Check out the new Services section of our site for ways we can help! In this edition, we revisit the CDK attack that has crippled much of the automotive industry,a disturbing number of vendor related data breaches with large numbers, and patch those AirPods!
General
- CDK Attack Shows Value of SaaS Contingency Planning – 15K car dealers have had their ability to sell/service cars impacted. Contingency planning and vendor management are a must if you rely on these types of providers.
- GenAI Tools Use Banned by US House – They’re not wrong. Still, prohibiting the use of the technology isn’t the right answer either. Education and placing protections around it are the best approach.
- Judge allows child gambling suit against Roblox to continue – Another online concern for our children.
- Embracing a Zero Trust Security Model – Pretty quick summary of a popular topic. Zero trust is more a concept than an end state, but is still worth understanding and aspiring to.
- Making the Case for ‘Reasonable’ Cybersecurity – While various laws are different, and often vague, most agree that a “risk based approach” is the most defensible – that means, doing an org specific risk assessment and then applying security controls based on identified risks.
- Cloud Breaches Impact Nearly Half of Organizations – Human error and misconfiguration continue to top the list as the leading cause.
Cyber Attacks
- Former IT employee accessed data of over 1 million US patients – So avoidable. Why would a former employee still have access after they separated? “Leaver” processes need to be automated – relying on manual removal is not reliable.
- Largest Croatian hospital under cyberattack – Yet another hospital attack that is impacting care.
- Cylance confirms breach of 34 MILLION records linked to third-party platform
- Vendor employee exposes Walmart pension plan members
- Dutch bank says data lost in attack at third-party vendor
- Designed Receivable Solutions Data Breach Impacts 585,000 People
- 25,000 individuals affected in BBC Pension Scheme data breach
Vulnerabilities, Malware, & Patches
- Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack – 5 known plug ins are impacted, but it could be larger.
- Apple AirPods Bug Allows Eavesdropping – patch available.
Phishy Phirewalls – the lighter side of security!
HopeNet (HopeNetCISO.com) reviews a variety of security news sources so you do not have to! The list below represents items relevant to churches, nonprofits, and other ‘Do Good’ organizations. The headlines and our added comments are meant to provide enough to get an overview of recent happenings, but links are also provided for readers that want to explore certain topics deeper. If this was shared with you and you would like to receive a copy directly to your email, please subscribe at HopeNetCISO.com. Thanks for reading!