Cybersecurity News, Awards, Webinars, eSummits, Research

WATCH

What is a vCISO? What Do They Do? Does Having One Make Sense? – Michael Phillips, Matthew DeChant – CSP #98

Managed services

What is a vCISO? What Do They Do? Does Having One Make Sense? – Michael Phillips, Matthew DeChant – CSP #98

Cybersecurity Collaborative

Adversary disruption: We can’t underestimate the power of public-private collaboration

Clouds pass before sunset on July 21, 2022 near Mayer, Arizona. Researchers at Eclypsium disclosed three different security vulnerabilities in American Megatrends Inc. (AMI) MegaRAC baseboard Management Controller (BMC) software, highlighting a risk to technology supply chains and major IT hardware brands that underpin cloud computing. (Photo by Mario Tama/Getty Images)

New BMC supply chain vulnerabilities pose threat to server, cloud computing ecosystem

Menghan XiaoDecember 5, 2022

The list of server manufacturers known to use MegaRackBMC is a long one and includes major brands like AMD, Ampere Computing, ASRock, Asus, ARM, Dell EMC, Gigabyte, Hewlett-Packard Enterprise, Huawei, Inspur, Lenovo, NVidia, Qualcomm, Quanta and Tyan. Eclypsium researchers said they believe there are likely additional, undiscovered brands that are similarly vulnerable.

Breach

CommonSpirit confirms network accessed a week before ransomware attack

Jessica DavisDecember 5, 2022

This week’s breach roundup includes details on the third-largest healthcare incident reported this year, and is led by an update on the massive cyberattack against CommonSpirit Health.

Compliance

Breach disclosures improve transparency, but regulations add to costs

Menghan XiaoDecember 5, 2022

Cybersecurity disclosure and regulations could either spur a positive credit environment or cause unintended consequences if not well managed, according to Moody’s Investor Service.

Device Security

Healthcare cybersecurity ‘exponentially growing in importance,’ senator says

Jessica DavisDecember 2, 2022

In a discussion with FDA official, Sen. Mark Warner shared his biggest healthcare cybersecurity concerns, what’s needed for his incentive program, and calls for a reset on security mindsets.

Cybercrime

Cyber Safety Review Board turns its sights on Lapsus$ extortion group in latest review

Derek B. JohnsonDecember 2, 2022

The Cyber Safety Review Board — launched earlier this year, led by DHS and composed of top federal cybersecurity officials and private sector experts — will examine the tactics the group has used to break into the networks of some of the largest businesses in the world and develop “actionable recommendations” to protect organizations, customers and employees.

Ransomware

Cuba ransomware infections of US organizations have doubled in last year, feds say

Derek B. JohnsonDecember 1, 2022

Many of the organizations targeted by the group are designated as critical infrastructure, with the agencies flagging the financial services, government, healthcare, manufacturing and information technology sectors as top targets.

Third-party risk

Most US defense contractors fail basic cybersecurity requirements

Menghan XiaoDecember 1, 2022

A survey of 300 U.S. defense contractors find many still fail to meet baseline cybersecurity standards or utilize modern technologies for monitoring threats. Experts told SC Media the findings underscore how much work the Pentagon and industry have to protect the valuable intellectual property and unclassified data that underpins U.S. military superiority.

Privacy

HHS warning to providers: Use of pixel tracking tech without BAA violates HIPAA

Jessica DavisDecember 1, 2022

After reports detailing the scraping of hospital data by Meta Pixel tools and other tracking tech and several breach notices, OCR blasts the likely privacy violations and reminds providers of HIPAA requirements.

Building the Right Business Culture to Manage Human Error – Ryan Pullen – ESW #298

Careers

SC EVENTS

Coming Soon

Partner or Problem? Securing third-party relations in the age of supply chain attacks

Threat Hunting on Steroids: Time to dig deeper

WATCH

What is a vCISO? What Do They Do? Does Having One Make Sense? – Michael Phillips, Matthew DeChant – CSP #98

Cybersecurity Collaborative

Adversary disruption: We can’t underestimate the power of public-private collaboration

In The News

New Magecart campaign said to target at least 44 e-commerce sites

Deloitte and AWS launch a fund focused on collaborative industry cloud solutions

November was the second busiest month for ransomware attacks this year

‘Black Proxies’ use 187,000-plus IP addresses to launch credential stuffing attacks

LastPass cloud breach involves ‘certain elements’ of customer information

Resources

What MDR is (and what it’s not)

How to tune out AppSec noise through DAST

Simplifying cloud native security for posture management and AppSec

How to determine if your IT environment is ready for SASE

Three steps to build more diverse cybersecurity teams

Perspectives

As the cloud evolves, CISOs rely on the service mesh to secure their Kubernetes projects

Three ways to break the blame culture on security teams

Five reasons why we can expect a major cyberattack on a healthcare organization in 2023

As the economy slows, the need for security heightens

How security leaders can clarify priorities to fuel accelerated outcomes