Check out the new Services section of our site for ways we can help! In this edition, several stories relevant for non-profits, a ban on Russian antivirus software, and a lot of avoidable social engineering attacks. Security awareness training is the best value you can get from a security budget.
General
- Blackbaud Fined $6.75M After 2020 Ransomware Attack – This service provider for “do good” organizations has been fined for insufficient security practices and mechanisms.
- Biden Administration Bans Kaspersky Antivirus Software – If you are using this software, you need to find a replacement now.
- Surgeon General: Social Media Platforms Need a Health Warning
Data Loss
- Baltimore leaks identities of residents who reported crimes – Scary to think what kind of repercussions this could have. Also, how might this impact future submissions?
- Ascension Says Health Information Stolen in Ransomware Attack – This non-profit says the incident was the result of an individual downloading a file they did not know was malicious.
- LA County’s Dept of Health breach impacted 200K+ – Attackers gained access via a phishing attack.
- Attackers used previously compromised credentials to breach Amtrak – …which also implies no MFA.
- Kansas City Police Department data leaked online – Of note in this leak is that biometrics were part of what was lost.
Operational Disruption
- City governments in Michigan, New York face shutdowns after ransomware attacks
- Truist Bank confirms breach after Ransomware attack – 65K Employees, account numbers and transactions, and source code for funds transfer.
- Panera warns of employee data breach after March ransomware attack – More employee data.
- CDK cyberattack cripples 15K US auto dealerships – Back to back cyberattacks likely indicate that the first recovery was not complete. Beware of rushing through recovery from an incident.
- Crown Equipment cyberattack confirmed, manufacturing disrupted for weeks – The root cause appears to be an employee falling for a social engineering attack that was avoidable with proper security training.