Cyber Threat Report: Cyber Security News for 03/29/23

Outlook Zero-Day Needs Quick Patching: Microsoft
The privilege elevation/authentication affects all supported versions of Microsoft Outlook for Windows, including Microsoft 365, Microsoft Office 2019, Microsoft Outlook 2016, and Microsoft Outlook 2013. Read More

White House Aims to Issue Cyber Strategy Implementation Plan by June
The White House is aiming to issue the implementation plan for a new national cyber strategy in early summer. Read More

Blackbaud Shows SEC Is Serious On Cyber Incident Reporting
A recent significant enforcement action brought by the U.S. Securities and Exchange Commission against Blackbaud Inc. highlights the importance of public companies maintaining disclosure controls and procedures relating to cybersecurity incidents. Read More

Balancing Security Risks and Innovation Potential of shadow IT teams
Half of the SMBs say shadow IT teams are most commonly formed because there’s a lack of understanding among employees about the process of acquiring new technology. Read More

Known Unknowns: Refining Your Approach to Uncategorized Web Traffic
You can simply block, by default, all access to all uncategorized sites. But wielding such a blunt policy instrument is likely to introduce a range of problems for users trying to access legitimate sites, and negatively affect business velocity. Read More

N.Y. Law Firm to Pay the State $200K Over Data Breach
The breach, which compromised the private data of nearly 115,000 hospital patients, including more than 61,000 New Yorkers, found the law firm failed to comply with health information privacy and security rules and state law, the New York attorney general's office said. Read More

Understanding Adversaries through Dark Web Intelligence
93 percent of CISOs are concerned about dark web threats, and almost 72 percent of CISOs believe that intelligence on cybercriminals is “critical” to defend their organization and increase cybersecurity. Read More

CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections
The U.S. government’s cybersecurity agency ships a new tool to help network defenders hunt for signs of compromise in Microsoft’s Azure and M365 cloud deployments. Read More

Kids Tech Camp iD Tech still Silent Weeks after a Data Breach
iD Tech, which provides on-campus classes and online tech and coding courses for kids, has yet to acknowledge the breach or notify parents. Read More

New Vulnerabilities found in industrial Control Systems of Major Vendors
The US Cybersecurity and Infrastructure Security has revealed new vulnerabilities in the industrial systems from leading vendors including Siemens, Delta Electronics, Hitachi, and Rockwell. Read More

Ferrari Hacked; Doesn’t Pay $1 Million Ransom Demand
It was the victim of a data breach and extortion demand. Customer names, addresses, email addresses, and telephone numbers may have been acquired by the threat actors. Read More

HEADLINE PRIVACY & IT SECURITY COMPLIANCE NEWS

A zero-day vulnerability has been discovered in Microsoft Outlook, which could potentially allow hackers to take control of affected systems. The vulnerability is believed to be actively exploited by a Chinese state-sponsored hacking group known as Hafnium. Microsoft has released a security patch to fix the vulnerability and is recommending that all Outlook users apply the patch as soon as possible to avoid potential exploitation.

The White House is working on an implementation plan for its recently released National Cyber Strategy. The plan is expected to be completed and issued by June 2023. The strategy includes a framework for addressing cyber threats and improving the country's cybersecurity posture, as well as a focus on improving international cooperation and coordination on cyber issues. The implementation plan will detail how the strategy will be put into action and will involve collaboration between various government agencies, including the Department of Homeland Security, the Department of Defense, and the intelligence community. The plan will also address ways to improve private-sector cooperation and participation in cybersecurity efforts.

Get in touch with us to learn more about how the team of experts at JANUS can help protect your business effectively. Follow us on Twitter and LinkedIn.