Blog
Cyber Threat Report
CASE STUDY

Critical Nvidia Security Flaw Exposes Cloud AI Systems to Host Takeover

A stark warning from researchers at Wiz after discovering a TOCTOU (Time-of-check Time-of-Use) vulnerability that exposes enterprise cloud environments to code execution, information disclosure and data tampering attacks. Read More

CISA has released CISA Analysis: Fiscal Year 2023, Risk and Vulnerability Assessments, an analysis detailing the findings from the 143 Risk and Vulnerability Assessments (RVAs) conducted across multiple critical infrastructure sectors in fiscal year 2023 (FY23).

 

We all have memories that are forever etched in our minds, events that were life-changing and we can still vividly recall. I was 10 years old when JFK was assassinated and remember the day clearly. I can also tell you where I was and everything about the day 23 years later when Challenger exploded. 23 years after Challenger we faced September 11, and all of us can share where we were, how we heard about it, and what transpired in the following hours, days, and weeks.

National Public Data Published Its Own Passwords
New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today. Read More

Tech contractor exposes data of 4.6 million US voters
The databases, which lacked any password protection, included highly sensitive personal information
such as full names, addresses, dates of birth, Social Security numbers, and driver’s license numbers. Read More

With smaller teams, older technology and fewer resources, small businesses face an increased risk of cyber attacks. In fact, 50% of cyber attacks target small businesses. Small businesses also have a more difficult time recovering from a cyber attack - 60% will close within six months following a cyber security incident. 

Here are some common tactics cyber criminals use, and ways to strengthen your business’ cyber security: 

Hackers leak documents stolen from Pentagon contractor Leidos
Leidos serves prominent clients including the US Department of Defense (DOD), the Department of
Homeland Security (DHS), NASA, and various other US and foreign agencies. Read More

Cisco warns of appliances vulnerable to RegreSSHion vulnerability
Cisco said dozens of its networking and communications devices are likely vulnerable to a recently disclosed SSH vulnerability. Read More

CISA warns chemical facilities may have been hacked in CSAT breach
Attacker may have site security plans for chemical facilities all over the US, CISA warns.
Read More

Cybersecurity incidents can have extensive and far-reaching impacts on businesses, extending well beyond financial losses.

Here are some of the key areas where businesses might experience significant costs due to cybersecurity breaches:

Researchers Urge Immediate Action on New EmailGPT Vulnerability Exposing Users to Data Breach
The implications of this EmailGPT vulnerability are profound. Read More

Law firms are a primary target for ransomware attacks, with cybercriminals targeting legal practices with sophisticated assault techniques.

Law firms are valuable targets for a multitude of reasons, but most recently they have been targeted as law firms are increasingly transitioning data to cloud-based platforms and web-based apps. While these technologies facilitate data accessibility, they also expand the attack surface and significantly increase the probability of vulnerabilities.

NATO Draws a Cyber Red Line in Tensions With Russia
This is clearly a strong and coordinated statement by NATO allies warning Russia to curtail the activity of APT28. Read More

Lessons From LOCKED SHIELDS 2024 Cyber Exercise
The PRC [People’s Republic of China] has made it clear that it considers every sector that makes our society run as fair game in its bid to dominate on the world stage, and that it plans to land low blows against civilian infrastructure to try to induce panic and break America’s will to resist. Read More

Russian Sandworm Hackers Pose As Hacktivists In Water Utility Breaches
The Sandworm hacking group associated with Russian military intelligence has been hiding attacks and operations behind multiple online personas posing as hacktivist groups. Read More

Cybersecurity frameworks act as the backbone for organizations, providing a structured set of rules and procedures to shield against cyber threats. Their primary goal? Safeguarding an organization's digital assets with precision and efficiency.

US State Department Investigating Another Data Leak
Five Eyes data was stolen from right under their nose. The threat actor stole and leaked documents from tech consulting firm Acuity, which specializes in cybersecurity, DevSecOps, data analytics, and operations support services. Read More

White House And EPA Warn Of Hackers Breaching Water Systems
EPA Administrator Michael Regan warned governors today that hackers are "striking" critical infrastructure across the country's water sector. Read More

As technology becomes more intertwined with every organization, the risk of a successful cyber-attack also grows. Without a clear understanding of where your security measures may fall short, your operations remain vulnerable to potential threats, disruptions, and other detrimental outcomes.

In the ever-evolving digital realm of today, it is imperative for stakeholders to enforce robust security measures and implement innovative protocols to protect sensitive information and strengthen their infrastructure.

Organizations Are Knowingly Releasing Vulnerable Applications
92% of companies had experienced a breach in the prior year due to vulnerabilities of applications developed in-house. Read More

Vmware Pushes Admins To Uninstall Vulnerable, Deprecated Vsphere Plugin 
The vulnerabilities haven’t been and won’t be fixed. Instead, VMware is urging admins to remove the EAP plugin. Read More

As the digital landscape evolves, so do the threats facing all organizations, especially as they move their operations to the cloud. Projections indicate that by 2025, a staggering 85% of organizations will rely on cloud-native platforms.

With this shift comes increased interest from malicious actors looking to exploit vulnerabilities and gain access to sensitive data of all types. In light of this, advanced penetration testing techniques are necessary to counter the ever-changing cloud security threat landscape.

In this article, we will explore seven key strategies through which penetration testing can fortify your cloud infrastructure, ensuring its resilience against potential threats including data exfiltration.

Critical Shim Bug Impacts Every Linux Boot Loader Signed In The Past Decade 
There are currently 5 vulnerabilities in Shim that could allow a network attacker to bypass secure boot and take over a vulnerable Linux system. Read More

With the digital landscape constantly changing, it's crucial to stay ahead of cybersecurity threats, and advanced penetration testing is a key strategy for strengthening your organization’s defenses.

As businesses grapple with increasingly sophisticated cyber threats, the field of penetration testing continues to evolve, giving rise to new and innovative methodologies.

Biggest Data Leak in History Exposes 26B Records
Most of the exposed data, found on an open instance likely owned by a threat actor or data broker, was from the Chinese instant messaging app Tencent QQ. At the same time, Weibo, MySpace, Twitter, and Wattpad also had hundreds of millions of leaked credentials and other information. Read More

Massive Comcast Xfinity Data Breach Impacts 36 Million Customers
Comcast disclosed that hackers exploited a Citrix vulnerability between October 16 and October 19, 2023. Read More

Attack surface discovery is a crucial component of any organization’s cyber security strategy, allowing teams to identify potential entry points – also known as attack vectors – that could present a cyber threat. Without proper attack surface management, organizations risk exposure to breaches in systems, devices, and the overall network.

Happy New Year and Thank You to Our 7,000+ Readers!

Chinese Hackers Deliver Malware to Barracuda Email Security Appliances via New Zero-Day 
China-linked hackers continue to target Barracuda Email Security Gateway (ESG) appliances, with recent attacks involving the exploitation of a new zero-day vulnerability. Read More

FBI Explains How Companies Can Delay Sec Cyber Incident Disclosures
The FBI worked with the Department of Justice to create a guidance document for victims about how companies can “request disclosure delays for national security or public safety reasons.” Read More

Organizations today are in a relentless battle against cyber threats, a challenge magnified by the ever-expanding digital landscape. Companies in a risky environment must protect against both known and unknown threats to their digital infrastructure.

This is where the critical roles of attack surface management (ASM) and vulnerability management (VM) come into play. Imagine navigating a complex network of digital assets, each a potential gateway for cyber attacks. Securing gateways is challenging as organizations depend more on digital operations, making the stakes higher than ever.

This article explains the difference between ASM and VM and advises on what to do during an attack.

Staples Confirms Cyberattack Behind Service Outages, Delivery Issues
Reported Staples internal operation problems including an inability to access Zendesk, VPN employee portals, print email, use phone lines, and more. Read More

82% of Attacks Show Cyber-Criminals Targeting Telemetry Data
Cyber-criminals have disabled or wiped out logs in 82% of incidents. The findings come from the latest report from Sophos, which dissected the intricacies of these attacks, shedding light on the speed with which ransomware assaults are now executed, often within hours. Read More

Report Links ChatGPT to 1265% Rise in Phishing Emails
Other key findings include an average of 31,000 daily phishing attacks, with 68% of these identified as text-based BEC. Read More

In our increasingly interconnected world, the importance of cybersecurity cannot be understated. Every October, we observe Cybersecurity Awareness Month, a timely reminder of the significance of safeguarding our digital lives. As technology evolves and cyber threats continue to proliferate, it's crucial to stay informed and proactive in defending against these digital adversaries.

Let's explore the significance of Cybersecurity Awareness Month and how you can participate in promoting a safer online environment.

Tens of Thousands of Cisco Devices Hacked via Zero-Day Vulnerability
The vulnerability carries the highest severity CVSS score possible of 10 and Cisco said it would “grant an attacker full administrator privileges, allowing them to effectively take full control of the affected router. Read More

Chinese Hackers Target Routers in IP Theft Campaign
A customized firmware backdoor tailored for Cisco routers allows hackers to maintain backdoor access without their connections showing up in logs. Read More

Azure Storage Compromised in the Latest BlackCat Ransomware Attack
This version introduces new functionalities and has been employed to encrypt Azure Storage accounts and evade detection efficiently. Read More

Every 39 seconds, a cyber attack occurs with an estimated 30,000 websites globally attacked every day. Cybersecurity threats can quickly become a reality and if this happens, your organization needs to be prepared with an incident response plan, or IRP.

Maker Of ‘Smart’ Chastity Cage Left Users’ Emails, Passwords, And Locations Exposed
A company that makes a chastity device that can be controlled by a partner over the internet exposed users’ email addresses, plaintext passwords, home addresses and IP addresses, and — in some cases — GPS coordinates, due to several flaws in its servers, according to a security researcher. Read More

In the realm of cybersecurity, technology remains an ever-shifting cornerstone. As the digital world continues to evolve, it comes as no surprise that progressive organizations are readily embracing a multitude of technological tools including Artificial Intelligence (AI)

Danish Hosting Firms Lose All Customer Data in Ransomware Attack
CloudNordic reported a breach in their systems, affecting customer websites, and causing complete paralysis. Recovery efforts failed, resulting in major data loss for most customers. Read More


Third-Party Risk Management (TPRM),  is the process of identifying, assessing, and mitigating potential risks that can arise from the involvement of external parties in an organization's everyday operations and data handling.

Possible Chinese Malware in US Systems a ‘Ticking Time Bomb’: Report
China has implanted malware in key US power and communications networks in a “ticking time bomb” that could disrupt the military in the event of a conflict. Read More

Weekly Cyber Attacks Reach Two-Year High Amid Ransomware Resurgence
Organizations globally are facing an average of 1,258 attacks each week. Read More

Attack surface discovery refers to the process of identifying and mapping all potential entry points or vulnerabilities that an attacker could exploit to gain unauthorized access to a system or network.

CISA Warns Samsung Handset Bugs and D-Link Router Flaws are Being Exploited in Wild
The most severe Samsung bug is a vulnerability (CVE-2021-25487) classified as an out-of-bounds read error impacting the handset modem interface driver. The flaw can lead to arbitrary code execution by an adversary. Both Samsung and NIST classified the bug as “high severity”. Read More

Cyber attacks are on the rise, with one happening roughly every 39 seconds. No organization is immune to these risks, however, some are more commonly targeted than others, such as law firms.

US Military Personnel Receiving Unsolicited, Suspicious Smartwatches
The US Army says soldiers say unsolicited, suspicious smartwatches are being sent to soldiers, exposing them to malware attacks. Read More

Artificial Intelligence (AI) is revolutionizing the field of cybersecurity. AI can be used to detect and prevent cyber threats, automate security processes, and increase the overall efficiency of an organization's IT security operations.

Chatgpt Creates Mutating Malware That Evades Detection By Edr
Mutating, or polymorphic, malware can be built using the ChatGPT API at runtime to effect advanced attacks that can evade endpoint detections and response (EDR) applications. Read More

Are you concerned about your company's security footprint? In the first half of 2022, cybercrime affected more than 53.35 million Americans.

Studies Show Ransomware Has Already Caused Patient Deaths
No patient deaths have been definitively attributed to cyber attacks on hospitals, but some infosec experts say that statistical evidence shows a different, grim reality. Read More

As the threat of cyberattacks continues to grow, businesses must take proactive steps to protect their data and systems.

Compliance with regulatory requirements is a key aspect of this, but navigating the complex landscape of regulations can be challenging. That's where cyber insurance comes in.

Three-Quarters of Firms Predict Breach in Coming Year
Most said it was “somewhat to very likely” that they’d suffer a breach of customer data (70%) or IP (69%), or a successful cyber-attack (78%). Read More

As cyber threats become increasingly prevalent, organizations are looking for ways to protect themselves against potential data breaches and cyber threats.

US Cyberwarriors Thwarted 2020 Iran Election Hacking Attempt
Iranian hackers broke into a system used by a local government to support its election night operations but were kicked out before any attack could be launched, according to U.S. military and cybersecurity officials. Read More

Windows Zero-Day Exploited by Cybercriminals in Ransomware Attacks
The issue is an unspecified vulnerability in the CLFS driver that allows for privilege escalation. A local attacker can exploit this vulnerability to gain SYSTEM privileges. The vulnerability is easy to exploit and could be triggered without user interaction. Read More

Outlook Zero-Day Needs Quick Patching: Microsoft
The privilege elevation/authentication affects all supported versions of Microsoft Outlook for Windows, including Microsoft 365, Microsoft Office 2019, Microsoft Outlook 2016, and Microsoft Outlook 2013. Read More

Microsoft Lays off Team Responsible for AI Ethics
What was left of the team has now been wiped out completely. Read More

Background

Gaming and casino operators require top-notch IT security due to the sensitive nature of their operations, high revenue generated, storage of personally identifiable information, and regulatory compliance requirements. The most profitable area in a casino is the electronic gaming machines as they account for over 80% of gaming revenue according to research by the UNLV Center for Gaming Research Studies.

Cybercrime Groups Offer Six-Figure Salaries, bonuses, Paid Time Off to Attract Talent on Dark Web
Cybercriminals are offering high salaries and perks to attract the best. Some ads boasted annual salaries as high as $1.2 million for the skilled hackers. Read More

Phishing is the most common form of cybercrime, with over 3 billion phishing emails sent every day, scammers are constantly looking for new and innovative ways to steal your sensitive data.

Super Evasive Beep Malware Stuns Researchers
A new malware has surprised researchers with the use of a significant amount of evasion techniques to avoid sandboxes and resist analysis. Read More

By 2025, cybercrime will cost the world an estimated $10.5 trillion annually. As internet use grows, so does the threat of cyberattacks. For organizations, such attacks can result in devastating losses. As such, you want to make sure that you're always taking the proper measures to reduce the risk of your organization falling victim to hackers.

There are various methods of increasing cybersecurity. One of them is through the use of penetration testing. It's important to know what this is, and when to do it.

Want to know when you should perform a penetration test? keep reading to find out more.

Firmware Flaws Could Spell 'Lights Out' for Servers
Five vulnerabilities in the baseboard management controller (BMC) software used by 15 major vendors could allow remote code execution if attackers gain network access. Read More

The global market for cyber security awareness training is expected to grow by more than 45% in the next five years. This record growth highlights the importance that organizations place on improving cyber security.

Colonoscopy Prep Retail Website Breach Festered for Years
Personal Data of 244,000 in Flux After Malware Probe of Gastroenterologist Vendor.  Read More

In 2021, the ransomware industry in the United States alone resulted in over $1 billion in payments to cyber criminals. Given the ever-evolving nature of technology, there's no doubt that criminals will try to capitalize on the latest trends in cyber-attacks to make even more money.

Qualcomm, and Lenovo Flag Multiple High-Impact Firmware Vulnerabilities
“We opened Pandora’s box of ARM devices UEFI firmware vulnerabilities impacting enterprise vendors.” Read More

Last year, healthcare and manufacturing were some of the most targeted industries for cybercriminals to attack. Other industries followed not far behind, with bad actors focusing on banks and insurance companies, public/state administrations, educational institutions, professional and organizational services, and more. 

A New Microsoft Exchange Flaw is Being Used to Attack Servers
Delivers remote access tools and remote administration software. Exploit also chain bypasses mitigations. Read More

Background

A regional medical center had a segmented network design whereby different departments within the center (Administration, Radiology, Facilities, etc.) were separated from each other within the overall network as part of a relatively secure environment. But no matter how much security is in place, clicking on a malicious link or attachment in a phishing email can bypass that security. 

Maryland Bars State Employees from Using Kaspersky, TikTok, Huawei, and Others
The companies include Huawei Technologies, ZTE Corp., Alibaba-owned AliPay, Tecent-owned Tencent QQ, WeChat, and QQWallet, as well as Russian-owned cybersecurity and antivirus firm Kaspersky. Read More

The healthcare industry is full of acronyms. ACA, HIPAA, HHS, CHIP, and MARS-E are just a few. Understanding them is critical to your organization's success.

Keep reading for a MARS-E guide that tells you what you need to know about these important standards.

FTC Holds Company’s CEO Personally Liable for Security Failures
The FTC found that the company and its CEO had failed to develop and implement appropriate measures to protect consumers' personal information. Read More

Data Breaches Rise By 70% Globally in Q3 2022
The top five countries and regions most affected by data breaches in Q3 2022 were Russia, France, Indonesia, the US, and Spain. Read More

When it comes to disaster recovery, planning is essential. In reality, however, each emergency situation can differ. No matter how organized the plan may be, it is not always possible for an organization to cover each and every variable or extended outlier during an attack.

Multiple Cisco Products Impacted by L2 Network Security Control Bypass Flaws 
Cisco this week has confirmed that tens of its enterprise routers and switches are impacted by bypass vulnerabilities in the Layer-2 (L2) network security controls. Read More

When it comes to cyber-attacks, in-house IT professionals are working hard on implementing tools and strategies to protect their organizations, while cyber criminals and nation states are hard at work becoming more sophisticated in their approaches.

Apple Releases Another Urgent IOS Security Patch, So Install Now
Apple has released an urgent security patch that addresses multiple flaws in different versions of iOS, iPad OS, and macOS. Some of these flaws, the company confirmed, are being actively abused in the wild.  Read More

As technology continues to advance, so does the threat of cyber-attacks on organizations. According to recent reports done by the University of North Georgia, only 38% of global organizations claim they are prepared to handle a sophisticated cyber-attack.

Preparedness helps organizations effectively manage and mitigate the operational, legal, and reputational consequences of an event. In this article, we will take a look at some of the major steps your organization should take to protect its network and personal data.

Researchers say Cisco Firewall Software Remains Vulnerable to Attack Despite Patch
Rapid7 researchers conduct a test on Cisco's firewall where they find a major threat in Adaptive Security Software, ASDM, and Firepower Services Software for ASA, which was left unpatched for months. Read More

A CISO, (Chief Information Security Officer) or a vCISO, (virtual Chief Information Security Officer) are common practices offered by cyber security experts when providing organizations with security management. The question is, which one is more effective in providing protection to your company? 

Tenet Health’s $100 Million Cyber Shutdown Sparks 10 Questions All Boards Must Ask
The Tenet Health case reinforces why boards and senior leaders must be increasingly prepared to address rising cyber-related business interruption risks. Read More

In our final installment for the Kaplan e-learning web series, JANUS Associates takes an in-depth look at some of the ways an organization can prevent internal cyber threats along with how a ransomware attack can have major repercussions against your company's infrastructure and confidential data.

Cyber Insurers Look To Rescind Policies After Large Claims
Insurers are intently examining whether they can cancel cyber policies after claims have been filed. To do this, they scour through application documents searching for potential false statements. Read More

A company's cyber security plan can make all the difference in protecting against a data breach, but when a record 60% of all data breaches are internal, it can be hard to know who to trust. In this article, we will go through potential approaches you can take to protect your company's confidential and intellectual property.

TikTok Engaging in Excessive Data Collection
Connecting to mainland China-based infrastructure, the latest report identified multiple instances of unwarranted data harvesting. Read More

As technology continues to advance and organizations transition into a completely digital space for their private information and data, cyber insurance has become a commonality among numerous industries.

CISA: Here's How to Apply this Key Windows Patch Without Breaking Certificate Authentication
CISA now urges to apply a patch that broke logins for users connecting to Windows servers that handle authentication. Read More

Nearly Half of Cybersecurity Professionals Consider Quitting
45% of respondents said they considered quitting due to stress, and 46% said they knew of at least one person who did leave the industry within the last year specifically because of stress. Read More

Every organization, regardless of what you do, is at risk for a ransomware attack. This blog will give you some insight into best practices to minimize the risk of a successful attack.

Background

A commercial enterprise had a common, shared drive-type of network setup. Documents were shared by a multitude of employees throughout different departments and saved in a centralized manner. This common practice of centralizing data was the primary catalyst for the attack on their network.

How Costa Rica Found Itself at War Over Ransomware
Costa Rica failed to implement the cyber-preparedness strategy that it laid out five years ago and now serves as an example not only to other Latin American nations but also to the world. Read More

Ensuring that you keep your personal identifiable information (PII) safe and protected should be your number one priority. With these tips below, JANUS provides insight on how you can prevent fraud from occurring.

Patch Now: Zoom Chat Messages can Infect PCs, Macs, and Phones with Malware
Zoom recommends updating the app if you have done so yet. Scammers can now send messages through Zoom chat that can cause your vulnerable client app to install malicious code from an arbitrary server, such as malware and spyware. Read More

Proper on/offboarding policies and procedures can protect your data and streamline your operations. JANUS’ 8 cybersecurity best practices will help you create a hardened yet more resilient enterprise.

150-Year-Old Historically Black College Closes After Ransomware Attack
A renowned university will shut down after falling victim to ransomware amid efforts to recover from the pandemic. Read More

Data security is critical and incidents of data exfiltration result in unwanted attention to organizations, which can lead to financial losses and reputational damage.

Log4j Flaw: Thousands of Applications Are Still Vulnerable, Warn Security Researchers
Cybersecurity researchers warn that insecure instances of Lo4j are still out there to be exploited - and are easy for attackers to discover. Read More

IT challenges have never been greater. Protecting your assets, operations, clients, and employees has never been a more complicated and difficult task. You may have a thorough understanding of your IT compliance requirements or you may not, and the security partner that you choose may be the key to the success or failure of your initiatives.

Microsoft Patches 128 Windows Flaws, New Zero-Day Reported
On Tuesday, Microsoft issued a warning for an in-the-wild zero-day attack hitting Windows users. It credited the National Security Agency (NSA) with reporting the live exploitation. Read More

Kaspersky Blacklisted By FCC Alongside China Telecom & China Mobile
All three were added to list as they posed national security risks. Companies placed on the entity list are banned from buying parts and components from US companies without government approval. Read More

Analysts predict that cyber security will continue to be a top priority of enterprises around the world in 2022 and beyond. As of this published post, cyber attacks in 2022 are on track to greatly outnumber attacks that occurred in 2021.

CISA & FBI Warning: Hackers Used These Tricks to Dodge Multi-Factor Authentication and Steal Email From NGO
Russian state-sponsored hackers have used a clever technique to disable multi-factor authentication (MFA) to compromise networks and high-value domain accounts. The goal? Accessing the victim's cloud and email. Read More

Ukraine Asks ICANN to Delete All Russian Domains
In response to the Russian invasion of Ukraine, the request has been made to disable country code top-level domains associated with Russia. Read More

Ukraine Ministry of Defense Confirms DDoS Attack; State Banks Loses Connectivity
The websites of Ukraine's defense ministry as well as state banks Privatbank and Oschadbank were down on Tuesday due to an alleged DDoS attack. Read More

Cyber security attacks are on the rise in schools. More technology means more potential threats. Unfortunately, some educators and students are unaware and unprepared for the repercussions posed by these cyber threats.

FBI Says More Cyberattacks Come from This Country Than Everywhere Else Combined
Currently investigating over 2,000 attacks on US targets, with new files coming every 12 hours. Read More

Due diligence is a process that confirms facts or details of something being purchased, or a contract for services. Due diligence examines all aspects of the deal to confirm that everything is as represented verbally and in writing by the offeror. It’s undertaken to prevent misrepresentations and to uncover potential fraud.

Federal Banking Regulators Issue Cybersecurity Breach Notification Requirement
Beginning in April 2022, banking organizations and bank service providers will be subject to the shortest regulatory breach notification reporting time frame of any law to date—36 hours. Read More

The United States Secret Service Electronic Crimes Task Force (ECTF) recently presented a 3-hour webinar titled Ransomware: An Emerging Threat. This presentation included members of government agencies and private corporations and contains a wealth of information. The entire session has been published on YouTube and full information is detailed below.

FTC Warns Businesses on Patching Log4j Holes… Or Else
The US Federal Trade Commission warned companies that vulnerable Log4j software needs to be fixed, responsibly, in a timely manner, or face the wrath of Lina Khan. Read More

Terrifying Cyber Weapon ‘Against Which There’s No Defense’
The Israeli company’s flagship spyware, Pegasus, is considered one of the most powerful cyber-surveillance tools available on the market. It’s continuing to make headlines as revelations on the tech’s reach, and its consequences, keep piling up. Read More

Log4J, a critical vulnerability, is actively being exploited worldwide. Researchers and major technology companies warn that hackers linked to foreign governments and criminal ransomware groups are already exploiting the vulnerability at a rate in excess of 100 attacks per minute.

Whether you’re a small company or one as large as Colonial Pipeline or T-Mobile, not having any cyber incident response plan will cause major problems and disruptions. When you’re hit with a breach, without a plan in place, your security and management teams will be scrambling and likely to make expensive mistakes. 

Bosses Are Reluctant to Spend Money on Cybersecurity... Then They Get Hacked
Cyberattacks like ransomware, business email compromise (BEC) scams, and data breaches are some of the key issues businesses are facing today. Despite the number of high-profile incidents and their expensive fallout, many boardrooms are still reluctant to free up the budget. Read Article

Organizations More Susceptible to Ransomware Attacks During Weekends & Holidays
In a recent survey, 37% of security professionals admitted their organization does not have contingency plans for a prompt response to ransomware attacks during the weekends and holidays. Read Article

The Department of Defense (DoD) has suspended the original cybersecurity certification program pending major changes. On November 4, 2021, the DoD announced the completion of an internal review of its Cybersecurity Maturity Model Certification (CMMC) program and the release of Model 2.0.

Patricia Fisher, President and CEO of JANUS Associates, Inc. is one of the Founding Partners of the Connecticut Technology Council (CTC) and continues on the board in addition to leading the Cyber Security Task Force. Ms. Fisher is also involved in other technology-oriented associations.

Cybercriminals Sell Access to International Shipping, Logistics Giants
The underground is offering initial access brokers with entry to companies key in global supply chains. Read Article
A Russian-based group has masqueraded as a legitimate cyber security consultancy. The Baston Secure company website, logo displayed as BS, hosted and hired multiple jobs for cyber security specialists and offered what appeared to be legitimate cyber security services.

Data breaches, insider threats, loss of client trust—these are all security and privacy threats all organizations face today. Learn more about what action Privacy and Security Professionals are taking today. #PSR21

It was reported today that a former executive of a health care provider accessed the Protected Health Information (PHI) of nearly 38,000 Individuals. Conflicting accounts also suggest 3rd party vendor involvement although that has not officially been confirmed.

New Ransomware Encrypts Your Data & Makes Nasty Threats, Too
A group behind the new ransomware variant threatens to go beyond encrypting data in their attempts to force victims to pay up. Read Article

T-Mobile Confirms Data Breach Affects Over 47 Million People
The stolen files include personal info such as names and social security numbers. Read Article

LockBit Ransomware Gang is Now Hiring Corporate Insiders
The group is hiring corporate insiders to infiltrate and encrypt corporate networks. In exchange, these insiders-cum-partners are promised millions of dollars. Read Article

Looking at the cybersecurity headlines from the past few years, we’ve seen significant data breaches happening more frequently and increasing in severity. At the same time, the cost of cyber insurance is rapidly rising, coverage limits are shrinking, and loss exclusions are more so than ever.

The Connecticut (CT) State Legislature has enacted major changes to CT Data Breach Notification Laws, effective October 1, 2021. These changes are a direct result of the worsening threat landscape, and it is safe to say that regulations will most likely continue to be enacted at both the state and federal levels.  

IBM Report: Data-Breach Costs Hit 17-Year High of $4.24M
Data-breach costs jumped nearly 10% from an average of $3.86 million to $4.24 million per incident over the past year. Read Article

U.S. Announces New 2nd Round Cybersecurity Requirements for Critical Pipeline Owners
The Department of Homeland Security on Tuesday required owners and operators of critical pipelines that transport hazardous liquids and natural gas to implement "urgently needed protections against cyber intrusions." Read Article

From January 2020 through May 2021, New York State Department of Financial Services (NYDFS) regulated companies reported in excess of 70 Ransomware attacks ranging from costly shutdowns to disruptions in business operations. Successful Ransomware attacks continue to escalate in total numbers and overall severity, with no sector safe from an attack. Government agencies, companies, educational institutions, and nonprofits are all targets. 

Microsoft's Emergency Patch Fails to Fully Fix PrintNightmare RCE Vulnerability

The fix for the remote code execution exploit in the Windows Print Spooler service can be bypassed in certain scenarios. Read Article

Approximately 66% of hacked organizations expressed uncertainty that they could ever fully recover. Getting hacked or falling prey to Ransomware is a big deal—for you, your business, your customers, and your employees!

CVS Health Faces Data Breach,1B Search Records Exposed
Over 1 billion search records were accidentally posted online in a CVS Health data breach in late March, as reported by an independent cybersecurity researcher. Read Article

Ransomware and hacking is a major problem and effective cyber security is the only way to safeguard your operations and assets. The risk of not taking care of business is losing your business.

If you've been following the news at all lately, you know that cybersecurity is more important now than ever. Devastating cyber attacks continue to increase in frequency and severity. 

Here's what you need to know. The past week has shown how fast attack capabilities can evolve. To follow are key timely events impacting Cyber Security that we here at JANUS Associates believe worthy of your note. For your convenience, we've compiled all articles here where they will also be archived for future reference.