Cyber Threat Report: Cyber Security News for 09/01/22

Researchers say Cisco Firewall Software Remains Vulnerable to Attack Despite Patch
Rapid7 researchers conduct a test on Cisco's firewall where they find a major threat in Adaptive Security Software, ASDM, and Firepower Services Software for ASA, which was left unpatched for months. Read More

Cyber-Insurance Firms Limit Payouts, Risk Obsolescence
Businesses need to re-evaluate their cyber-insurance policies as firms like Lloyd’s of London continue to add restrictions, including excluding losses related to state-backed cyber attackers. Read More

Worldwide Safety Alert Issued for Thousands of Tourist Planes over Fears take-off and Landing Technology Could be Hacked
The potential issue could let hackers trick pilots into using the wrong settings, potentially causing a crash, by tampering with data. Read More

As States Ban Ransom Payments, What Could Possibly Go Wrong?
North Carolina Ban Affects State/Local Governments, Public Schools, and Universities. Read More

FTC Sues Data Broker Kochava over Sale of Data Tying Users to Health Clinics
The alleged sale of geolocation data from “hundreds of millions” of mobile devices could tie users to reproductive health clinics, addiction recovery facilities, places of worship, and homeless and domestic violence shelters. Read More

Lack of Budget and Staff Hinders Vulnerability Management Programs
Based on responses from 213 security pros, respondents cited issues ranging from the amount of time to patch and resolve vulnerabilities, high false-positive rates, inefficient prioritization of vulnerabilities, ineffective responses, and the use of multiple vulnerability management tools and vendors instead of a single unified platform. Read More

NATO Investigates Dark Web Leak of Data Stolen From Missile Vendor
Documents allegedly belonging to an EU defense dealer include those relating to weapons used by Ukraine in its fight against Russia. Read More

77% of Security Leaders Fear We’re in Perpetual Cyberwar from Now On
A survey of cybersecurity decision-makers found that 77% think the world is now in a perpetual state of cyber warfare. 82% also believe geopolitics and cybersecurity are “intrinsically linked”. Read More

Headline Privacy & IT Security Compliance News

Despite Cisco’s patchwork to their vulnerable system that occurred at the beginning of the month, the software company, Rapid7, is still reporting signs of the potential risk to their firewall. According to Rapid7, A large percentage of customers have failed to implement other recent security updates to their software. Cisco representatives updated its customers that it had resolved outstanding issues with CVE-2021-1585 and CVE-2022-20829, however, CVE-2021-1585 can still be exploited by attackers when clicking through a pop-up window.

With cyber attacks and ransomware rapidly increasing, and several corporations facing potential breaches, cyber insurance firms are beginning to reevaluate their terms and conditions, adopting exclusions for catastrophic cyberattacks conducted by "state-backed" actors. Security and risk experts say that with these new exclusions in place, the impact on the insurers is drastically decreased making taking out a policy potentially not worth it. As a result, insurance firms have increased premiums, put sub-limits on ransomware, and now adopted broad exclusions, which can result in delayed payouts and an increase in lawsuits when insurers refuse to pay out on such a large policy.

Get in touch with Chris Kniffin, Corporate Director, to learn more about how the team of experts at JANUS can help protect your business effectively. Follow us on Twitter and LinkedIn.