January 16, 2019
Keith Melancon, deltarisk.com, January 2, 2019
The Government Accountability Office (GAO) says in a new study, GAO-19-105: Federal Information Security, that most federal agencies are falling behind on implementing federal cyber security standards. The study said federal agencies need improvement and called on the agencies to do a better job protecting against intrusions.
krebsonsecurity.com, January 14, 2019
Seldom do people responsible for launching crippling cyber attacks face justice, but increasingly courts around the world are making examples of the few who do get busted for such crimes. On Friday, a 34-year-old Connecticut man received a whopping 10-year prison sentence for carrying out distributed denial-of-service (DDoS) attacks against several hospitals in 2014.
csoonline.com, January 14, 2019
Tenable Research discovered four zero-day vulnerabilities in IDenticard’s PremiSys access control system, which is used by schools, governments, medical centers, and Fortune 500 companies. Currently no patches are available.
threatpost.com, January 11, 2019
As the U.S. federal shutdown continues, dozens of U.S. government websites have been rendered either insecure or inaccessible due to expired transport layer security (TLS) certificates that have not been renewed. In fact, .gov websites are using more than 80 TLS certificates that have expired.
techrepublic.com, Jan 11, 2019
Nearly 70 percent of enterprise organizations are currently migrating data for enterprise resource planning (ERP) applications to the cloud, according to a report from the Cloud Security Alliance. Almost 90 percent of those surveyed said these ERP apps—most commonly SAP, Oracle, and Microsoft Dynamics—are business-critical, leading to many migration challenges and concerns.
scmagazine.com, Jan. 10, 2019
OXO International, a maker of kitchen utensils, and Discountmugs.com, which sells a variety of promotional materials including mugs, glassware and dinnerware, each reported attacks. OXO in its breach letter of notification to the California attorney general’s office said its e-commerce site was likely breached from June 9, 2017 to November 28, 2017, June 8, 2018 to June 9, 2018, and from July 20, 2018 to October 16, 2018.
darkreading.com, January 11, 2019
Mondelez, U.S. food distributor and owner of major brands Ritz and Nabisco, has filed a lawsuit against Zurich Insurance Group after its claim seeking $100 million for NotPetya damage was denied. NotPetya struck global companies with a massive ransomware attack back in 2017.
securityintelligence.com, January 7, 2019
HHS released “Health Industry Cyber Security Practices (HICP): Managing Threats and Protecting Patients” in response to a mandate to develop healthcare cyber security standards laid out by the Cyber Security Act of 2015. More than 150 cyber security and healthcare experts from the private and public sectors worked together for two years to fulfill this directive.
In case you missed it: Delta Risk recently achieved AWS Advanced Partner Status within the Amazon Web Services Partner Network for our ActiveEye Cloud Security Platform! Learn more here: