Blog

Patch Now: Zoom Chat Messages can Infect PCs, Macs, and Phones with Malware
Zoom recommends updating the app if you have done so yet. Scammers can now send messages through Zoom chat that can cause your vulnerable client app to install malicious code from an arbitrary server, such as malware and spyware. Read More

Proper on/offboarding policies and procedures can protect your data and streamline your operations. JANUS’ 8 cybersecurity best practices will help you create a hardened yet more resilient enterprise.

150-Year-Old Historically Black College Closes After Ransomware Attack
A renowned university will shut down after falling victim to ransomware amid efforts to recover from the pandemic. Read More

Effective security risk and compliance programs integrate technical risk management and reporting into financial and operational risk management. Failure to implement proper security protocols and best practices can result in weak management processes, an increased risk footprint, and should an incident occur, potential legal repercussions for your organization and senior management team.

Log4j Flaw: Thousands of Applications Are Still Vulnerable, Warn Security Researchers
Cybersecurity researchers warn that insecure instances of Lo4j are still out there to be exploited - and are easy for attackers to discover. Read More

IT challenges have never been greater. Protecting your assets, operations, clients, and employees has never been a more complicated and difficult task. You may have a thorough understanding of your IT compliance requirements or you may not, and the security partner that you choose may be the key to the success or failure of your initiatives.

Microsoft Patches 128 Windows Flaws, New Zero-Day Reported
On Tuesday, Microsoft issued a warning for an in-the-wild zero-day attack hitting Windows users. It credited the National Security Agency (NSA) with reporting the live exploitation. Read More

Kaspersky Blacklisted By FCC Alongside China Telecom & China Mobile
All three were added to list as they posed national security risks. Companies placed on the entity list are banned from buying parts and components from US companies without government approval. Read More

Analysts predict that cyber security will continue to be a top priority of enterprises around the world in 2022 and beyond. As of this published post, cyber attacks in 2022 are on track to greatly outnumber attacks that occurred in 2021.

CISA & FBI Warning: Hackers Used These Tricks to Dodge Multi-Factor Authentication and Steal Email From NGO
Russian state-sponsored hackers have used a clever technique to disable multi-factor authentication (MFA) to compromise networks and high-value domain accounts. The goal? Accessing the victim's cloud and email. Read More

Ukraine Asks ICANN to Delete All Russian Domains
In response to the Russian invasion of Ukraine, the request has been made to disable country code top-level domains associated with Russia. Read More

The Ukraine situation has led the U.S. Cybersecurity & Infrastructure Security Agency to issue the following guidance in the face of possible cyber-attacks launched by Russian proxies or Moscow itself.

Ukraine Ministry of Defense Confirms DDoS Attack; State Banks Loses Connectivity
The websites of Ukraine's defense ministry as well as state banks Privatbank and Oschadbank were down on Tuesday due to an alleged DDoS attack. Read More

Cyber security attacks are on the rise in schools. More technology means more potential threats. Unfortunately, some educators and students are unaware and unprepared for the repercussions posed by these cyber threats.

FBI Says More Cyberattacks Come from This Country Than Everywhere Else Combined
Currently investigating over 2,000 attacks on US targets, with new files coming every 12 hours. Read More

Due diligence is a process that confirms facts or details of something being purchased, or a contract for services. Due diligence examines all aspects of the deal to confirm that everything is as represented verbally and in writing by the offeror. It’s undertaken to prevent misrepresentations and to uncover potential fraud.

Federal Banking Regulators Issue Cybersecurity Breach Notification Requirement
Beginning in April 2022, banking organizations and bank service providers will be subject to the shortest regulatory breach notification reporting time frame of any law to date—36 hours. Read More

The United States Secret Service Electronic Crimes Task Force (ECTF) recently presented a 3-hour webinar titled Ransomware: An Emerging Threat. This presentation included members of government agencies and private corporations and contains a wealth of information. The entire session has been published on YouTube and full information is detailed below.

FTC Warns Businesses on Patching Log4j Holes… Or Else
The US Federal Trade Commission warned companies that vulnerable Log4j software needs to be fixed, responsibly, in a timely manner, or face the wrath of Lina Khan. Read More

Terrifying Cyber Weapon ‘Against Which There’s No Defense’
The Israeli company’s flagship spyware, Pegasus, is considered one of the most powerful cyber-surveillance tools available on the market. It’s continuing to make headlines as revelations on the tech’s reach, and its consequences, keep piling up. Read More

Log4J, a critical vulnerability, is actively being exploited worldwide. Researchers and major technology companies warn that hackers linked to foreign governments and criminal ransomware groups are already exploiting the vulnerability at a rate in excess of 100 attacks per minute.

Whether you’re a small company or one as large as Colonial Pipeline or T-Mobile, not having any cyber incident response plan will cause major problems and disruptions. When you’re hit with a breach, without a plan in place, your security and management teams will be scrambling and likely to make expensive mistakes. 

Bosses Are Reluctant to Spend Money on Cybersecurity... Then They Get Hacked
Cyberattacks like ransomware, business email compromise (BEC) scams, and data breaches are some of the key issues businesses are facing today. Despite the number of high-profile incidents and their expensive fallout, many boardrooms are still reluctant to free up the budget. Read Article

The modern security challenges facing law firms are more complex than ever. Regardless of its size, a firm is obligated to follow the data breach laws established in all 50 states, which require disclosure within a reasonable time following a cyber attack. This has forced law firms to take preventative measures to mitigate the risk of a breach by implementing security policies and procedures.

Organizations More Susceptible to Ransomware Attacks During Weekends & Holidays
In a recent survey, 37% of security professionals admitted their organization does not have contingency plans for a prompt response to ransomware attacks during the weekends and holidays. Read Article

The Department of Defense (DoD) has suspended the original cybersecurity certification program pending major changes. On November 4, 2021, the DoD announced the completion of an internal review of its Cybersecurity Maturity Model Certification (CMMC) program and the release of Model 2.0.

Patricia Fisher, President and CEO of JANUS Associates, Inc. is one of the Founding Partners of the Connecticut Technology Council (CTC) and continues on the board in addition to leading the Cyber Security Task Force. Ms. Fisher is also involved in other technology-oriented associations.

Cybercriminals Sell Access to International Shipping, Logistics Giants
The underground is offering initial access brokers with entry to companies key in global supply chains. Read Article
A Russian-based group has masqueraded as a legitimate cyber security consultancy. The Baston Secure company website, logo displayed as BS, hosted and hired multiple jobs for cyber security specialists and offered what appeared to be legitimate cyber security services.

Data breaches, insider threats, loss of client trust—these are all security and privacy threats all organizations face today. Learn more about what action Privacy and Security Professionals are taking today. #PSR21

In coordination with the Cyber Bytes Foundation, GENEDGE is hosting CMMC Industry Day. Join JANUS, industry leaders, and businesses as we gather to share ideas, resources, and best practices for navigating Cybersecurity Maturity Model Certification (CMMC) compliance.

It was reported today that a former executive of a health care provider accessed the Protected Health Information (PHI) of nearly 38,000 Individuals. Conflicting accounts also suggest 3rd party vendor involvement although that has not officially been confirmed.

New Ransomware Encrypts Your Data & Makes Nasty Threats, Too
A group behind the new ransomware variant threatens to go beyond encrypting data in their attempts to force victims to pay up. Read Article

Here are the highlights from this month’s events as we join a growing national effort to spread awareness of cyber security and privacy in an increasingly connected world.

T-Mobile Confirms Data Breach Affects Over 47 Million People
The stolen files include personal info such as names and social security numbers. Read Article

LockBit Ransomware Gang is Now Hiring Corporate Insiders
The group is hiring corporate insiders to infiltrate and encrypt corporate networks. In exchange, these insiders-cum-partners are promised millions of dollars. Read Article

Looking at the cybersecurity headlines from the past few years, we’ve seen significant data breaches happening more frequently and increasing in severity. At the same time, the cost of cyber insurance is rapidly rising, coverage limits are shrinking, and loss exclusions are more so than ever.

The Connecticut (CT) State Legislature has enacted major changes to CT Data Breach Notification Laws, effective October 1, 2021. These changes are a direct result of the worsening threat landscape, and it is safe to say that regulations will most likely continue to be enacted at both the state and federal levels.  

IBM Report: Data-Breach Costs Hit 17-Year High of $4.24M
Data-breach costs jumped nearly 10% from an average of $3.86 million to $4.24 million per incident over the past year. Read Article

U.S. Announces New 2nd Round Cybersecurity Requirements for Critical Pipeline Owners
The Department of Homeland Security on Tuesday required owners and operators of critical pipelines that transport hazardous liquids and natural gas to implement "urgently needed protections against cyber intrusions." Read Article

From January 2020 through May 2021, New York State Department of Financial Services (NYDFS) regulated companies reported in excess of 70 Ransomware attacks ranging from costly shutdowns to disruptions in business operations. Successful Ransomware attacks continue to escalate in total numbers and overall severity, with no sector safe from an attack. Government agencies, companies, educational institutions, and nonprofits are all targets. 

Microsoft's Emergency Patch Fails to Fully Fix PrintNightmare RCE Vulnerability
The fix for the remote code execution exploit in the Windows Print Spooler service can be bypassed in certain scenarios.
Read Article

Approximately 66% of hacked organizations expressed uncertainty that they could ever fully recover. Getting hacked or falling prey to Ransomware is a big deal—for you, your business, your customers, and your employees!

CVS Health Faces Data Breach,1B Search Records Exposed
Over 1 billion search records were accidentally posted online in a CVS Health data breach in late March, as reported by an independent cybersecurity researcher. Read Article

Ransomware and hacking is a major problem and effective cyber security is the only way to safeguard your operations and assets. The risk of not taking care of business is losing your business.

If you've been reading the news at all lately, you know that cybersecurity is more important now than ever. After a series of devastating cyber issues, the entire economy was shaken.

Here's what you need to know. The past week has shown how fast attack capabilities can evolve. To follow are key timely events impacting Cyber Security that we here at JANUS Associates believe worthy of your note. For your convenience, we've compiled all articles here where they will also be archived for future reference.

New call-to-action
New call-to-action

Subscribe to Cyber Threat Report