Cybersecurity News: June 12-18 2021
Highlights: The lag between reporting and occurrence of breaches; More cyber criminals arrested; Savannah hospital shut down by cyberattack
Free Content on Jobs in Cybersecurity | Sign up for the Email List
2nd Sight Lab | Cybersecurity | Vulnerabilities | Malware | Threat Reports | Breaches & Attacks | Cost of a Data Breach | Laws & Legal | Investments
2nd Sight Lab News
Teri Radichel was originally slated to present at AWS re:Inforce in August in Houston. What should be in a cloud penetration test or cloud security assessment? Unfortunately, she will not be attending at this time due to unforeseen circumstances but may give this presentation at another venue in the future so stay tuned.
Have you ever looked at all the traffic your Apple Macintosh computer generates when you start it up? A 2nd Sight Lab blog post takes a look at that this week.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you like this blog, please clap, follow, join, or pass it on. Thanks! 👏
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Cybersecurity
_____________________________________________
Biden Tells Putin Critical Infrastructure Sectors ‘Off Limits’ to Russian Hacking
Why is attacking anything that harms citizens of another country not off-limits?
G7 leaders ask Russia to hunt down ransomware gangs within its borders
UK National Cyber Security Centre CEO Lindy Cameron issues call to organisations to take the ransomware threat seriously
The Government Accountability Office said it disagrees with the IRS stance that they do not have the authority to improve data security.
Russia bans VyprVPN, Opera VPN services for not complying with blacklist request
On March 28, 2019, the Russian government required VPNs, anonymizers, and search engine operators to ensure that they block sites included on Roskomnadzor’s regularly updated register of banned sites through the Federal State Information System (FSIS).
Senior Nasa Scientist Sentenced To Prison For Making False Statements Related To Chinese Thousand Talents Program Participation And Professorship
Notwithstanding these prohibitions, MEYYAPPAN participated in China’s Thousand Talents Program, a program established by the Chinese government to recruit individuals with access to or knowledge of foreign technology or intellectual property, and held professorships at universities in China, South Korea, and Japan, and failed to disclose these associations and positions to NASA and the U.S. Office of Government Ethics.
Russian National Convicted of Charges Relating to Kelihos Botnet
“By operating a website that was intended to hide malware from antivirus programs, Koshkin provided a critical service that enabled other cyber criminals to infect thousands of computers around the world,” said Acting U.S. Attorney Leonard C Boyle. “We will investigate and prosecute the individuals who aid and abet cyber criminals as vigorously as we do the ones who actually hit the ‘send’ button on viruses and other malicious software.”
Ukrainian police arrest Clop ransomware members, seize server infrastructure
Multiple suspects believed to be linked to the Clop ransomware cartel have been detained in Ukraine this week after a joint operation from law enforcement agencies from Ukraine, South Korea, and the US.
Tim Cook claims sideloading apps would destroy security and privacy of iOS
I have to agree that the closed app store allows for greater security. I hope legislators do not make a mistake here. If the goal is to regulate costs or achieve some other objective, then do that, without destroying the security of the Apple ecosystem.
An Introduction to Google’s SLSA in 5
Google has recently introduced the Supply chain Levels for Software Artifacts or SLSA (pronounced “salsa”) framework. This framework is in its early stages and has been released as part of OpenSSF Foundation.
And Google wants to bring Rust into the Linux Kernel.
Google open-sources tools to bring fully homomorphic encryption into the mainstream
Last time I checked operations were limited to the point this was not a viable for many use cases.
Microsoft takes down large‑scale BEC operation
Microsoft 365 Defender researchers recently uncovered and disrupted a large-scale business email compromise (BEC) infrastructure hosted in multiple web services. Attackers used this cloud-based infrastructure to compromise mailboxes via phishing and add forwarding rules, enabling these attackers to get access to emails about financial transactions.
More data points for upcoming mortgage industry security posts.
National Lab Recommends Energy Department Test Electric Utility Vendors for Cybersecurity
Insurer consortium launches CyberAcuView to improve risk mitigation
How Does One Get Hired by a Top Cybercrime Gang?
Last week this news feed included a story about the arrest of a 55 year old Latvian woman involved in a ransomware gang. Brian Krebs takes an interesting look at how someone might get involved in one of these gangs. Back when I had my own hosting business I was skeptical about a few “customers” that tried to hire me. I always wondered if it was all legitimate. If any of them were up to no good and realized I as re-routing suspicious traffic hitting my websites to FBI web sites to bring it to their attention, perhaps they may have left me alone. By the way, I had no idea what I was doing back then, so if anyone noticed this, forgive me for the web spam.
Make sure you’re running the latest version of Microsoft scripts that check for Exchange malware
State Data Breach Notifications
2nd Sight Lab discovered this site which maintains breach reporting lists available from US states. All states should maintain such information. Upon further review many of the links to state breach reporting pages lack sufficient data or are not up to date. A lag in reporting does not help prevent future attacks. The following states seem to have good reporting systems: California, Oregon, and Maine.
Microsoft no longer offers Windows 7 drivers via Windows Update
I wonder where Windows 7 is still running.
NVIDIA is dropping support for Windows 7 and Windows 8 drivers
Missed this one a couple weeks back — Azure Firewall Integration With Sentinel
Google Workspace Now Offers Client-side Encryption For Drive and Docs and Phishing Protection
AWS now offers multi-region encryption keys
Google abandons plans to simplify URLs in Chrome following real-world testing
The browser-maker has been attempting to simplify URLs in the ‘omnibox’ — Chrome’s address bar — for years, starting with the removal of “trivial subdomains” in 2018, although this was rolled back due to developer backlash.
This was followed by an announcement that the ‘www.’, ‘m.’, and ‘https://’ elements would be removed from address bar through an update released in 2019 — a move that also proved controversial.
Thank goodness. Whomever had that idea needs to be sent to security training especially related to tracking down malware and log analysis.
AT&T Cybersecurity Delivers New Managed SASE Solution to Drive Innovation and Transform User Experiences at the Edge
Likely to compete with ZScaler.
Hiccup in Akamai’s DDoS Mitigation Service Triggers Massive String of Outages
See my comments about the Fastly outage in last week’s cybersecurity news.
Microsoft Linux repos suffer day-long outage
HBO Max blames mistaken “Integration Test” email on an intern
Euros-Driven Football Fever Nets Dumb Passwords
Don’t use the password “Football” please.
Protect children online. More arrests by the FBI this week for sex crimes involving children.
Required MFA Is Not Sufficient for Strong Security: Report
Defense in depth is appropriate, but correctly designed and implemented MFA is still one of the most powerful things you can do to prevent data breaches. I explain in my book on cybersecurity for executives some of the caveats related to MFA — when it works and when it doesn’t.
PLC Security Top 20 List
Infosecurity Europe has announced that it is postponing the live event due to run at London Olympia in July, following the government’s delay in lifting the final COVID-19 restrictions.
NSA shares guidance on securing voice, video communications
Privacy
_____________________________________________
IKEA France Fined $1.2M for Elaborate ‘Spying System’
IKEA France’s former chief executive, Jean-Louis Baillot, was also personally fined €50,000 (around $60,200 at press time) for “storing personal data,” according to Deutsche Welle, and given a two-year suspended sentence by the French court.
TikTok can now collect biometrics
Australia — WA Police accessed private G2G pass data for criminal investigations
Vulnerabilities
_____________________________________________
A variant of the Mirai botnet called Moobot saw a big spike in activity recently, with researchers picking up widespread scanning in their telemetry for a known vulnerability in Tenda routers.
Cisco has flagged and patched several high-severity security vulnerabilities in its Cisco Small Business 220 Series Smart Switches that could allow session hijacking, arbitrary code execution, cross-site scripting and HTML injection.
Healthcare vendor Zoll patches high-risk vulnerabilities in defibrillator management software
Vulnerability in Microsoft Teams granted attackers access to emails, messages, and personal files
However, Grant pointed out, the malicious actor would have to be a member of the Microsoft Teams organization that they are attacking, meaning it would only work in the context of an insider threat attack.
Or someone who has the credentials of a valid team member, correct? And we all know that happens. Keep reading.
Peloton Bike+ Bug Gives Hackers Complete Control
XSS flaw in Wire messaging app allowed attackers to ‘fully control’ user accounts
Intentional Flaw in GPRS Encryption Algorithm GEA-1
GEA-1 was designed by the European Telecommunications Standards Institute in 1998. ETSI was — and maybe still is — under the auspices of SOGIS: the Senior Officials Group, Information Systems Security. That’s basically the intelligence agencies of the EU countries.
GitLab fixes serious SSRF flaw that exposed orgs’ internal servers
Cisco Talos recently discovered an exploitable information disclosure vulnerability in EIP Stack Group OpENer’s Ethernet/IP UDP handler.
OpENer is an Ethernet/IP stack for I/O adapter devices that includes objects and services for making Ethernet/IP-compliant products, as defined in the ODVA specification.
Update Your Chrome Browser to Patch Yet Another 0-Day Exploited in-the-Wild
Apple fixes ninth zero-day bug exploited in the wild this year
Instagram Bug Allowed Anyone to View Private Accounts Without Following Them
Apple Issues Urgent Patches for 2 Zero-Day Flaws Exploited in the Wild
Security researcher turns Apache Airflow into bug bounty cash cow
Android screen lock protection thwarted by Facebook Messenger Rooms exploit
And people make fun of me because I refuse to use Facebook Messenger. As if they don’t have enough other ways to contact me.
Malware
_____________________________________________
Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
According to an incident response report published today, Mandiant said the malware was hidden inside a customized version of the Dahua SmartPSS Windows app that the unnamed CCTV vendor was providing to its customers.
If customers downloaded and installed the trojanized application, it would infect a company’s systems with a version of the SMOKEDHAM backdoor.
‘Oddball’ Malware Blocks Access to Pirated Software
Rather than steal credentials or hold data for ransom, a recent campaign observed by Sophos prevents people from visiting sites that offer illegal downloads.
Bash Ransomware DarkRadiation Targets Red Hat- and Debian-based Linux Distributions
The worm and ransomware scripts also use the API of the messaging application Telegram for command-and-control (C&C) communication.
Geek Squad Vishing Attack Bypasses Email Security to Hit 25K Mailboxes
I mentioned on Twitter this week that parents of a friend of mine were impacted by this spam campaign. They called a number in the email to clear a fraudulent bill. The attacker instructs the victim to visit a website which downloads malware. The victim may then see the attacker taking actions on their computer. Past campaigns looked for stored passwords for banking sites to automatically login to access customer accounts.
Threat Actors Use Google Docs to Host Phishing Attacks
Using Google Drive to host malware is not new. The landing page may be different. The most recent message: “new rules for June 25.”
“This Google Docs page may look familiar to those who share Google Docs outside of their organization. This, however, isn’t that page. It’s a custom HTML page made to look like that familiar Google Docs share page,” Avanan explained.
Hackers are using search engine optimization (SEO) to get high rankings for pages with malicious PDF files that steal credentials.
Google and other search engines should be aware of this and help block this threat at the source.
Unique TTPs link Hades ransomware to new threat group
NoxPlayer Supply-Chain Attack is Likely the Work of Gelsemium Hackers
A New Spyware is Targeting Telegram and Psiphon VPN Users in Iran
Researchers Uncover ‘Process Ghosting’ — A New Malware Evasion Technique
Tinder spam campaign hides “handwritten” links in profile images
Threat Reports
_____________________________________________
Report: Active Directory Certificate Services a big security blindspot on enterprise networks
True. Organizations need to understand all the places where systems or individuals are granted privileges on their network.
Booming Cyber-Underground Market for Initial-Access Brokers
Ransomware gangs are increasingly buying their way into corporate networks, purchasing access from ‘vendors’ that have previously installed backdoors on targets.
80 % of Ransomware Victims don’t pay. 80% of those who do are hit with a second attack.
An analysis that Kroll conducted of data breach notifications in 2020 showed a sharp increase in attacks against organizations in what it identified as six traditionally “under-attacked” industries — food and beverage, utilities, construction, entertainment, agriculture, and recreation.
An analysis that Kroll conducted of data breach notifications in 2020 showed a sharp increase in attacks against organizations in what it identified as six traditionally “under-attacked” industries — food and beverage, utilities, construction, entertainment, agriculture, and recreation.
VPNs and Trust
Good read and thoughts.
Thousands of publicly accessible VMware vCenter Servers vulnerable to critical flaws
Multi Perimeter Device Exploit Mirai Version Hunting For Sonicwall, DLink, Cisco and more
Cyber espionage by Chinese hackers in neighbouring nations is on the rise
Source is a report from Recorded Future.
CrowdStrike 2021 Global Threat Report
Molerats Hackers Return With New Attacks Targeting Middle Eastern Governments
Breaches & Attacks
_____________________________________________
Poland blames Russia for breach, theft of Polish officials’ emails
Chinese Hackers Believed to be Behind Second Cyberattack on Air India
Woman sentenced for embezzling more than half a million dollars from employer
Make sure your systems and processes are designed to precent insider theft. I talk about the concept of trust in my book and this applies to this particular story. It took too long to uncover this theft.
As described in court documents and testimony, Taylor was employed at an Augusta medical practice from 2006 to 2020 as the office and payroll manager. The year after she was hired, Taylor began stealing from her employer by inflating her own pay and writing unauthorized company checks which she deposited in her own account or used to pay her mortgage.
Critical entities targeted in suspected Chinese cyber spying via Pulse Connect Secure networking devices
The hack of Pulse Connect Secure networking devices came to light in April, but its scope is only now starting to become clear. The Associated Press has learned that the hackers targeted telecommunications giant Verizon and the country’s largest water agency. News broke earlier this month that the New York City subway system, the country’s largest, was also breached.
In the Pulse campaign, security experts said sophisticated hackers exploited never-before-seen vulnerabilities to break in and were hyper diligent in trying to cover their tracks once inside.
If you are using a VPN device on a well-designed network, you’re limiting the potential scope of attack. However, you need to focus a lot of time monitoring and securing your VPN as that will be the primary target of attack (as expected, because it is the only way in if designed correctly).
North Korea Exploited VPN Flaw to Hack South’s Nuclear Research Institute
VPN Flaw.
CVS Health Records for 1.1 Billion Customers Exposed
likely because of a cloud-storage misconfiguration
Please see one of my many cloud security presentations and most appropriately, the last one I did at CloudLive, blog posts, or read my book. I’ve explained how to prevent these issues numerous times.
More cloud data exposed: Cognyte, CVS, Wegmans
Security researchers and attackers are finding exposed data. Please refer to my comments on the last link and same comment for all cloud-exposed data below.
Amazon Web Services Misconfiguration Exposes Half a Million Cosmetics Customers
A research team at reviews site WizCase traced the leaky Amazon S3 bucket to popular Turkish beauty products firm Cosmolog Kozmetik.
UK legal firm Gateley warns of data breach following cyber-attack
Not a lot of details as to what attackers did.
Carnival Corp., the world’s largest cruise-ship operator, had another breach for the second time in a year
For the second time in a year, attackers have breached email accounts and accessed personal, financial and health information belonging to guests, employees and crew.
Compromised email account.
Volkswagen discloses data breach impacting 3.3 million Audi drivers
Audi also affected.
The investigation confirmed that the third party obtained limited personal information.
How? How did the information get disclosed? How can it be prevented by other companies? Breach notifications need to provide more information than what is included here.
Gateley suffers data breach following ‘cyber security incident’
Alibaba data breach exposes 1.1 billion pieces of data
Elekta’s first-generation cloud-based storage system has experienced a data security incident. 170 customers in North America using the impacted system may be affected.
Curious they specify “first-generation.” Sounds like they are using Azure:
Elekta is in the process of migrating those customers to its new Microsoft Azure cloud and the company is working around the clock to complete that process.
Repairmen suspected of installing ransomware on customers’ PCs. Arrests in South Korea
Union Benefits Administrator Says Data Deleted in Hack
A Seattle-based benefits administrator for unionized home healthcare and nursing home workers has reported a hacking incident affecting 140,000 individuals that involved deleting certain data.
Vaccine registration website for expats back up after data leak
Bose Added to List of High-Profile Companies Who Have Suffered Ransomware Attack
Insight Global Asking Employees To Help Locate Documents That May Contain Personal Information
CaptureRx Data Breach Hits MetroHealth System, 16 Others
https://healthitsecurity.com/news/capturerx-data-breach-hits-metrohealth-system-16-others
Fake Ledger devices mailed out in attempt to steal from cryptocurrency fans
Largest US propane distributor discloses ‘8-second’ data breach
A cyberattack shut down computer systems for hours at St. Joseph’s/Candler in Savannah where I now live this week.
The hospital is back to normal now. Imagine if a hospital was out as long as the Colonial Pipeline.
Eggfree Cake Box suffer data breach exposing credit card numbers
Malware on systems.
Graduating students from several universities in the U.S. have been reporting fraudulent transactions after using payment cards at popular cap and gown maker Herff Jones.
Note that this article came out in May and the breach was just reported to the state of Oregon on 6/16/2021.
Prominence Health Plan just reported a breach to the State of California on 6/18/21 that occurred in November 2020.
In a statement, Prominence officials said that a cloud-based data system the company used was accessed by an unauthorized third party.
But how did the attacker get the credentials used for the unauthorized access?
STG International, Inc. Provides Notice of Data Privacy Incident
The investigation determined that an email phishing campaign targeted certain employees’ email accounts and resulted in unauthorized person(s) intermittently logging into the accounts between October 22, 2020 and January 12, 2021.
KENNETH WEISS AND COMPANY PC reports data breach to the state of California that occurred in April
We recently became aware of a situation where an unauthorized party accessed one of our company’s internal servers and company computers. We discovered this situation on April 27, 2021
Archbishop Mitty High School reported a data breach that occurred in May to the state of California on 6/16/2021 ~ related to the BlackBaud breach.
https://oag.ca.gov/system/files/Archbishop%20Mitty-%20Sample%20Notice.pdf
Alina Lodge notifies patients of data breach tied to 2020 Blackbaud incident
Ally data breach notification on 6/16/2021 for a data breach in February.
During a routine update to our website, a programming code error occurred that inadvertently resulted in your username and password being exposed to third parties with whom we have business relationships.
https://oag.ca.gov/system/files/Notice%20of%20Breach%20CA.pdf
Holthouse, Carlin & Van Trigt LLP
Unauthorized access to an employee’s email.
Does not say how someone got access to that employee’s email.
https://apps.web.maine.gov/online/aeviewer/ME/40/4a9aad9c-7835-4ae9-a5e1-60a72eb22d76.shtml
Marr and Company PC reported a data breach to the state of Maine this week.
…the email account that was accessed between June 19, 2020 and June 23, 2020 contained some of your personal information.
Does not say how the email was accessed.
https://apps.web.maine.gov/online/aeviewer/ME/40/cfc2a8c9-407d-4a7c-b73b-4e4d61efbf31.shtml
City of Philadelphia reported a data breach this week
On March 31, 2020, the City became aware of suspicious activity related to an employee’s email account. The City quickly launched an internal investigation to determine the nature and scope of the activity, as well as the extent of potentially affected information. The investigation confirmed that multiple City employees’ email accounts were impacted by a phishing attack, and as a result, were subject to unauthorized access intermittently between March 11, 2020 and January 14, 2021.
https://apps.web.maine.gov/online/aeviewer/ME/40/e359b601-9934-4db0-9993-f259a182e0df.shtml
Stride, Inc. reported a breach this week.
On or around November 11, 2020, Stride was the victim of a ransomware attack. Working with third-party forensic investigators, Stride determined that an unknown actor may have gained access to Stride systems from November 4, 2020 to November 19, 2020.
https://apps.web.maine.gov/online/aeviewer/ME/40/b44f9c95-853e-4502-84c3-a3885461ebc0.shtml
City of Buffalo School District reported a breach this week.
The Buffalo Public Schools experienced a cybersecurity outage as a result of a ransomware attack on the morning of March 12, 2021.
https://apps.web.maine.gov/online/aeviewer/ME/40/9b698382-9749-44ac-af4e-026f766d0356.shtml
Maximus, Inc. reported a breach this week.
The investigation determined that the server was impermissibly accessed starting on May 17, 2021.
https://apps.web.maine.gov/online/aeviewer/ME/40/4147b711-dc88-4cb4-9561-db9069994341.shtml
Lucky Health Group d/b/a LuckyVitamin reported a breach this week
On March 19, 2021, Lucky discovered that certain computer systems in its environment were inaccessible. The information involved in the incident varied by individual, but includes name and Social Security number.
https://apps.web.maine.gov/online/aeviewer/ME/40/c6b45a1d-6924-4582-b921-8cb3939c9f43.shtml
Mevion Medical Systems reported a breach this week
On April 8, 2021, MMS determined that certain computer systems in its environment were impacted by malware. MMS launched an investigation with the assistance of third-party forensic specialists. The investigation determined that an unknown actor accessed certain MMS files sometime between March 28, 2021 and March 29, 2021.
https://apps.web.maine.gov/online/aeviewer/ME/40/a599b49a-d267-4aa7-aedc-50ba88a61f7b.shtml
St. Mark’s School of Texas was impacted by the Blackbaud breach
https://apps.web.maine.gov/online/aeviewer/ME/40/1b8355a3-f31e-44f4-b107-b21ba954ba19.shtml
Aspiration Financial, LLC reported a breach this week
We recently noticed some unusual log-ins on your account that involved possible unauthorized access to your personal and financial information by an attacker from a foreign country using passwords acquired outside of Aspiration.
https://apps.web.maine.gov/online/aeviewer/ME/40/1b10ead4-d6f7-44c1-adf1-b5a585964e03.shtml
Little Hill Foundation for the Rehabilitation of Alcoholics, Inc. d/b/a Alina Lodge reported it was impacted by Blackbaud to the state of Maine this week
https://apps.web.maine.gov/online/aeviewer/ME/40/e9106a0a-9588-46ae-855d-eb412968a0f4.shtml
Lightfoot, Franklin & White LLC reported a breach to the State of Maine this week.
On April 17, 2021, we learned of and stopped a ransomware incident that resulted in unlawful access by an unauthorized third party to certain clients’ case files containing personal information for individuals who may have been related to the case, including plaintiffs, defendants, witnesses, and other non-parties.
https://apps.web.maine.gov/online/aeviewer/ME/40/9ac44c79-9b35-498b-bed4-84eb5a80ddb7.shtml
Reproductive Biology Associates / My Egg Bank North America reported a data breach this week
We first became aware of a potential data incident on April 16, 2021 when we discovered that a file server containing embryology data was encrypted and therefore inaccessible. We quickly determined that this was the result of a ransomware attack.
https://apps.web.maine.gov/online/aeviewer/ME/40/9a78777d-e1c1-4f83-a462-f704de00bec8.shtml
Spectrum Pharmaceuticals, Inc. reported a data breach this week.
On April 20, 2021, Spectrum was the target of a ransomware attack on its network, which it detected through its automated threat detection systems.
https://apps.web.maine.gov/online/aeviewer/ME/40/777aabf3-2a29-4afa-951e-34349cfb4d31.shtml
Leaders Life Insurance Company reported a breach this week.
The investigation confirmed that certain folders on Leaders Life’s systems may have been accessed or removed from its systems without authorization between November 25 and November 27, 2020. The investigation determined that the information that may have been potentially affected includes name, date of birth, Tax ID number, and/or Social Security number.
https://apps.web.maine.gov/online/aeviewer/ME/40/255c59af-182e-4835-a970-dba92db135d7.shtml
Nutritional Medicinals, LLC dba Functional Formularies reported a breach this week.
On May 5, 2021, this investigation determined that malicious code inserted into Nutritional Medicinals’ online store was capable of capturing customer payment card information that was entered between January 18, 2021 and April 14, 2021.
https://apps.web.maine.gov/online/aeviewer/ME/40/9e83b218-dbdd-4980-bde8-3a44a30e43dd.shtml
Tax Sheltered Compensation, Inc. reported a breach this week due to a breach of hosting provider NetGain involving rnasomware.
On or about January 15, 2021 TSC was informed that Netgain, a cloud hosting company that was used to house data related to TSC’s clients, experienced a ransomware incident.
Cost of a Data Breach
_____________________________________________
First American Financial Pays Farcical $500K Fine
Brian Krebs:
In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. [NYSE:FAF] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back 16 years. This week, the U.S. Securities and Exchange Commission settled its investigation into the matter after the Fortune 500 company agreed to pay a paltry penalty of less than $500,000.
Jail for consultant who scraped colossal trove of Alibaba customer data
US man accused of 2010 DDoS attack on Santa Cruz government arrested
IAB Tech Lab sued over its role in ‘world’s largest data breach’
Hackers Behind EA Data Breach Are Selling FIFA 21 Source Code on an Underground Hacking Forum
St. Charles patient records released in data breach
ParkMobile payment app sued over breach
Emails and passwords of hundreds of Union government officials have been exposed to hackers due to the recent data breaches of Air India, Domino’s and Big Basket, the government has warned officials.
2 firms fined S$43,000 in total over personal data breaches affecting Mindef, SAF personnel
Laws & Legal
_____________________________________________
Roughly 115 cybersecurity-related bills are working their way through the legislative process, in many cases with bipartisan support.
Data breach notification laws by state
I ran across this map of US data breach notification laws this week. Seems like it would be very helpful for organizations oper∂ating in different states.
The U.S. Supreme Court has granted LinkedIn another legal option to try to prevent rival hiQ Labs from scraping public information from its user profiles
New Hampshire Election Audit
This two part series may be useful in voting machine challenges.
US Computer Fraud and Abuse Act: What the ‘landmark’ Van Buren ruling means for security researchers
Senate bill boosts penalties for cyber criminals
The bill permits law enforcement to seize funds generated from the sale of spyware and to take equipment such as illegal intercept devices used in the commission of hacking campaigns, ransomware and other nefarious activity, according to a fact sheet provided by the lawmakers.
Senators Draft a Federal Breach Notification Bill
Marriott Beats Shareholder’s Data Breach Suit
Colorado Passes Comprehensive Data Privacy Law
Investments
_____________________________________________
Cybersecurity training platform Immersive Labs closes $75M Series C led by Insight Partners
What matters is not the platform, but rather the content. I haven’t looked at this particular content or platform so not saying it is good or bad. This is just a note to anyone seeking to invest in cybersecurity training performed by companies like mine. I was formerly a SANS instructor and on the SANS initial board of advisors for cloud security curriculum and helped with their first cloud security class. I went on to write a book on cybersecurity and my own class based on my experience and research in the field. 2nd Sight Lab is not seeking funding because we don’t need it. We teach our classes to select customers. But if you are investing in security training companies, results of the training matters.
Industrial cybersecurity startup Claroty raises $140M in pre-IPO funding round
Elisity raises $26M Series A to scale its AI cybersecurity platform
Follow for updates.
Teri Radichel | © 2nd Sight Lab 2021
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight LabNeed Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for PresentationFollow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
