Cloud Security News
Latest news in the Cloud Security domain
Capital One Cyber Staff Raised Concerns Before Hack
This is not a surprise, Capital One is one of the most Cloud forward financial firms in the world. Unfortunately, not a fun position per the risk for Security professional’s personal name, reputation and trust. Core reason many Global Banks remain cloud careful on the journey to the cloud. Full Article Here…
Capital One breach exposes not just data, but dangers of cloud misconfigurations
Correct and understanding your cloud workload inventory, data exposure. Data Protection is a top security initiative for my customers. Full Article Here….
Microsoft: Russia Probes Office Printers, VOIP Phones
Discovering and monitoring/managing unmanaged IoT devices hot topic per potential impact/damage to Labs, Manufacturing Plants, Corporate networks, etc. Read full article here…
Capital One Data Breach Spurs More Lawsuits
This has driven many meetings this week with my customers to assess current state risk. Former Amazon employee/insider and lost Capital One PII, this will be a hot topic on Capitol Hill. Read full article here…
The Capital One breach is more complicated than it looks
Most Cloud forward FS company got breached per a misconfigured AWS server, former AWS employee was the perpetrator who went public about the stolen PII data. Read full article here…
How Companies Are Tackling a Lack of Cybersecurity Experts
Consistent issue, we must do a better job attracting BS & BA students into Cyber through offering intro classes with different options per the multiple roles/requirements needed. Read full article here…
Critical vulnerability in Instagram can allow hackers to take complete control of anyone’s account
Turning on two factor authentication would stop this invasion of privacy and accessing user accounts. Read full article here…
US Virgin Islands Police Department and Water & Power Authority suffer security incidents
The Police got hit with Ransomware and Water Power Authority Business E-Mail Compromise-2.3MM loss. BEC is a major problem, my customers are moving this up the Cyber Innovation priority list. Read full article here…
British Airways faces record £183m fine for data breach
BA is hit hard for losing personal data. This is 367x higher than the previous Facebook 500k fine. The UK law mirrors the GDPR law, this fine will drive more focus on data protection and compliance. Read full article here…
Israeli cybersecurity co TrapX raises $18M
Congratulations to the TrapX Team! See full article here…
Insider exposes PII of 2.9 million Desjardins customers
Insider threat remains top priority. Many underestimate human factors. Read full article here…
Florida city pays $600,000 to hackers who seized its computer system
Companies are paying these fees daily, we hear about the local bad guys stealing small money from local banks yet the the thousands being paid for Ransomware is not being reported in our newspapers. Read full article here…
Evite hit with data breach
More PII exposed=new business opportunity in the Dark Web! Companies will start creating new data retention policies which decrease the time stored. Read full article here…
SecurityScorecard Closes $50 Million in Series D Financing Round
Congratulations to the SecurityScorecard Team!!! Read full article here…
First American Mortgage Faces NY Regulator Inquiry, Lawsuit
Natural progression after millions of personal documents are exposed on the internet. Read full article here…
Quest Diagnostics Statement on the AMCA Data Security Incident
Third party partnership exposes Quest Read Full Article Here…
First American Financial website leaked 885 million documents
Yikes, major exposure! About 885 million documents, including bank account numbers, mortgage records, Social Security numbers, drivers’ license images and tax records, have been leaked by First American Financial Corp.’s website. Anyone with a web browser and a URL for a legitimate document could access the real estate title company’s records. Full article here…
Ransomware Cyberattacks Knock Baltimore’s City Services Offline
This has delayed home sales and halted water Bill’s for 2 weeks. The city will not pay the ransom and working around system outages. Read full article here…
Verizon Breach Report: Attacks on top executives and cloud-based email services increased in 2018
Account takeover and spear phish e-mails targeting third parties who have relationships with the targeted companies will continue to increase in 2019. Read full article here…
What You Don’t Know Can Hurt You — Armis Secures the Enterprise of Things
Congratulations to Yevgeny and Team! My early adopters have confirmed the deployment value of Armis. READ FULL ARTICLE HERE
Cyberattack Exposes PHI in Email Accounts
Account takeover emails are difficult to stop, another example of the potential damage. Read full article here…
Hospital viruses: Fake cancerous nodes in CT scans, created by malware, trick radiologists
Wow, scary… Full article here…
Facebook’s Early, Misguided Call on Breach Disclosure
Disclosing breaches faster per the pressure of data privacy regulation will continue to be a hot topic. View full article here…
Norsk Hydro Ransomware Attack Is ‘Severe’ But All Too Common
Ransomware takes down production lines in one of the world largest aluminum manufacturers. No ransom was requested, they just took down the lines. I expect increased security investment in Manufacturing and Lab environments to improve cyber resiliency and visibility. Full article link here
What’s driving cyber demand?
Hottest product in the Insurance Market. The Cyber losses will continue to significantly increase. Read full article here…
Key trends in information security: Forecasting the top 4 RSA Conference themes for 2019
Great week at the RSA conference this week. This article summarizes hot topics. The key metric remains successful enterprise deployments to determine potential impact and value. Read full article here
Airbus Hacked: Aircraft Giant Discloses Data Breach
Aerospace giant Airbus says it suffered a hack attack leading to a data breach. Click here to read the full article…
Millions of Bank Loans and Mortgage Info Leak
Interesting article about PII exposure and the complexity of managing primary and secondary 3rd party relationships. Read full article here
Hackers Leak Hundreds of German Politicians’ Personal Data
Creative 20 year old shows how he can create havoc for German Politicians with weak passwords and poor hygiene. Hundreds of members of the German parliament, Chancellor Angela Merkel as well as numerous local celebrities have had their personal details and other sensitive information leaked online. Read full article here
Marriott Data Breach Is Traced to Chinese Hackers as U.S. Readies Crackdown on Beijing
From the first revelation that the Marriott’s computer systems had been breached, there was widespread suspicion that the hacking was part of a broad spy campaign to amass Americans’ personal data. Read full article here
Marriott says its Starwood database was hacked for approximately 500 million guests
Another major breach, notice the alignment of business-share price dropped by 6% and expect further drops today and risk. 500 million guests PII exposed….Brand, reputation and trust exposed… Read full article here…
A Plan to Turn New York Into a Capital of Cybersecurity – The New York Times
NYC stepping up yet long way to go…. Read full article here
Quora says 100 million users hit by security breach | Reuters
Improving authentication controls with next generation tools leveraging passwordless, bio metrics and AI critical to stopping the bad guys. Read full article here
Cloud Giants Continue Pouring Billions Into Data Centers
The growth of Cloud computing will continue to increase. The Giants have a great view into forecasts and pipeline thus the massive investment. Huge opportunity for innovative cyber security companies who address the gaps. Even though there are indications that overall cloud data center spend may be slowing down, the biggest cloud providers continue[…]
Facebook Fined £500,000 for Cambridge Analytica Data Scandal
There will continue be penalties for improperly gathering and misusing personal data. This time 89mm users and big fine. Facebook has finally been slapped with its first fine of £500,000 for allowing political consultancy firm Cambridge Analytica to improperly gather and misuse data of 87 million users.
Anthem’s $16M breach settlement reminds others to assess their cyber risks
Another example why Healthcare companies must invest in unconventional controls to protect their members and patients. This is not a simple check box process, the bad guys continue to change tactics and build game plans how to beat existing products and known controls. Brand, reputation, trust at stake. Read full article here
The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.
The Facebook hack could be Europe’s first big online privacy battle
Interesting implications in Europe The 50 million compromised accounts are the first major test of the GDPR On Friday, a massive breach opened up a new front in the war on Facebook. According the the company, more than 50 million accounts were taken over by a kind of login worm, which used a series of unpublished[…]
What We Know About the Facebook Hack Affecting 50 Million Accounts
More issues with exposed credentials On Friday, Facebook announced that it had discovered evidence of a security breach affecting almost 50 million accounts. The company’s investigation is in its early stages, so there are still many unknowns about the cyberattack. Here’s a rundown of what we know so far based on the details that Facebook has released[…]
Scammers steal half-a-billion pounds from UK banking customers
Industry group UK Finance said £145m of that was due to authorised push payment (APP) scams, in which people are conned into sending money to another account. But £358m was lost to unauthorised fraud, which includes transactions made without account holders’ knowledge. Unauthorised fraud victims are usually refunded by their banks, but most victims of[…]
Healthcare Cybersecurity Is a Top 2019 Executive Challenge
Good to see the Cyber security highlighted as a top priority. Healthcare cybersecurity will be one of the top 10 challenges facing healthcare executives next year, according to a new poll by the Healthcare Executive Group.
NSA leak fuels rise in hacking for crypto mining
A new report says hackers have used a leaked US government software tool to step up illicit mining of cryptocurrencies like bitcoin and monero.
Federal Court Approves $115 Million Settlement in Data-Breach Litigation
Class members whose personal information continues to be stored by the insurer would benefit from the insurer’s commitment to triple its annual spending on data security for the next three years and to adopt certain cybersecurity controls and reforms. Read full article here
British Airways Faces Class-Action Lawsuit Over Data Breach
British Airways has been threatened with a £500 million ($650 million) class-action lawsuit in U.K. court following its warning last week that a hacker had stolen payment card data associated with 380,000 transactions, one of the worst breaches to ever come to light in the country.
The rise of cybersecurity insurance
This is the hottest product in the Insurance industry…no surprise given current state….big market opportunity to price/assess customers fairly and pay for compromise… All companies are potential victims of cyber attacks, and buying insurance is one way many are trying to manage that risk. Why it matters: Companies hit by attacks are exposed to incredible costs[…]
GDPR Effect: Data Protection Complaints Spike
This trend will continue as Global companies strive to improve PII data protection on prem and in the cloud. Three months after the EU’s General Data Protection Regulation went into full effect, the U.K.’s data privacy watchdog says that the number of complaints it has received under GDPR has nearly doubled (see Europe’s Strong GDPR Privacy Rules[…]
The Art of the Steal: FIN7’s Highly Effective Phishing
The inbound phishing attacks will continue to get more creative, e-mail remains the #1 approach to penetrating security organizations. Criminal indictments against three alleged high-level members of a prolific cybercrime gang called FIN7, unsealed last week, reveal the low-tech attack tactics that had high levels of success.
Cybersecurity startup Exabeam raises $50 million to be ‘the next Splunk’
Exabeam, a cybersecurity startup that leverages big data, machine learning, and analytics to detect and respond to cyber threats, has raised $50 million in a series D round of funding led by Lightspeed Venture Partners, with participation from Cisco Investments, Norwest Venture Partners, Aspect Ventures, Icon Ventures, and Shlomo Kramer. Congratulations to Exabeam! One of my Fortune Top[…]
Atlanta’s Reported Ransomware Bill: Up to $17 Million
The cost of the city of Atlanta’s mitigation and subsequent IT overhaul following a massive SamSam ransomware infection earlier this year could reach $17 million. Continue Reading…
WannaCry Outbreak Hits Chipmaker, Could Cost $170 Million
Taiwan Semiconductor Manufacturing Co., the world’s largest chip manufacturer, says a WannaCry infection hit unpatched Windows 7 systems in its fabrication facilities, leaving multiple factories crippled. The chipmaker traced the infection to a new software tool that it failed to scan for malware before installation, and says the outbreak could cost it $170 million.
Hackers Expose Singapore Medical Records
https://www.databreachtoday.com/hackers-grab-15-million-patients-details-in-singapore-a-11228 Prime Minister was the target, now 25% of the Singapore medical records exposed.
Exactis Data Breach Exposes 340 Million Records
Article Link The database houses approximately 340 million records. Security researcher, Vinny Troia, said that there were roughly 230 million consumer records exposed, and 110 million business contacts. That represents essentially every adult in the United States.
South Korea’s Bithumb loses $32 million in digital money heist, bitcoin falls
Article Link Digital coins will continue to be a priority target for the good guys.
Tesla accuses former employee of hacking and transferring data
Article Link Current and former disgruntled employees are driving the need for better analytics/detail on normal/abnormal behavior.
Thousands of records hacked at Latham health billing company
Article Link More Insurance and Health records exposed, yikes….These articles are helping the general public understand the magnitude of the risk and impact on business, brand and reputation.
Bank of Montreal, CIBC’s Simplii Financial report customer data breaches
Article Link The Canadian banks have reported being contacted by external ‘fraudsters’ claiming to have accessed information on an estimated 90,000 customers.
Goldman Sachs Leads $40 Million Investment in Anti-Phishing Firm Agari
Article Congratulations to Agari!!! They have consistently delivered impact and value for my customers. Goldman Leading the series E raise of 40MM is great validation. E-Mail remains the #1 way bad guys penetrate and exploit Global accounts….Agari is the E-Mail Security leader in protecting customers and stopping the sophisticated use cases getting past E-Mail SPAM[…]
BANCO DE CHILE WIPER ATTACK JUST A COVER FOR $10M SWIFT HEIST
https://threatpost.com/banco-de-chile-wiper-attack-just-a-cover-for-10m-swift-heist/132796/ Gaining better visibility into application dependency mapping with a specific focus on SWIFT is a high priority for my Global Banks. Last year there were 8 reported SWIFT breaches driving more investment in better visibility and micro segmentation.
74 Arrests in Business Email Compromise Takedown
A six-month coordinated global law enforcement effort to crack down on business email compromise schemes has resulted in 74 arrests. 74 Arrests in Business Email Compromise Takedown
Hackers Demand $770,000 Ransom From Canadian Banks
Unfortunately, companies are making business decisions when paying the hackers. The public does not understand the magnitude of the daily global payments.https://www.databreachtoday.com/hackers-demand-770000-ransom-from-canadian-banks-a-11050
F.B.I.’s Urgent Request: Reboot Your Router to Stop Russia-Linked Malware – The New York Times
Hoping to thwart a sophisticated malware system linked to Russia that has infected hundreds of thousands of internet routers, the F.B.I. has made an urgent request to anybody with one of the devices: Turn it off, and then turn it back on. Source: F.B.I.’s Urgent Request: Reboot Your Router to Stop Russia-Linked Malware – The[…]
GDPR: The simple guide to Europe’s new data privacy law
A revolution in how companies handle your personal information is happening.The General Data Protection Regulation (GDPR) comes into effect across the European Union on May 25, introducing much tougher rules on data privacy. Source: GDPR: The simple guide to Europe’s new data privacy law
The Cybersecurity 202: Why cybersecurity experts are so concerned about the health-care industry – The Washington Post
New research released by two security companies paints an unsettling picture for the health-care industry: Hackers are stepping up their attacks on hospitals and other health organizations that may be ill prepared to defend against the wave of malicious activity. Source: The Cybersecurity 202: Why cybersecurity experts are so concerned about the health-care industry –[…]
Equifax breach exposed millions of driver’s licenses, phone numbers, emails | Ars Technica
17.6 million driver’s license numbers, thousands of ID images stolen in breach. Source: Equifax breach exposed millions of driver’s licenses, phone numbers, emails | Ars Technica
Australian Information Commissioner slammed for keeping quiet over lost Commonwealth Bank data – Security – CRN Australia
Australia’s information commissioner has come under fire after it emerged last week that it failed to recover lost customer account data from the Commonwealth Bank and deemed it ‘low risk’. Source: Australian Information Commissioner slammed for keeping quiet over lost Commonwealth Bank data – Security – CRN Australia
Center for Orthopaedic Specialists notifies 85,000 patients of ransomware attack
The Center for Orthopaedic Specialists (COS) recently learned that our computer system was compromised by a security event that affected our three facilities in West Hills, Simi Valley and Westlake Village, Calif. Malicious software was used to gain access to and encrypt patient data in our system in the hopes of getting COS to pay[…]
Email Breach at Oxygen Equipment Maker Affects 30,000
Unauthorized access to an employee’s email account has resulted in a breach affecting 30,000 current and former rental customers of Inogen, a maker and supplier of oxygen equipment, the publicly traded company has disclosed in a filing with the Securities and Exchange Commission. Source: Email Breach at Oxygen Equipment Maker Affects 30,000
Under Armour discloses MyFitnessPal data breach – MarketWatch
Under Armour Inc. UA, +1.13% said late Thursday it has detected a data breach in MyFitnessPal user accounts. The breach did not include government-issued identifiers, such as Social Security numbers and driver’s license numbers, which the company does not collect from users, or credit-card data, which is processed separately, Under Armour said. About 150 million user accounts were[…]
Pennsylvania Sues Uber Over Late Breach Notification
Pennsylvania on Monday filed a lawsuit against Uber for allegedly violating the state’s mandatory breach notification law. It’s the latest in a long string of legal and regulatory actions Uber is facing from a serious data breach the company waited more than a year to disclose. Source: Pennsylvania Sues Uber Over Late Breach Notification
Intel Faces 32 Spectre/Meltdown Lawsuits – DataBreachToday
Spectre/Meltdown caused a lot of lost time/pain and Intel is feeling the heat Source: Intel Faces 32 Spectre/Meltdown Lawsuits – DataBreachToday
An ‘Iceberg’ of Unseen Crimes: Many Cyber Offenses Go Unreported – The New York Times
The public is blind to the magnitude of the state cybercrimes. Bank robberies are reported daily with small $$$$ amounts while the same day many companies are paying ransomware $$$ to keep IT systems alive….Brand, reputation and trust are part of the reason the public is blind to current state. GDPR is the start of[…]
Renewed cyber attacks on Dutch banks ABN Amro, ING at weekend – DutchNews.nl
Net Impact, Customers lose access to their Internet Banking services for a few hours and become more aware of the state of cyber-attacks on global banks. Renewed cyber attacks on Dutch banks ABN Amro, ING at weekend Source: Renewed cyber attacks on Dutch banks ABN Amro, ING at weekend – DutchNews.nl
Japanese cryptocurrency exchange loses more than $500 million to hackers
Source: Japanese cryptocurrency exchange loses more than $500 million to hackers
DDoS Attacker Targeted Banks, Police, Former Employer
DDoS Attacker Targeted Banks, Police, Former Employer Nice to see the bad guys going to jail!!!!! Source: DDoS Attacker Targeted Banks, Police, Former Employer
Rs 500, 10 minutes, and you have access to billion Aadhaar details
It was only last November that the UIDAI asserted that “Aadhaar data is fully safe and secure and there has been no data leak or breach at UIDAI.” Today, The Tribune “purchased” a service being offered by anonymous sellers over WhatsApp that provided unrestricted access to details for any of the more than 1 billion[…]
Serious Meltdown and Spectre Flaws Make CPUs Exploitable
Serious Meltdown and Spectre Flaws Make CPUs Exploitable Source: Serious Meltdown and Spectre Flaws Make CPUs Exploitable
DHS Says 246,000 Employees’ Personal Details Were Exposed
DHS Says 246,000 Employees’ Personal Details Were Exposed Source: DHS Says 246,000 Employees’ Personal Details Were Exposed
Forever 21 Suffered 7-Month POS Malware Attack
Forever 21 Suffered 7-Month POS Malware Attack Source: Forever 21 Suffered 7-Month POS Malware Attack
2017 Worst Breach Summary
*Equifax, 146 mm accounts impacted per lost names, birth dates, addresses and social security numbers. *Yahoo reports it under estimated the number of accounts impacted by 2013 breach, 3B where thieves stole email addreses, names and phone numbers. *Uber reports cover up where they paid 100k to keep thieves quiet per the customer data stolen[…]
Insider Allegedly Steals Mental Health Data of 28,000 Patients
The alleged theft of mental health information on more than 28,000 patients in Texas, which went undetected for well over a year, is yet another reminder of the substantial risks that terminated employees can pose as well as the need to take extra steps to protect the most sensitive patient information. Source: Insider Allegedly Steals[…]
Our focus
Cloud Security Solutions specializes in connecting the Global 1000 and innovative security Start Ups.
Global 1000
We work closely with the Global 1000 Financial vertical who are early adopters facing complex challenges.
Innovative Start Ups
CSS advises the Start Up on core must have requirements from the Global 1000
Unique Research
CSS synthesizes research from across our customer base to identify innovative companies delivering strong ROI.