Cyber Threat Report: Cyber Security News for 01/06/23

Qualcomm, and Lenovo Flag Multiple High-Impact Firmware Vulnerabilities
“We opened Pandora’s box of ARM devices UEFI firmware vulnerabilities impacting enterprise vendors.” Read More

Ohio Court: Non-Physical Software Damage in Ransomware Attack not Covered Under Insurance
The Supreme Court of Ohio ruled that a ransomware attack against a business should not be covered by insurance because the attack did not physically or directly cause harm to the tangible components of the software programs encrypted in the incident. Read More

Cybersecurity in 2023: What Government Contractors Should Expect
In addition to the implementation of the Cybersecurity Maturity Model Certification (CMMC), several new cybersecurity regulations for civilian government contractors, including those working for the U.S. Department of Homeland Security (DHS), are planned for rollout in 2023. Read More

Cyberattack on Records Vendor Affects Scores of US Counties
Government offices revert to pen and paper; up to 400 counties were affected by the attack. Read More

NJ hospital CentraState Diverting Patients After a Cyberattack, IT shutdown
The hospital is operating under electronic health record downtime procedures with paper processes, which has enabled the hospital to continue logging patient care through available records on-site. Officials assert that patient care has not been adversely affected. Read More

North Korean Hackers Created 70 Fake Bank, Venture Capital Firm Domains
BlueNoroff is financially motivated and has been blamed for numerous cyberattacks targeting banks, cryptocurrency firms, and other financial institutions. Read More

Data of 235 million Twitter Users Leaked Online
A database containing email addresses of 235,000,000 Twitter users has been offered on a popular hacker forum. Experts immediately analyzed it and confirmed the authenticity of many of the entries in the huge leaked archive. Read More

Critical Flaws Found in Ferrari, Mercedes, BMW, Porsche, and Other Carmakers
BMW, Mercedes, Toyota, and other popular carmakers use vulnerable APIs that could have allowed attackers to perform malicious activities. The vulnerabilities could have been exploited by threat actors to perform a broad range of malicious activities, from unlocking cars to tracking them. Read More

Zoho Urges Admins to Patch Critical ManageEngine Bug Immediately
The bug is in Password Manager Pro secure vault, PAM360 privileged access management software, and Access Manager Plus privileged session management solution. Read More

Ongoing Flipper Zero Phishing Attacks Target Infosec Community
A new phishing campaign is exploiting the increasing interest of security community members towards Flipper Zero to steal their personal information and cryptocurrency. Read More

HEADLINE PRIVACY & IT SECURITY COMPLIANCE NEWS

Qualcomm, a global tech company, recently revealed that there are 22 vulnerabilities in its chipsets. These vulnerabilities include two bugs in automotive products and one bug in powerline communication firmware, which are difficult to fix and considered high or critical in severity. In recent years, hackers have been targeting lower-level firmware that supports hardware rather than user-facing operating systems. The vulnerabilities disclosed by Qualcomm could also affect other products, such as the Lenovo ThinkPad X13s.

A recent court case in Ohio has ruled that a ransomware attack is not covered by insurance. The attack occurred in 2019 and targeted a software company called EMOI Services. The hackers demanded payment in Bitcoin in exchange for a decryptor to unlock the encrypted systems. EMOI Services paid the ransom and attempted to file a claim with their insurer, Owners, but the claim was rejected. EMOI Services argued that software can be damaged without affecting any physical devices or instruments, but the court ruled that insurance coverage required direct and physical damage or loss to an asset. The court also rejected EMOI Services' argument that damage to non-physical aspects of software was covered under the policy.

Get in touch with Chris Kniffin, Corporate Director, to learn more about how the team of experts at JANUS can help protect your business effectively. Follow us on Twitter and LinkedIn.