Cybersecurity News

6/26/19 3:42 PM  |  by RedLegg Blog

In your efforts to fix everything, here’s RedLegg’s cyber-news update, featuring some of the top vulnerabilities, risks, and happenings in the industry.

The U.S. Loses Over $1.5 Trillion in a Decade of Data Breaches

Companies may be spending a small amount now vs the incident response, recovery and PR costs associated with a breach.

Read more about this loss of $1.5 trillion in data breaches.

9 YEARS to Discover a Breach?!?!?

Dominion National, a dental and vision insurer, discovered that a breach occurred 9 years ago!  This is a massive problem and one that shows poor security on the part of the organization. This reinforces the importance of Detect and Response tools like SIEM and EDR, as well as leveraging threat intel.

Read more about this nine year old breach.

Bluekeep Coverage Increases Patching

As much as it PAINS us that it takes massive media coverage to get patching done, we’re glad to see this happening. Remember though, you may need a proper vulnerability management program. This includes vulnerability scanning, such as RedLegg’s vuln scan service and an automated patching solution to cover OS and application patching beyond the Microsoft level.

Read more this boost in patching.

Riviera Beach, FL to Pay Nearly $600,000 Ransom to Attackers 

RedLegg sells phishing tests, and our customers are generally happy with only 20% of their staff clicking on the tainted email. This story drives home how it only takes ONE click to cause a major breach.  This particular opening of a tainted email is costing the city $600,000.  

If you’re a small business or in an industry like manufacturing, thinking there is “nothing important to attack,” this is not true. Small businesses usually have weaker security postures and are prime targets for ransomware attacks and whaling.

vCISO is highly recommended, but there are some additional ways to help protect these networks including tools like Email Security, security awareness training and phishing exercises, and a valid Business Continuity and Disaster Recovery (BCDR) plan and recovery tool to be able to restore the network without paying the ransom.

Read more about the Florida city ransom attack.

Security Practice Principles

There is this little conference in Indianapolis that a handful of folks are talking about. Here is a video on Security Practice principles from the conference.

Watch the video from CircleCityCon 2019.

iOS Devices Compromised, Again 

It feels like every other day we see a vulnerability on Android or iOS come to light.  Recently, Apple is up to bat. What’s unique about this is it is only 149 lines of codes yet offers an extremely sophisticated attack leveraging multiple malicious domains and PNG files in ad networks.  

Read more about this iOS compromise.

Malware and Attacks Everywhere:

1. Trojan 

Cyberattack campaign leveraging trojans in Excel.

Read more about this excel Trojan.

2. Espionage Campaign Steals Cell Network Providers Data

A massive espionage campaign involved the theft of call records from attacked cell network providers to conduct targeted surveillance on individuals of interest.

Read more about this cell network espionage campaign.

3. Dell Computers Vulnerability

It has been revealed that a Windows support tool bundled with Dell computers has a high-severity security hole that leaves millions of systems at risk of a privilege-escalation attack.  This has the potential to affect multiple systems.

Read more about this Windows systems risk.

Want even more? Read about...

Get Blog Updates

Related Articles

What is vulnerability scanning, and how does it work? pen testing, vulnerability

What is vulnerability scanning, and how does it work?

While connectivity is an essential lifeline of modern-day enterprises and institutions, we can't forget that it also ...
How to Read a Vulnerability Assessment Report pen testing, vulnerability

How to Read a Vulnerability Assessment Report

As the cybersecurity field continues to evolve and become more specialized, even experienced IT professionals may ...
New call-to-action