Cloud Security News
Latest news in the Cloud Security domain
SolarWinds Hackers Cast a Wide Net
The Solar Winds breach points out the risk in the supply chain, big issue getting better visibility into supply chain risk while adhering to privacy constraints. See full article here
Phishing scams use redirects to steal Office 365, Facebook credentials
Email security remains a key topic on better education and innovative tools beyond the email gateways. Read full article here
Treasury Dept. Warns Against Facilitating Ransom Payments
We are seeing more stories about Ransomware payments and now the echo system. These stories and daily information will help the general public obtain a better understand of the amount of $$$ being lost daily to cyber incidents. We know the story about the local Bank Robber caught for stealing 1k who only had a[…]
Major hospital system hit with cyberattack, potentially largest in U.S. history
Computer systems for Universal Health Services, which has more than 400 locations, primarily in the U.S., began to fail over the weekend. Bad guys will continue to attack the most vulnerable. See full article here
DOJ: 2 Russians Defrauded Cryptocurrency Exchanges
Not a surprise, reason the banks are digging into their customers relationships with the crypto currency exchanges to avoid 3rd and 4th party risk Read full article here
Hackers Use Cloud Monitoring Tool to Install Cryptominers
Hackers are using legit Open Source monitoring tool to gain access to companies AWS workload. Cloud Security will remain a top priority. See full article here
‘Salfram’ Email Campaign Spreads Malware to Businesses
The bad guys will continue to leverage well thought out strategies to get employees to click links, open forms, and attachments to gain access and compromise businesses. Email remains the #1 way the bad guys gain access. See full article here
Hartford mayor: No timeline for when school can start following ransomware attack
Wow, what a bummer for the kids in Hartford. With all the COVID-19 issues and now they’re missing their 1st day of school due to Ransomware… See full article here.
Former Employee Admits Hacking, Damaging Cisco Systems
Insider Threat and the need for better cloud security controls are the key themes with this incident. Read full article here
Is a Ransomware Attack a Reportable Data Breach?
When the local bank gets robbed it is in the news. More news about Ransomware attacks and payments will help the public understand the magnitude of the issue, alignment of proper cyber investment, and overall business results and reputation. See full article here.
Average Cost of a Data Breach in 2020: $3.86M
Measurable data on overall breach impact. See full article here
Global Cybercrime Surging During Pandemic
Not a surprise, remote work force and constant change are driving factors. See full article here…
EU Issues First Sanctions for Cyberattacks
Smart move by EU, make life more difficult for the bad guys. Full article here
NSA, CISA Warn of Threats to US Critical Infrastructure
Internet-accessible OT assets are becoming more prevalent across the 16 U.S. critical infrastructure sectors as companies increase remote operations and monitoring, accommodate a decentralized workforce, and expand outsourcing of key skill areas such as instrumentation and control, OT asset management/maintenance. OT and IT Discovery & Mgt. plus secure remote access will remain hot areas. Full article here…
FBI Alert Warns of Increase in Disruptive DDoS Attacks
More to watch out for in 2020, this technique helps amplify the DDoS attack without using as many resources but can also create a much more disruptive cyber-threats. Full article here.
Iranian Hackers Accidentally Exposed Training Videos
Spear phishing are emails are again the vehicle to compromise targets by taking over their accounts quickly. Full article here
Several Prominent Twitter Accounts Hijacked in Cryptocurrency Scam
Did the high profile targets fail to enable mfa? Was this a Twitter employee, insider? Bad guys will continue to use new techniques. Full article here…
FTC Assessing Whether Its Health Data Breach Rule Is Stale
Interesting discussion about breach notification and assessing potential FTC and HIPAA changes. Read full article here.
SafeBreach Raises $19 Million to Expand Channels, Accelerate Product Development
Congratulation to Guy and team! Full article here
COVID-19 upends supply chain, 3rd-party risk rises
Companies are placing more focus on 3rd party risk management programs per increased C-19 risk and scrutiny from regulators. See full article here…
Impact of Coronavirus Outbreak on Early Stage Venture Investment in Cybersecurity
The COVID-19 coronavirus outbreak will likely have an impact on early-stage venture investment in cybersecurity, yet the need to protect remote professionals and handle the increased attacks have investors and industry professionals optimistic. Full article here…
RSA 2020: In the Wake of a Major Breach, Equifax Makes Ambitious Changes
Great presentation by Jamil at RSA which outlined their staggering cyber spend commitment, 1.25b to be a leader in this space and focus improvement areas including organizational culture; compliance with regulations and certification requirements; its relationship with customers; and its specific cybersecurity controls, especially its tools and policies. Full article here
Every voter in Israel just had their data leaked in ‘grave’ security breach
Another story about lost PII, exposing gaps in cyber controls. All 6.5 million voters in Israel have just had their personal data leaked, reports the New York Times. The full names, addresses, and identity card numbers are among the information that was leaked about every eligible voter in the country. In some cases, phone numbers were also[…]
Cyber Startup Netskope Raises $340 Million in Sequoia-Led Round
Congratulations to Sanjay and the Netskope Team! 3B dollar valuation backed by the top security investors quite impressive. Read full article here.
Cyber-Attack on US Water Company Causes Network Outage
Targeted attack to disrupt daily activities. Read full article here…
Treasury Wants to Collect More Cyber Risk Details From Banks
The Boston Consulting reports that U.S. financial firms experience up to 300 times more cyber incidents in a year than organizations in other sectors, key driver why the Treasury Department will continue to request more detail to assess risk and compare/contrast detail. See full article here.
BEC Fraudsters Targeting Financial Documents: Report
These emails continue to get past SPAM email gateways, account takeover emails are the toughest to identify and doing global damage. Read full articles here.
‘Cable Haunt’ Modem Flaw Leaves 200 Million Devices at Risk
Some ISPs have been fixing via firmware updates but more need to follow. Read full article here.
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About
Excellent summary on the top issues and expected advancement of AI and machine learning solutions to improve cyber protection, identification and remediation. Read full article here.
Insight Partners’ Latest Purchase: IoT Security Firm Armis
Congratulations to the Armis Team!!! Game changing products drive fantastic multiples validated by smart Investors and successful customer deployments. Cheers!!!! Read full article here
US Conflict With Iran Sparks Cybersecurity Concerns
After an Iranian general was killed in a U.S. drone strike in Baghdad late Thursday night, security experts and the Department of Homeland Security warned of possible retaliatory cyber strikes from Iran that could target critical infrastructure, government agencies as well as private businesses. No doubt, tension in Middle East will spark more attacks and[…]
Predictions 2020: Cloud, Kubernetes and cybersecurity will rule
Cloud, Cyber and Kube spending will continue to increase in 2020, consistent feedback from our customer base. Full article here…
Where Top VCs are Investing in Cybersecurity
Cyber security budgets continue to increase and money keeps pouring into Cyber Innovation companies. Peer discussions regarding deployment value critical in purchasing or investing in the early stage companies. Read full article here
Merck Cyberattack’s $1.3 Billion Question: Was It an Act of War?
Cyber Insurance a must have investment, contract language critical to who pays or not. Expect much tighter language in the future. Read full article here…
Attackers Demand $14 Million Ransom From IT Services Firm
Third Party risk, what happens when your vendors cant pay? Business impact? Risk? Disruption? Read full article here…
Quest Diagnostics Proposed Breach Settlement Approved
Patients Whose HIV Test Results Were Exposed Will Get $75. Read full article here.
Data Breaches Will Cost Healthcare $4B in 2019, Threats Outpace Tech
Real impact on business bottom line! Investment in cyber protection will continue to increase. Read full article here.
Data Breach Warning For 200 Million Android And iOS Gamers
More access to PII data, passwordless authentication can’t come fast enough for Words with Friends game users. For the time being, it is smart to change passwords on other services too. See full article here.
Smaller Medical Providers Get Burned by Ransomware
Good to see press on this issue/pain, the public is clueless about the amount $$$ being paid to Ransomware daily…we know about every $1,000, etc…stolen from banks in our area yet little on real $$$ cyber losses/payments… See full article here.
Comcast, Mastercard, and Samsung Are Pouring Millions Into This Password-Killing Startup
Congratulation to the HYPR Team! Getting rid of passwords and shared secrets will be a huge time saver for many along with a much easier authentication experience. Read full article here.
Iranian Hacking Group Continues Targeting Universities
Iranian fraudsters targeting intellectual property, critical to identify and protect crown jewel IP and applications. Full read article here…
Businesses Across the Board Scramble to Comply With California Data-Privacy Law
This law is going to drive major spend in Data Protection in 2020. The British Airways GDPR fine of 230MM and Marriott fine of 124MM tip of the iceberg. Read full article here…
Almost 200K affected by Presbyterian Healthcare Services data breach
The breach occurred via a spear phish e-mail attack on an employee. E-Mail remains the #1 method fraudsters penetrate organizations. Read full article here.
Ransomware Attacks Are Testing Resolve of Cities Across America
Major problems for those exposed with low IT budgets. Read full article here…
Capital One Cyber Staff Raised Concerns Before Hack
This is not a surprise, Capital One is one of the most Cloud forward financial firms in the world. Unfortunately, not a fun position per the risk for Security professional’s personal name, reputation and trust. Core reason many Global Banks remain cloud careful on the journey to the cloud. Full Article Here…
Capital One breach exposes not just data, but dangers of cloud misconfigurations
Correct and understanding your cloud workload inventory, data exposure. Data Protection is a top security initiative for my customers. Full Article Here….
Microsoft: Russia Probes Office Printers, VOIP Phones
Discovering and monitoring/managing unmanaged IoT devices hot topic per potential impact/damage to Labs, Manufacturing Plants, Corporate networks, etc. Read full article here…
Capital One Data Breach Spurs More Lawsuits
This has driven many meetings this week with my customers to assess current state risk. Former Amazon employee/insider and lost Capital One PII, this will be a hot topic on Capitol Hill. Read full article here…
The Capital One breach is more complicated than it looks
Most Cloud forward FS company got breached per a misconfigured AWS server, former AWS employee was the perpetrator who went public about the stolen PII data. Read full article here…
How Companies Are Tackling a Lack of Cybersecurity Experts
Consistent issue, we must do a better job attracting BS & BA students into Cyber through offering intro classes with different options per the multiple roles/requirements needed. Read full article here…
Critical vulnerability in Instagram can allow hackers to take complete control of anyone’s account
Turning on two factor authentication would stop this invasion of privacy and accessing user accounts. Read full article here…
US Virgin Islands Police Department and Water & Power Authority suffer security incidents
The Police got hit with Ransomware and Water Power Authority Business E-Mail Compromise-2.3MM loss. BEC is a major problem, my customers are moving this up the Cyber Innovation priority list. Read full article here…
British Airways faces record £183m fine for data breach
BA is hit hard for losing personal data. This is 367x higher than the previous Facebook 500k fine. The UK law mirrors the GDPR law, this fine will drive more focus on data protection and compliance. Read full article here…
Israeli cybersecurity co TrapX raises $18M
Congratulations to the TrapX Team! See full article here…
Insider exposes PII of 2.9 million Desjardins customers
Insider threat remains top priority. Many underestimate human factors. Read full article here…
Florida city pays $600,000 to hackers who seized its computer system
Companies are paying these fees daily, we hear about the local bad guys stealing small money from local banks yet the the thousands being paid for Ransomware is not being reported in our newspapers. Read full article here…
Evite hit with data breach
More PII exposed=new business opportunity in the Dark Web! Companies will start creating new data retention policies which decrease the time stored. Read full article here…
SecurityScorecard Closes $50 Million in Series D Financing Round
Congratulations to the SecurityScorecard Team!!! Read full article here…
First American Mortgage Faces NY Regulator Inquiry, Lawsuit
Natural progression after millions of personal documents are exposed on the internet. Read full article here…
Quest Diagnostics Statement on the AMCA Data Security Incident
Third party partnership exposes Quest Read Full Article Here…
First American Financial website leaked 885 million documents
Yikes, major exposure! About 885 million documents, including bank account numbers, mortgage records, Social Security numbers, drivers’ license images and tax records, have been leaked by First American Financial Corp.’s website. Anyone with a web browser and a URL for a legitimate document could access the real estate title company’s records. Full article here…
Ransomware Cyberattacks Knock Baltimore’s City Services Offline
This has delayed home sales and halted water Bill’s for 2 weeks. The city will not pay the ransom and working around system outages. Read full article here…
Verizon Breach Report: Attacks on top executives and cloud-based email services increased in 2018
Account takeover and spear phish e-mails targeting third parties who have relationships with the targeted companies will continue to increase in 2019. Read full article here…
What You Don’t Know Can Hurt You — Armis Secures the Enterprise of Things
Congratulations to Yevgeny and Team! My early adopters have confirmed the deployment value of Armis. READ FULL ARTICLE HERE
Cyberattack Exposes PHI in Email Accounts
Account takeover emails are difficult to stop, another example of the potential damage. Read full article here…
Hospital viruses: Fake cancerous nodes in CT scans, created by malware, trick radiologists
Wow, scary… Full article here…
Facebook’s Early, Misguided Call on Breach Disclosure
Disclosing breaches faster per the pressure of data privacy regulation will continue to be a hot topic. View full article here…
Norsk Hydro Ransomware Attack Is ‘Severe’ But All Too Common
Ransomware takes down production lines in one of the world largest aluminum manufacturers. No ransom was requested, they just took down the lines. I expect increased security investment in Manufacturing and Lab environments to improve cyber resiliency and visibility. Full article link here
What’s driving cyber demand?
Hottest product in the Insurance Market. The Cyber losses will continue to significantly increase. Read full article here…
Key trends in information security: Forecasting the top 4 RSA Conference themes for 2019
Great week at the RSA conference this week. This article summarizes hot topics. The key metric remains successful enterprise deployments to determine potential impact and value. Read full article here
Airbus Hacked: Aircraft Giant Discloses Data Breach
Aerospace giant Airbus says it suffered a hack attack leading to a data breach. Click here to read the full article…
Millions of Bank Loans and Mortgage Info Leak
Interesting article about PII exposure and the complexity of managing primary and secondary 3rd party relationships. Read full article here
Hackers Leak Hundreds of German Politicians’ Personal Data
Creative 20 year old shows how he can create havoc for German Politicians with weak passwords and poor hygiene. Hundreds of members of the German parliament, Chancellor Angela Merkel as well as numerous local celebrities have had their personal details and other sensitive information leaked online. Read full article here
Marriott Data Breach Is Traced to Chinese Hackers as U.S. Readies Crackdown on Beijing
From the first revelation that the Marriott’s computer systems had been breached, there was widespread suspicion that the hacking was part of a broad spy campaign to amass Americans’ personal data. Read full article here
Marriott says its Starwood database was hacked for approximately 500 million guests
Another major breach, notice the alignment of business-share price dropped by 6% and expect further drops today and risk. 500 million guests PII exposed….Brand, reputation and trust exposed… Read full article here…
A Plan to Turn New York Into a Capital of Cybersecurity – The New York Times
NYC stepping up yet long way to go…. Read full article here
Quora says 100 million users hit by security breach | Reuters
Improving authentication controls with next generation tools leveraging passwordless, bio metrics and AI critical to stopping the bad guys. Read full article here
Cloud Giants Continue Pouring Billions Into Data Centers
The growth of Cloud computing will continue to increase. The Giants have a great view into forecasts and pipeline thus the massive investment. Huge opportunity for innovative cyber security companies who address the gaps. Even though there are indications that overall cloud data center spend may be slowing down, the biggest cloud providers continue[…]
Facebook Fined £500,000 for Cambridge Analytica Data Scandal
There will continue be penalties for improperly gathering and misusing personal data. This time 89mm users and big fine. Facebook has finally been slapped with its first fine of £500,000 for allowing political consultancy firm Cambridge Analytica to improperly gather and misuse data of 87 million users.
Anthem’s $16M breach settlement reminds others to assess their cyber risks
Another example why Healthcare companies must invest in unconventional controls to protect their members and patients. This is not a simple check box process, the bad guys continue to change tactics and build game plans how to beat existing products and known controls. Brand, reputation, trust at stake. Read full article here
Our focus
Cloud Security Solutions specializes in connecting the Global 1000 and innovative security Start Ups.
Global 1000
We work closely with the Global 1000 Financial vertical who are early adopters facing complex challenges.
Innovative Start Ups
CSS advises the Start Up on core must have requirements from the Global 1000
Unique Research
CSS synthesizes research from across our customer base to identify innovative companies delivering strong ROI.