Cloud Security News
Latest news in the Cloud Security domain
The inbound phishing attacks will continue to get more creative, e-mail remains the #1 approach to penetrating security organizations. Criminal indictments against three alleged high-level members of a prolific cybercrime gang called FIN7, unsealed last week, reveal the low-tech attack tactics that had high levels of success.
Exabeam, a cybersecurity startup that leverages big data, machine learning, and analytics to detect and respond to cyber threats, has raised $50 million in a series D round of funding led by Lightspeed Venture Partners, with participation from Cisco Investments, Norwest Venture Partners, Aspect Ventures, Icon Ventures, and Shlomo Kramer. Congratulations to Exabeam! One of my Fortune Top[…]
The cost of the city of Atlanta’s mitigation and subsequent IT overhaul following a massive SamSam ransomware infection earlier this year could reach $17 million. Continue Reading…
Taiwan Semiconductor Manufacturing Co., the world’s largest chip manufacturer, says a WannaCry infection hit unpatched Windows 7 systems in its fabrication facilities, leaving multiple factories crippled. The chipmaker traced the infection to a new software tool that it failed to scan for malware before installation, and says the outbreak could cost it $170 million.
https://www.databreachtoday.com/hackers-grab-15-million-patients-details-in-singapore-a-11228 Prime Minister was the target, now 25% of the Singapore medical records exposed.
Article Link The database houses approximately 340 million records. Security researcher, Vinny Troia, said that there were roughly 230 million consumer records exposed, and 110 million business contacts. That represents essentially every adult in the United States.
Article Link Digital coins will continue to be a priority target for the good guys.
Article Link Current and former disgruntled employees are driving the need for better analytics/detail on normal/abnormal behavior.
Article Link More Insurance and Health records exposed, yikes….These articles are helping the general public understand the magnitude of the risk and impact on business, brand and reputation.
Article Link The Canadian banks have reported being contacted by external ‘fraudsters’ claiming to have accessed information on an estimated 90,000 customers.
Article Congratulations to Agari!!! They have consistently delivered impact and value for my customers. Goldman Leading the series E raise of 40MM is great validation. E-Mail remains the #1 way bad guys penetrate and exploit Global accounts….Agari is the E-Mail Security leader in protecting customers and stopping the sophisticated use cases getting past E-Mail SPAM[…]
https://threatpost.com/banco-de-chile-wiper-attack-just-a-cover-for-10m-swift-heist/132796/ Gaining better visibility into application dependency mapping with a specific focus on SWIFT is a high priority for my Global Banks. Last year there were 8 reported SWIFT breaches driving more investment in better visibility and micro segmentation.
A six-month coordinated global law enforcement effort to crack down on business email compromise schemes has resulted in 74 arrests. 74 Arrests in Business Email Compromise Takedownhttp://cloudsecuritysol.com/cms/?p=448&preview=true
Unfortunately, companies are making business decisions when paying the hackers. The public does not understand the magnitude of the daily global payments.https://www.databreachtoday.com/hackers-demand-770000-ransom-from-canadian-banks-a-11050
Hoping to thwart a sophisticated malware system linked to Russia that has infected hundreds of thousands of internet routers, the F.B.I. has made an urgent request to anybody with one of the devices: Turn it off, and then turn it back on. Source: F.B.I.’s Urgent Request: Reboot Your Router to Stop Russia-Linked Malware – The[…]
A revolution in how companies handle your personal information is happening.The General Data Protection Regulation (GDPR) comes into effect across the European Union on May 25, introducing much tougher rules on data privacy. Source: GDPR: The simple guide to Europe’s new data privacy law
The Cybersecurity 202: Why cybersecurity experts are so concerned about the health-care industry – The Washington Post
New research released by two security companies paints an unsettling picture for the health-care industry: Hackers are stepping up their attacks on hospitals and other health organizations that may be ill prepared to defend against the wave of malicious activity. Source: The Cybersecurity 202: Why cybersecurity experts are so concerned about the health-care industry –[…]
17.6 million driver’s license numbers, thousands of ID images stolen in breach. Source: Equifax breach exposed millions of driver’s licenses, phone numbers, emails | Ars Technica
Australian Information Commissioner slammed for keeping quiet over lost Commonwealth Bank data – Security – CRN Australia
Australia’s information commissioner has come under fire after it emerged last week that it failed to recover lost customer account data from the Commonwealth Bank and deemed it ‘low risk’. Source: Australian Information Commissioner slammed for keeping quiet over lost Commonwealth Bank data – Security – CRN Australia
The Center for Orthopaedic Specialists (COS) recently learned that our computer system was compromised by a security event that affected our three facilities in West Hills, Simi Valley and Westlake Village, Calif. Malicious software was used to gain access to and encrypt patient data in our system in the hopes of getting COS to pay[…]
Unauthorized access to an employee’s email account has resulted in a breach affecting 30,000 current and former rental customers of Inogen, a maker and supplier of oxygen equipment, the publicly traded company has disclosed in a filing with the Securities and Exchange Commission. Source: Email Breach at Oxygen Equipment Maker Affects 30,000
Under Armour Inc. UA, +1.13% said late Thursday it has detected a data breach in MyFitnessPal user accounts. The breach did not include government-issued identifiers, such as Social Security numbers and driver’s license numbers, which the company does not collect from users, or credit-card data, which is processed separately, Under Armour said. About 150 million user accounts were[…]
Pennsylvania on Monday filed a lawsuit against Uber for allegedly violating the state’s mandatory breach notification law. It’s the latest in a long string of legal and regulatory actions Uber is facing from a serious data breach the company waited more than a year to disclose. Source: Pennsylvania Sues Uber Over Late Breach Notification
Spectre/Meltdown caused a lot of lost time/pain and Intel is feeling the heat Source: Intel Faces 32 Spectre/Meltdown Lawsuits – DataBreachToday
The public is blind to the magnitude of the state cybercrimes. Bank robberies are reported daily with small $$$$ amounts while the same day many companies are paying ransomware $$$ to keep IT systems alive….Brand, reputation and trust are part of the reason the public is blind to current state. GDPR is the start of[…]
Net Impact, Customers lose access to their Internet Banking services for a few hours and become more aware of the state of cyber-attacks on global banks. Renewed cyber attacks on Dutch banks ABN Amro, ING at weekend Source: Renewed cyber attacks on Dutch banks ABN Amro, ING at weekend – DutchNews.nl
Source: Japanese cryptocurrency exchange loses more than $500 million to hackers
DDoS Attacker Targeted Banks, Police, Former Employer Nice to see the bad guys going to jail!!!!! Source: DDoS Attacker Targeted Banks, Police, Former Employer
It was only last November that the UIDAI asserted that “Aadhaar data is fully safe and secure and there has been no data leak or breach at UIDAI.” Today, The Tribune “purchased” a service being offered by anonymous sellers over WhatsApp that provided unrestricted access to details for any of the more than 1 billion[…]
Serious Meltdown and Spectre Flaws Make CPUs Exploitable Source: Serious Meltdown and Spectre Flaws Make CPUs Exploitable
DHS Says 246,000 Employees’ Personal Details Were Exposed Source: DHS Says 246,000 Employees’ Personal Details Were Exposed
Forever 21 Suffered 7-Month POS Malware Attack Source: Forever 21 Suffered 7-Month POS Malware Attack
*Equifax, 146 mm accounts impacted per lost names, birth dates, addresses and social security numbers. *Yahoo reports it under estimated the number of accounts impacted by 2013 breach, 3B where thieves stole email addreses, names and phone numbers. *Uber reports cover up where they paid 100k to keep thieves quiet per the customer data stolen[…]
The alleged theft of mental health information on more than 28,000 patients in Texas, which went undetected for well over a year, is yet another reminder of the substantial risks that terminated employees can pose as well as the need to take extra steps to protect the most sensitive patient information. Source: Insider Allegedly Steals[…]
Consider $2 per lost record versus $1,200 per lost record. That’s the difference between what Hilton will pay to New York State versus what it will pay to EU regulators once the GDPR takes effect in May. Source: Hilton Was Fined $700K for a Data Breach. Under GDPR It Would Be $420M | Digital Guardian
More news on SWIFT driving more effort on improved visibility and protection. Source: SWIFT warns banks on cyber heists as hack sophistication grows
Zeus Banking Trojan Spawn: Alive and Kicking Source: Zeus Banking Trojan Spawn: Alive and Kicking – DataBreachToday
PII data at a premium in the dark web… Many more to follow, watch your credit cards. Hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc., a massive breach that the company concealed for more than a year. Source: Uber Paid Hackers to Delete Stolen Data on 57 Million[…]
Establishing policy around Cloud Security configurations and monitoring compliance is critical element as companies move to AWS and Azure. Source: Pentagon Cache of Over 1.8 Billion Scraped Social Media Posts Left Unsecured on Amazon Server
Good to see Europol Chief provide more detail on the state of attack. They estimate 4k/ransomware attacks per days on consumers and businesses. We rarely see these stories in our local newspaper which hurts overall understanding of the state of the problem. Source: Financial Sector Under Increasing Cybercrime Threat
Not surprised by this article, many customers investing time in getting better visibility into the SWIFT environment driving toward application segmentation. The perimeter investments are not enough. Source: Report: Attackers Hacked Nepalese Bank’s SWIFT Server
More Ransomware….Why do we hear about every Bank robbery on a daily basis in our States and rarely hear about our local companies paying hefty ransomware bills? Would this press help with awareness of the problem and overall risk? Source: New ransomware is causing major issues across Europe and Russia
Application Micro Segmentation is a hot topic with my Global Banks specifically targeting SWIFT and other payment applications. Source: North Korean hackers suspected of targeting Nepali bank SWIFT codes
The security protocol used to protect the vast majority of wifi connections has been broken, potentially exposing wireless internet traffic to malicious eavesdroppers and attacks, according to the researcher who discovered the weakness. Source: Serious flaw in WPA2 protocol lets attackers intercept passwords and much more | Ars Technica
The Equifax breach is getting a ton of press attention per the magnitude of the breach, Executives selling stock and analysis on the response. Trust, Brand and Reputation tied closely with Managing Cyber Security Risk.
Hospitals are getting hit hard by the bad guys. Important for Hospitals to learn about the security investments that are delivering impact and value for the FS vertical and those which have been a bust.
Data protection and Third Party policy, monitoring and governance will continue to get more attention and priority.
E-Mail Security is a top priority for many of my customers, creative inbound spear phishing attacks on Executives continues to increase.
Net, Human error in the Cloud can lead to much bigger exposure driving need for stricter policy, governance and overall process.
This incident drove the new SWIFT Application Central Framework and more diligence by the Regulators. Application Micro Segmentation to protect SWIFT is a hot topic, vendors like CIX Software benefiting.
Great example on how cyber incidents impact the bottom line along with brand, trust, and reputation.
Net, the move to the Cloud must be carefully managed with strong policy, process and governance.
Yikes, the perils of moving to the cloud with poor process, policies and controls. At least no credit card or password details exposed, yet plenty of PII.
Congratulations Skycure!!! Great product for protecting the corporate network and employees from malicious WIFI and Malware. Smart investment by Symantec.
NotPetya cyber attack impacts business across many verticals. Investment in cyber security is about mitigating and effectively managing business risk.
The goal of this virus is to damage and destruct data. NotPetya/Petya is not ransomware, but rather a wiper virus bent on destruction. Princeton Community’s decision to replace its systems is likely the only way to regain normal function of its computers.
But in this case, modern-day detection systems created by Cylance, McAfee and Microsoft and patching systems by Tanium did not catch the attack on IDT. Nor did any of the 128 publicly available threat intelligence feeds that IDT subscribes to. Even the 10 threat intelligence feeds that his organization spends a half-million dollars on annually[…]
Third Party Risk scoring standardization progress being by a group including Aetna, Goldman, Home Depot, JPMC. http://www.insurancejournal.com/news/national/2017/06/21/455258.htm
The Global Cyber Alliance (GCA) found that only 6 of the 50 largest public hospitals in the U.S. are protecting their email domains. Net, deploying DMARC can protect your employees and customers from e-mail phishing attacks. It can also deliver tangible metrics including the number of malicious e-mails stopped per month, as well as reduced[…]
Tanium is deploying impact and value across my customer base with real time communication to thousands of endpoints in seconds. They continue to add modules to address security gaps and offer a means to start replacing agents/products that are not delivering on their promised value.
Protecting Consumers and Employees from malicious e-mails should be a priority through the use of DMARC. The majority of my customers have established a Trusted E-Mail Program.
Netskope has the best DLP engine for both sanctioned and unsanctioned Cloud Applications. Companies deploying Office 365, Google Apps, Box, etc. should take a look at standardizing on Netskope.
Hackers selling 117 million LinkedIn passwords by Jose Pagliery @Jose_PaglieryMay 19, 2016: 10:59 AM ET Your video will play in 00:26 LinkedIn was hacked four years ago, and what initially seemed to be a theft of 6.5 million passwords has actually turned out to be a breach of 117 million passwords. On Wednesday, the[…]
Verizon Enterprise Solutions, a B2B unit of the telecommunications giant that gets called in to help Fortune 500’s respond to some of the world’s largest data breaches, is reeling from its own data breach involving the theft and resale of customer data, KrebsOnSecurity has learned. Earlier this week, a prominent member of a closely guarded underground[…]
Despite Small Gains, CISOs Face an Uphill Battle in the C-Suite Source: Threat Track Security September 16, 2015 Compared to a year ago, CISOs have gained some respect in terms of perceived leadership qualities, but C-level executives still can’t shake the temptation to use the role primarily as a scapegoat for data breaches. And though cybersecurity[…]
Enterprises must protect their Cloud investment with proper Security Controls The cost savings the cloud brings to companies have CFOs in good spirits, as the savings can be reinvested in other business processes and objectives. With the meteoric rise of cloud computing, it has become obvious that IT is no longer just all about IT. As each non-IT[…]
Source: Bank Info Security Warnings about new data breaches being discovered now appear to arrive daily, if not faster. But this week’s mega-dump of hacked Ashley Madison data shows how this hacking incident differs from run-of-the-mill data breaches in numerous ways (see Ashley Madison Hackers Dump Stolen Data). For starters, the self-described “world’s leading married[…]
Target’s breach-related expenses not covered by insurance have totaled $162 million so far, its latest financial report shows. And experts says the breach could continue to have a financial impact for years to come. Gross expenses stemming from Target’s data breach in December 2013 have totaled $252 million. But insurance has covered $90 million of[…]
Cloud Security Solutions specializes in connecting the Global 1000 and innovative security Start Ups.
We work closely with the Global 1000 Financial vertical who are early adopters facing complex challenges.
Innovative Start Ups
CSS advises the Start Up on core must have requirements from the Global 1000
No Charge Research
CSS correlates research across our customer base to identify Innovation companies that are delivering strong ROI.