Blog

When it comes to recovery planning, the plan must be organized. It provides an orderly guide to reference and research should a disaster occur. However, there is a greater need than simple organization in preparing a recovery plan.

Often stating the obvious, General and President Dwight D. Eisenhower was known for saying: "In preparing for battle I have always found that plans are useless, but planning is indispensable." 

Multiple Cisco Products Impacted by L2 Network Security Control Bypass Flaws 
Cisco this week has confirmed that tens of its enterprise routers and switches are impacted by bypass vulnerabilities in the Layer-2 (L2) network security controls. Read More

When it comes to cyber-attacks, in-house IT professionals are working hard on implementing tools and strategies to protect their organizations, while cyber criminals and nation states are hard at work becoming more sophisticated in their approaches.

Apple Releases Another Urgent IOS Security Patch, So Install Now
Apple has released an urgent security patch that addresses multiple flaws in different versions of iOS, iPad OS, and macOS. Some of these flaws, the company confirmed, are being actively abused in the wild.  Read More

As technology continues to advance, so does the threat of cyber-attacks on organizations. According to recent reports done by the University of North Georgia, only 38% of global organizations claim they are prepared to handle a sophisticated cyber-attack.

Preparedness helps organizations effectively manage and mitigate the operational, legal, and reputational consequences of an event. In this article, we will take a look at some of the major steps your organization should take to protect its network and personal data.

Researchers say Cisco Firewall Software Remains Vulnerable to Attack Despite Patch
Rapid7 researchers conduct a test on Cisco's firewall where they find a major threat in Adaptive Security Software, ASDM, and Firepower Services Software for ASA, which was left unpatched for months. Read More

A CISO, (Chief Information Security Officer) or a vCISO, (virtual Chief Information Security Officer) are common practices offered by cyber security experts when providing organizations with security management. The question is, which one is more effective in providing protection to your company? 

Tenet Health’s $100 Million Cyber Shutdown Sparks 10 Questions All Boards Must Ask
The Tenet Health case reinforces why boards and senior leaders must be increasingly prepared to address rising cyber-related business interruption risks. Read More

In our final installment for the Kaplan e-learning web series, JANUS Associates takes an in-depth look at some of the ways an organization can prevent internal cyber threats along with how a ransomware attack can have major repercussions against your company's infrastructure and confidential data.

Cyber Insurers Look To Rescind Policies After Large Claims
Insurers are intently examining whether they can cancel cyber policies after claims have been filed. To do this, they scour through application documents searching for potential false statements. Read More

A company's cyber security plan can make all the difference in protecting against a data breach, but when a record 60% of all data breaches are internal, it can be hard to know who to trust. In this article, we will go through potential approaches you can take to protect your company's confidential and intellectual property.

TikTok Engaging in Excessive Data Collection
Connecting to mainland China-based infrastructure, the latest report identified multiple instances of unwarranted data harvesting. Read More

As technology continues to advance and organizations transition into a completely digital space for their private information and data, cyber insurance has become a commonality among numerous industries.

CISA: Here's How to Apply this Key Windows Patch Without Breaking Certificate Authentication
CISA now urges to apply a patch that broke logins for users connecting to Windows servers that handle authentication. Read More

Nearly Half of Cybersecurity Professionals Consider Quitting
45% of respondents said they considered quitting due to stress, and 46% said they knew of at least one person who did leave the industry within the last year specifically because of stress. Read More

Every organization, regardless of what you do, is at risk for a ransomware attack. This blog will give you some insight into best practices to minimize the risk of a successful attack.

Background

A commercial enterprise had a common, shared drive-type of network setup. Documents were shared by a multitude of employees throughout different departments and saved in a centralized manner. This common practice of centralizing data was the primary catalyst for the attack on their network.

How Costa Rica Found Itself at War Over Ransomware
Costa Rica failed to implement the cyber-preparedness strategy that it laid out five years ago and now serves as an example not only to other Latin American nations but also to the world. Read More

Ensuring that you keep your personal identifiable information (PII) safe and protected should be your number one priority. With these tips below, JANUS provides insight on how you can prevent fraud from occurring.

Patch Now: Zoom Chat Messages can Infect PCs, Macs, and Phones with Malware
Zoom recommends updating the app if you have done so yet. Scammers can now send messages through Zoom chat that can cause your vulnerable client app to install malicious code from an arbitrary server, such as malware and spyware. Read More

Proper on/offboarding policies and procedures can protect your data and streamline your operations. JANUS’ 8 cybersecurity best practices will help you create a hardened yet more resilient enterprise.

150-Year-Old Historically Black College Closes After Ransomware Attack
A renowned university will shut down after falling victim to ransomware amid efforts to recover from the pandemic. Read More

Data security is critical and incidents of data exfiltration result in unwanted attention to organizations, which can lead to financial losses and reputational damage.

Log4j Flaw: Thousands of Applications Are Still Vulnerable, Warn Security Researchers
Cybersecurity researchers warn that insecure instances of Lo4j are still out there to be exploited - and are easy for attackers to discover. Read More

IT challenges have never been greater. Protecting your assets, operations, clients, and employees has never been a more complicated and difficult task. You may have a thorough understanding of your IT compliance requirements or you may not, and the security partner that you choose may be the key to the success or failure of your initiatives.

Microsoft Patches 128 Windows Flaws, New Zero-Day Reported
On Tuesday, Microsoft issued a warning for an in-the-wild zero-day attack hitting Windows users. It credited the National Security Agency (NSA) with reporting the live exploitation. Read More

Kaspersky Blacklisted By FCC Alongside China Telecom & China Mobile
All three were added to list as they posed national security risks. Companies placed on the entity list are banned from buying parts and components from US companies without government approval. Read More

Analysts predict that cyber security will continue to be a top priority of enterprises around the world in 2022 and beyond. As of this published post, cyber attacks in 2022 are on track to greatly outnumber attacks that occurred in 2021.

CISA & FBI Warning: Hackers Used These Tricks to Dodge Multi-Factor Authentication and Steal Email From NGO
Russian state-sponsored hackers have used a clever technique to disable multi-factor authentication (MFA) to compromise networks and high-value domain accounts. The goal? Accessing the victim's cloud and email. Read More

Ukraine Asks ICANN to Delete All Russian Domains
In response to the Russian invasion of Ukraine, the request has been made to disable country code top-level domains associated with Russia. Read More

Ukraine Ministry of Defense Confirms DDoS Attack; State Banks Loses Connectivity
The websites of Ukraine's defense ministry as well as state banks Privatbank and Oschadbank were down on Tuesday due to an alleged DDoS attack. Read More

Cyber security attacks are on the rise in schools. More technology means more potential threats. Unfortunately, some educators and students are unaware and unprepared for the repercussions posed by these cyber threats.

FBI Says More Cyberattacks Come from This Country Than Everywhere Else Combined
Currently investigating over 2,000 attacks on US targets, with new files coming every 12 hours. Read More

Due diligence is a process that confirms facts or details of something being purchased, or a contract for services. Due diligence examines all aspects of the deal to confirm that everything is as represented verbally and in writing by the offeror. It’s undertaken to prevent misrepresentations and to uncover potential fraud.

Federal Banking Regulators Issue Cybersecurity Breach Notification Requirement
Beginning in April 2022, banking organizations and bank service providers will be subject to the shortest regulatory breach notification reporting time frame of any law to date—36 hours. Read More

The United States Secret Service Electronic Crimes Task Force (ECTF) recently presented a 3-hour webinar titled Ransomware: An Emerging Threat. This presentation included members of government agencies and private corporations and contains a wealth of information. The entire session has been published on YouTube and full information is detailed below.

FTC Warns Businesses on Patching Log4j Holes… Or Else
The US Federal Trade Commission warned companies that vulnerable Log4j software needs to be fixed, responsibly, in a timely manner, or face the wrath of Lina Khan. Read More

Terrifying Cyber Weapon ‘Against Which There’s No Defense’
The Israeli company’s flagship spyware, Pegasus, is considered one of the most powerful cyber-surveillance tools available on the market. It’s continuing to make headlines as revelations on the tech’s reach, and its consequences, keep piling up. Read More

Log4J, a critical vulnerability, is actively being exploited worldwide. Researchers and major technology companies warn that hackers linked to foreign governments and criminal ransomware groups are already exploiting the vulnerability at a rate in excess of 100 attacks per minute.

Whether you’re a small company or one as large as Colonial Pipeline or T-Mobile, not having any cyber incident response plan will cause major problems and disruptions. When you’re hit with a breach, without a plan in place, your security and management teams will be scrambling and likely to make expensive mistakes. 

Bosses Are Reluctant to Spend Money on Cybersecurity... Then They Get Hacked
Cyberattacks like ransomware, business email compromise (BEC) scams, and data breaches are some of the key issues businesses are facing today. Despite the number of high-profile incidents and their expensive fallout, many boardrooms are still reluctant to free up the budget. Read Article

The modern security challenges facing law firms are more complex than ever. Regardless of its size, a firm is obligated to follow the data breach laws established in all 50 states, which require disclosure within a reasonable time following a cyber attack. This has forced law firms to take preventative measures to mitigate the risk of a breach by implementing security policies and procedures.

Organizations More Susceptible to Ransomware Attacks During Weekends & Holidays
In a recent survey, 37% of security professionals admitted their organization does not have contingency plans for a prompt response to ransomware attacks during the weekends and holidays. Read Article

The Department of Defense (DoD) has suspended the original cybersecurity certification program pending major changes. On November 4, 2021, the DoD announced the completion of an internal review of its Cybersecurity Maturity Model Certification (CMMC) program and the release of Model 2.0.

Patricia Fisher, President and CEO of JANUS Associates, Inc. is one of the Founding Partners of the Connecticut Technology Council (CTC) and continues on the board in addition to leading the Cyber Security Task Force. Ms. Fisher is also involved in other technology-oriented associations.

Cybercriminals Sell Access to International Shipping, Logistics Giants
The underground is offering initial access brokers with entry to companies key in global supply chains. Read Article
A Russian-based group has masqueraded as a legitimate cyber security consultancy. The Baston Secure company website, logo displayed as BS, hosted and hired multiple jobs for cyber security specialists and offered what appeared to be legitimate cyber security services.

Data breaches, insider threats, loss of client trust—these are all security and privacy threats all organizations face today. Learn more about what action Privacy and Security Professionals are taking today. #PSR21

In coordination with the Cyber Bytes Foundation, GENEDGE is hosting CMMC Industry Day. Join JANUS, industry leaders, and businesses as we gather to share ideas, resources, and best practices for navigating Cybersecurity Maturity Model Certification (CMMC) compliance.

It was reported today that a former executive of a health care provider accessed the Protected Health Information (PHI) of nearly 38,000 Individuals. Conflicting accounts also suggest 3rd party vendor involvement although that has not officially been confirmed.

New Ransomware Encrypts Your Data & Makes Nasty Threats, Too
A group behind the new ransomware variant threatens to go beyond encrypting data in their attempts to force victims to pay up. Read Article

T-Mobile Confirms Data Breach Affects Over 47 Million People
The stolen files include personal info such as names and social security numbers. Read Article

LockBit Ransomware Gang is Now Hiring Corporate Insiders
The group is hiring corporate insiders to infiltrate and encrypt corporate networks. In exchange, these insiders-cum-partners are promised millions of dollars. Read Article

Looking at the cybersecurity headlines from the past few years, we’ve seen significant data breaches happening more frequently and increasing in severity. At the same time, the cost of cyber insurance is rapidly rising, coverage limits are shrinking, and loss exclusions are more so than ever.

The Connecticut (CT) State Legislature has enacted major changes to CT Data Breach Notification Laws, effective October 1, 2021. These changes are a direct result of the worsening threat landscape, and it is safe to say that regulations will most likely continue to be enacted at both the state and federal levels.  

IBM Report: Data-Breach Costs Hit 17-Year High of $4.24M
Data-breach costs jumped nearly 10% from an average of $3.86 million to $4.24 million per incident over the past year. Read Article

U.S. Announces New 2nd Round Cybersecurity Requirements for Critical Pipeline Owners
The Department of Homeland Security on Tuesday required owners and operators of critical pipelines that transport hazardous liquids and natural gas to implement "urgently needed protections against cyber intrusions." Read Article

From January 2020 through May 2021, New York State Department of Financial Services (NYDFS) regulated companies reported in excess of 70 Ransomware attacks ranging from costly shutdowns to disruptions in business operations. Successful Ransomware attacks continue to escalate in total numbers and overall severity, with no sector safe from an attack. Government agencies, companies, educational institutions, and nonprofits are all targets. 

Microsoft's Emergency Patch Fails to Fully Fix PrintNightmare RCE Vulnerability

The fix for the remote code execution exploit in the Windows Print Spooler service can be bypassed in certain scenarios. Read Article

Approximately 66% of hacked organizations expressed uncertainty that they could ever fully recover. Getting hacked or falling prey to Ransomware is a big deal—for you, your business, your customers, and your employees!

CVS Health Faces Data Breach,1B Search Records Exposed
Over 1 billion search records were accidentally posted online in a CVS Health data breach in late March, as reported by an independent cybersecurity researcher. Read Article

Ransomware and hacking is a major problem and effective cyber security is the only way to safeguard your operations and assets. The risk of not taking care of business is losing your business.

If you've been reading the news at all lately, you know that cybersecurity is more important now than ever. After a series of devastating cyber issues, the entire economy was shaken.

Here's what you need to know. The past week has shown how fast attack capabilities can evolve. To follow are key timely events impacting Cyber Security that we here at JANUS Associates believe worthy of your note. For your convenience, we've compiled all articles here where they will also be archived for future reference.

New call-to-action
New call-to-action

Subscribe to Cyber Threat Report