Archives: New + Now

Subscribe to New + Now RSS Feed

Secureworks 2020 Incident Response Report Confirms Increased Vulnerabilities with At Home Workers During Pandemic

Secureworks issues an annual Incident Response Report that is very helpful in obtaining information on what types of incidents are occurring in order to become more resistant to threats. The 2020 IR Report was recently issued, and it contained some conclusions that made sense, while others were surprising. The Report, entitled Pandemic-Driven Change: The Effect … Continue Reading

Community Health Systems, Inc. Settles for $5 M in Multi-State Settlement

On October 8, 2020, New Jersey Attorney General Gurbir Grewal (AG) announced that his office has entered into a multi-state settlement agreement with Community Health Systems, Inc. (CHS) stemming from an investigation of a 2014 data breach that exposed personal information of approximately 6.1 million patients, including 45,000 New Jersey residents. This is after CHS … Continue Reading

Morgan Stanley Settles with OCC for $60 Million

Morgan Stanley has settled claims by the Office of the Comptroller of the Currency (OCC) that it failed to properly decommission data centers that housed client data of its wealth-management operations two times—once in 2016 and once in 2019 for $60 million. According to the OCC, Morgan Stanley “failed to effectively assess or address risks … Continue Reading

Health Care Entities Continue to Get Hit by Ransomware: Universal Health Services Estimated to be Largest One in 2020

Health care entities continue to face a barrage of attacks from cyber criminals, and it is widely reported that the health care industry is getting hit more frequently than any other industry. Ransomware is the name of the game for these attackers in all industries, including health care. Unfortunately, what is being touted as one … Continue Reading

Portland City Council Bans Use of Facial Recognition Technology

On September 9, 2020, the Portland, Oregon City Council voted unanimously to ban the use of facial recognition technology by the city government, including the police department, following similar actions by the cities of Boston and San Francisco. According to one Council member, “[T]his technology just continues to exacerbate the over-criminalization of Black and brown … Continue Reading

Cisco Working on Zero-Day Vulnerability

Cisco warned its customers last weekend that it has become aware of a zero-day vulnerability that it is working to fix by developing a patch. The flaw involves Cisco’s iOS XR Software, an operating system for carrier-grade routers and networking devices used by telecommunications and data-center providers. According to the advisory, the vulnerability, dubbed CVE-2020-3566, … Continue Reading

Financial Brokers Warned by FINRA of Imposter Websites

The Financial Industry Regulatory Authority (FINRA) recently warned financial professionals that imposters are attempting to collect personal information of investors by spoofing financial professionals’ websites, reaching out to investors, and directing them to the fake websites. The spoofers are able to go on a financial professional’s website or page, copy and paste the picture of … Continue Reading

Fall-Out from Blackbaud Ransomware Attack

As a follow-up to last week’s post on the importance of due diligence regarding high-risk vendors’ security practices, Blackbaud, a global company providing financial and fundraising technology to not-for-profit entities, notified its customers late last week that it was the victim of a ransomware attack in mid-May. Blackbaud offers a number of products to its … Continue Reading

Benefit Vendors’ Security Practices

Most employers use vendors to assist with managing various employee benefits, including payroll, health and dental benefits, pharmacy, cost-reduction strategies, retirement, analysis and wellness programs. When using these vendors, the personal information of employees is provided to the vendor in data dumps. Usually that means that the vendors receive employees’ names, addresses, dates of birth, … Continue Reading

Amazon Offers a “Quickstart Package” for Compliance with DOD’s CMMC

Amazon has announced that it has developed and is offering a “CMMC Quickstart Package” to help contractors comply with the Department of Defense’s (DOD) Cybersecurity Maturity Model Certification (CMMC) required for contractors to enter into contracts with DOD. According to an Amazon spokesman, Amazon Web Services (AWS) will be releasing a responsibility guide that “lists … Continue Reading

CCPA Enforcement Looms

We have previously alerted our readers about the California Consumer Privacy Act (CCPA), which went into effect on January 1, 2020. CCPA is one of the strictest consumer privacy laws in the U.S. and is broadly applicable [view related posts]. Although CCPA went into effect on January 1, 2020, enforcement by the California Attorney General … Continue Reading

Think Twice Before Marketing with Robocalls

Sales and marketing professionals in companies are usually energetic, vivacious and creative. That’s what makes them so good at their jobs. But it’s also these excitable folks who can get companies in trouble when it comes to the Do Not Call List and the Truth in Caller ID Act. In addition to the Telephone Consumer … Continue Reading

DHS Warns Windows 10 Users of Exploit Code

The Department of Homeland Security (DHS) cybersecurity advisory arm issued a warning on its website that “[M]alicious cyber actors are targeting unpatched systems” with a new exploit code that on unpatched systems could spread to millions of computers. The exploit code, called SMBGhost, attacks a security vulnerability in the server message block (SMB) that Microsoft … Continue Reading

Have Questions About CMMC? Don’t We All

I had the pleasure of participating as a panelist this week for companies primarily involved in the maritime industry, and one of the topics discussed was the Department of Defense’s (DOD) Cybersecurity Maturity Model Certification Program (CMMC). The discussion generated questions that I thought merited sharing. Simply put, the DOD’s CMMC Program was designed to … Continue Reading

Financial Services Information Sharing Group Warns of Increased Phishing Attacks

The Financial Services Information Sharing and Analysis Center (FS-ISAC) has warned that financial services firms, and in particular smaller ones, are being attacked at an increased rate during the coronavirus pandemic. According to FS-ISAC, phishing attacks against financial services firms increased by one-third in the first quarter of 2020. In that time period, FS-ISAC identified … Continue Reading

Small Business Administration Loan Portal Compromised

Following the devastating impact of the coronavirus on small businesses, many small businesses applied for a disaster loan through the Small Business Administration (SBA) for relief. Small businesses that qualify for the disaster loan program, which is different than the Paycheck Protection Program offered by the SBA, can apply for the loan by uploading the … Continue Reading

Privacy, Security and Data Loss Prevention

I always enjoy hosting and participating in the CISO Executive Network meetings. The meetings offer Chief Information Security Officers (CISOs) the opportunity to discuss together ways they can improve security in their organizations, get ideas from each other on strategies and products, and vent with colleagues about particular issues and complaints. It gives me great … Continue Reading
LexBlog