Cybersecurity News

6/26/19 3:42 PM  |  by RedLegg Blog

In your efforts to fix everything, here’s RedLegg’s cyber-news update, featuring some of the top vulnerabilities, risks, and happenings in the industry.

The U.S. Loses Over $1.5 Trillion in a Decade of Data Breaches

Companies may be spending a small amount now vs the incident response, recovery and PR costs associated with a breach.

Read more about this loss of $1.5 trillion in data breaches.

9 YEARS to Discover a Breach?!?!?

Dominion National, a dental and vision insurer, discovered that a breach occurred 9 years ago!  This is a massive problem and one that shows poor security on the part of the organization. This reinforces the importance of Detect and Response tools like SIEM and EDR, as well as leveraging threat intel.

Read more about this nine year old breach.

Bluekeep Coverage Increases Patching

As much as it PAINS us that it takes massive media coverage to get patching done, we’re glad to see this happening. Remember though, you may need a proper vulnerability management program. This includes vulnerability scanning, such as RedLegg’s vuln scan service and an automated patching solution to cover OS and application patching beyond the Microsoft level.

Read more this boost in patching.

Riviera Beach, FL to Pay Nearly $600,000 Ransom to Attackers 

RedLegg sells phishing tests, and our customers are generally happy with only 20% of their staff clicking on the tainted email. This story drives home how it only takes ONE click to cause a major breach.  This particular opening of a tainted email is costing the city $600,000.  

If you’re a small business or in an industry like manufacturing, thinking there is “nothing important to attack,” this is not true. Small businesses usually have weaker security postures and are prime targets for ransomware attacks and whaling.

vCISO is highly recommended, but there are some additional ways to help protect these networks including tools like Email Security, security awareness training and phishing exercises, and a valid Business Continuity and Disaster Recovery (BCDR) plan and recovery tool to be able to restore the network without paying the ransom.

Read more about the Florida city ransom attack.

Security Practice Principles

There is this little conference in Indianapolis that a handful of folks are talking about. Here is a video on Security Practice principles from the conference.

Watch the video from CircleCityCon 2019.

iOS Devices Compromised, Again 

It feels like every other day we see a vulnerability on Android or iOS come to light.  Recently, Apple is up to bat. What’s unique about this is it is only 149 lines of codes yet offers an extremely sophisticated attack leveraging multiple malicious domains and PNG files in ad networks.  

Read more about this iOS compromise.

Malware and Attacks Everywhere:

1. Trojan 

Cyberattack campaign leveraging trojans in Excel.

Read more about this excel Trojan.

2. Espionage Campaign Steals Cell Network Providers Data

A massive espionage campaign involved the theft of call records from attacked cell network providers to conduct targeted surveillance on individuals of interest.

Read more about this cell network espionage campaign.

3. Dell Computers Vulnerability

It has been revealed that a Windows support tool bundled with Dell computers has a high-severity security hole that leaves millions of systems at risk of a privilege-escalation attack.  This has the potential to affect multiple systems.

Read more about this Windows systems risk.

Want even more? Read about...

Get Blog Updates

Related Articles

News Clips From A CISO vulnerability, advisory, industry news

News Clips From A CISO

Whether your organization has a CISO or someone looking after CISO-level responsibilities, we've provided a few news ...
Optimizing Your Vulnerability Scans: From Beginning To End pen testing, vulnerability

Optimizing Your Vulnerability Scans: From Beginning To End

A vulnerability scan should be concentrated on compiling a complete catalogue of vulnerabilities that affected the ...
New call-to-action