Welcome to my CISO CORNER feature for paid subscribers. Every Monday, I share insights from leading CISOs through exclusive interviews, article summaries, and thought leadership pieces. Below is my exclusive interview, conducted by email, with Terence Runge, CISO at Reltio, a Redwood Shores, Calif.-based master data management platform provider. [The interview has been edited for readability and length.] 

Inside Security: Could you explain your role as CISO?

Terence Runge: I focus on securing our customer's information assets, intellectual property, cloud infrastructure, and the Reltio platform. This is achieved through a combination of policy, training, awareness, and continual assessment of our readiness, compliance, and technology. Beyond the technical aspects, I work with an amazing group of executives on vision, strategic planning, and goals.

IS: What would you say are the most significant security threats?

Runge: I am concerned with security misconfiguration and vulnerabilities associated with...

• Click here to upgrade to premium and read the full interview!

A SolarWinds supply chain attack is being blamed for recent breaches of U.S. government agencies and security firm FireEye. The attackers deployed malicious updates on SolarWinds' Orion platform used to monitor and manage IT resources at large organizations. 

More:

• FireEye issued a report in which it described the SolarWinds attack method.
• Over the weekend, press reports indicated that Russian-based hackers had been spying on internal email traffic at the U.S. Treasury and Commerce Departments.
• Sources told Reuters that the attackers used the SolarWinds flaw to breach the U.S. government agencies.
• The Cybersecurity and Infrastructure Security Agency issued an alert warning that the SolarWinds Orion flaw enables attacks to gain access to network traffic management systems. 
• SolarWinds recommended that users upgrade to Orion Platform version 2020.2.1 HF 1 as soon as possible. 
• The government agency breaches reportedly led to a National Security Council meeting at the White House on Saturday.
• The Russian government denied any responsibility for the attacks on the U.S. government.

CYBER BREACH MONDAY

Every Monday, I summarize the most important breaches, so you stay up-to-date on the latest cybersecurity incidents. In today's issue:

Chinese Communist Party (Beijing, China): 1.95 million breach victims; hackers gained access to a register of party members that included names, party position, birthday, national ID number, and ethnicity as well as information on 79,000 party branches around the world.

AMITA Health (Ill.): 261,054 breach victims; network server hacking/IT incident.

The Pay2Key ransomware group has hit Habana Labs, an Intel-owned developer of artificial intelligence processors, and has stolen confidential data. The group leaked some of the data, including domain account data, DNS zone data for the domain, a file listing from Habana's Gerrit development code review system, other business documents, and source code images.

More:

• Intel acquired Israel-based Habana Labs in 2019 for $2B.
• The Profero security firm believes that Pay2Key ransomware group is Iranian.
• Iran is also suspected of being behind an attack on Amita Data, an Israeli company that provides software to logistics firms. 

A botnet is infecting vulnerable PostgreSQL databases running on Linux servers with cryptomining malware, warned researchers from Palo Alto Networks' Unit 42. The PGMiner botnet bombards internet-linked databases with brute-force attacks and deploys malware that mines for Monero cryptocurrency.

More from Unit 42: 

• PostgreSQL is among the most used open-source relational database management systems for production environments.
• The PGMiner attackers exploit a disputed remote code execution vulnerability in PostgreSQL databases.
• PGMiner constantly reproduces itself by recursively downloading certain modules.
• None of the vendors on VirusTotal are able to detect PGMiner.

Baltimore County school officials are not cooperating with local police, the county attorney, or state IT experts regarding a recent ransomware attack, according to County Executive Johnny Olszewski Jr. In a letter to Superintendent Darryl Williams, Olszewski charged that school officials refused to cooperate with county police, who wanted to contact the third-party consultant hired by the school system to investigate the attack.

More:

• The ransomware attack shut down the Baltimore County school system just before Thanksgiving.
• Williams responded that the school system has been in touch with the FBI and has not excluded anyone from the investigation.
• Teachers Association of Baltimore County said it was concerned about the lack of cooperation between the school system and the county government.

Adobe has released its final update for Flash Player, which has been plagued by vulnerabilities over the years. Adobe will not support Flash after Dec. 31 and will block Flash content starting Jan. 12.

More:

• Back in 2017, Adobe said it planned to retire Flash Player by the end of 2020.
• A big part of the decision was the ongoing security issues with the app, including many zero-day bugs that prompted many to stop using it.
• The major browsers are in the process of purging Flash from their platforms.

The MoleRATs cyberespionage group exploited Dropbox and Facebook as part of a phishing campaign to spy on Middle East governments, according to Cybereason. The group used Facebook accounts to coordinate their activity and Dropbox to store spying tools and stolen data.

More from Cybereason:

• The group also exploited Google Docs and Simplenote in their campaign.
• MoleRATs, also known as the Gaza Cybergang, is an Arabic-speaking advanced persistent threat group that has been active since 2012.
• One of the phishing lures was a reportedly clandestine meeting between Saudi leaders, U.S. Secretary of State Mike Pompeo and Israeli Prime Minister Benjamin Netanyahu.

Sixty-eight percent of cyberattacker victims are targeted again within 12 months, according to a study by security firm CrowdStrike. The study, based on stats from its platform, found that 30% of organizations had incorrectly configured or not fully deployed antivirus software. 

More from CrowdStrike:

• 63% of cyberattacks were financially motivated.
• 79 days was the average time that an attacker was able to remain on compromised systems without being detected.
• Ransomware attackers increasingly stole data before encrypting systems in 2020.

QUICK HITS:

• With employee motivation taking a hit, Blueboard offers personalized experiential employee rewards, from kayaking trips to virtual sommelier lessons. Check out their Experiences menu here.*
• The parent company of DSW Shoe Warehouse was hit by a ransomware attack that shut down its systems.
• Cybercriminals are sending out fake data breach notifications to steal cryptocurrency from Ledger wallet users.
• Most top U.S. retailers have online vulnerabilities that pose cybersecurity threats to customers.
• New York is warning about a text-based phishing scam asking motorists for personal information.
• A financial advisor is crucial to any retirement plan, but most people make these 7 common mistakes when hiring one.*