusTotal are able to detect PGMiner.
ZDNET
|
|
Baltimore County school officials are not cooperating with local police, the county attorney, or state IT experts regarding a recent ransomware attack, according to County Executive Johnny Olszewski Jr. In a letter to Superintendent Darryl Williams, Olszewski charged that school officials refused to cooperate with county police, who wanted to contact the third-party consultant hired by the school system to investigate the attack.
More:
- The ransomware attack shut down the Baltimore County school system just before Thanksgiving.
- Williams responded that the school system has been in touch with the FBI and has not excluded anyone from the investigation.
- Teachers Association of Baltimore County said it was concerned about the lack of cooperation between the school system and the county government.
BALTIMORE SUN
|
|
Adobe has released its final update for Flash Player, which has been plagued by vulnerabilities over the years. Adobe will not support Flash after Dec. 31 and will block Flash content starting Jan. 12.
More:
- Back in 2017, Adobe said it planned to retire Flash Player by the end of 2020.
- A big part of the decision was the ongoing security issues with the app, including many zero-day bugs that prompted many to stop using it.
- The major browsers are in the process of purging Flash from their platforms.
COMPUTERWORLD
|
|
The MoleRATs cyberespionage group exploited Dropbox and Facebook as part of a phishing campaign to spy on Middle East governments, according to Cybereason. The group used Facebook accounts to coordinate their activity and Dropbox to store spying tools and stolen data.
More from Cybereason:
- The group also exploited Google Docs and Simplenote in their campaign.
- MoleRATs, also known as the Gaza Cybergang, is an Arabic-speaking advanced persistent threat group that has been active since 2012.
- One of the phishing lures was a reportedly clandestine meeting between Saudi leaders, U.S. Secretary of State Mike Pompeo and Israeli Prime Minister Benjamin Netanyahu.
CYBERSCOOP
|
|
Sixty-eight percent of cyberattacker victims are targeted again within 12 months, according to a study by security firm CrowdStrike. The study, based on stats from its platform, found that 30% of organizations had incorrectly configured or not fully deployed antivirus software.
More from CrowdStrike:
- 63% of cyberattacks were financially motivated.
- 79 days was the average time that an attacker was able to remain on compromised systems without being detected.
- Ransomware attackers increasingly stole data before encrypting systems in 2020.
DATABREACHES.NET
|
|
QUICK HITS:
- With employee motivation taking a hit, Blueboard offers personalized experiential employee rewards, from kayaking trips to virtual sommelier lessons. Check out their Experiences menu here.*
- The parent company of DSW Shoe Warehouse was hit by a ransomware attack that shut down its systems.
- Cybercriminals are sending out fake data breach notifications to steal cryptocurrency from Ledger wallet users.
- Most top U.S. retailers have online vulnerabilities that pose cybersecurity threats to customers.
- New York is warning about a text-based phishing scam asking motorists for personal information.
- A financial advisor is crucial to any retirement plan, but most people make these 7 common mistakes when hiring one.*
|
|
|
|
Fred Donovan is a professional writer, editor, and content specialist with decades of experience, most recently in the areas of information technology and cybersecurity. He has written for such publications as HealthITSecurity.com, FierceITSecurity, InfoSecurity Magazine, Report on Patient Privacy, TechGenix, and NetDefense. Fred has a B.A. from Harvard University in government and an M.S. in national security from Georgetown University.
|
|
Editor
|
Charlotte Hayes-Clemens is an editor and writer based in Vancouver. She has dabbled in both the fiction and non-fiction world, having worked at HarperCollins Publishers and more recently as a writing coach for new and self-published authors. Proper semi-colon usage is her hill to die on.
|
|