Tag Archive for: tuesday

Week in review: How CISSP can change a career, rural hospitals cybersecurity, Patch Tuesday forecast

/in


Here’s an overview of some of last week’s most interesting news, articles and interviews:

Attackers are exploiting zero-day RCE flaw to target Windows users (CVE-2021-40444)
Attackers are exploiting CVE-2021-40444, a zero-day remote code execution vulnerability in MSHTML (the main HTML component of the Internet Explorer browser), to compromise Windows/Office users in “a limited number of targeted attacks,” Microsoft has warned.

September 2021 Patch Tuesday forecast: It’s new operating system season
Microsoft has released Server 2022 and Windows 11 is coming in October. Apple also has the beta available for the next version of macOS. But let’s start by focusing on a new Office vulnerability before next week’s Patch Tuesday.

Researchers pinpoint ransomware gangs’ ideal enterprise victims
Researchers with threat intelligence company KELA have recently analyzed 48 active threads on underground (dark web) marketplaces made by threat actors looking to buy access to organizations’ systems, assets and networks, and have found that at least 40% of the postings were by active participants in the ransomware-as-a-service (RaaS) supply chain (operators, or affiliates, or middlemen).

The healthcare cybersecurity market to grow steadily by 2026
The healthcare cybersecurity market registered a CAGR of 15.6% over the forecast period 2021 – 2026, according to ResearchAndMarkets.

OpenSSL 3.0: A new FIPS module, new algorithms, support for Linux Kernel TLS, and more
The OpenSSL Project has released OpenSSL 3.0, a major new stable version of the popular and widely used cryptography library.

Protecting your company from fourth-party risk
In a world that is becoming ever more interconnected, organizations are learning firsthand that they are not only vulnerable to the adverse events that their vendors experience but also to the incidents that happen to those vendors’ vendors.

Healthcare cybersecurity under attack: How the pandemic affected rural hospitals
In this interview with Help Net Security, Baha Zeidan, CEO at Azalea Health, talks about how rural hospitals have been affected by the pandemic and what steps they should take to boost their cybersecurity posture.

Consumers…

Source…

Park Hill cancels classes for Tuesday because of malware attack

/in


The Park Hill School District has canceled classes for Tuesday because of a malware attack that took down the district’s critical systems.Classes were also canceled Monday.”Our technology team, with the support of experts, has made good progress on getting our systems back up and running after the malware attack. However, as is common after such an attack, it is taking some time to get everything operating. Some programs are intermittently coming online, and we must be sure they are stable,” the school district said in an email Monday evening to parents.The district said its Adventure Club school-age childcare program will be available for families who are already signed up. Administrators, district office staff, executive administrative assistants, custodians, maintenance and grounds workers will report to work. Supervisors will coordinate with all other staff on who will come in and when.Early Monday, school district officials posted to the district’s Facebook page around 6:50 a.m. saying, “We experienced an attack on our computer systems, known as a malware attack. Our technology team working through the entire night, but we have just learned that we do not have the needed systems in place to have school.”District officials apologized for the late notice of the closure. In many cases, students were already on the bus on their way to school before the cancellation was announced.Park Hill represents the latest in K-12 education related cyber security incidents across the country.The K-12 Cyber Security Resource Center has counted 1,180 publicly disclosed incidents since 2016.Cyber security experts, such as Tiffany Franklin with Overland Park-based security solutions company Optiv, said that school districts and businesses must always remain on guard.”The threat landscape changes so quickly,” Franklin said. “It’s hard for technology to stay in front of those threats.”Franklin, a former school teacher, said she did not know the exact details of the Park Hill cyber attack. She highlighted a December 2020 FBI and CyberSecurity and Infrastructure Security Agency warning to school districts about ransomware attacks and data theft with the increase in online and distance…

Source…

New Mexico’s 2021 Legislative Session begins Tuesday

/in


SANTA FE, N.M. (KRQE) – The 2021 state legislative session has just kicked off Tuesday. Lawmakers are back in Santa Fe for the long 60-day session but with the pandemic, it will be very different than before. The Rotunda is a spot that is typically packed with people but because of COVID-19 health concerns, the Roundhouse will look empty during the session.

Typically these committee rooms would be jammed pack with people but the Roundhouse is closed to the public because of pandemic concerns, Jan. 19, 2021. | KRQE News 13 Legislative Reporter Rachel Knapp

Lawmakers are expected to take care of housekeeping rules like how they want to run the session, getting sworn in, and voting on new leadership for committees and in each chamber. They’ll discuss if they want to have meetings and floor sessions virtually or in person. Over the next 60-days, lawmakers will have to figure out how to spend a roughly $7.3 billion budget. Lawmakers are expected to focus heavily on pandemic relief efforts for businesses and families as well as controversial bills like making recreational marijuana legal.

Meanwhile, there is heightened security at the Roundhouse Tuesday. Checkpoints and fencing are around the Capitol as a precaution as some lawmakers said before the session, they’ve gotten credible and specific threats of violence. Only lawmakers, legislative staff, and credential reporters are allowed in the Roundhouse right now and they’re requiring reporters to regularly get COVID-19 tests.

Lastly, the public is not allowed inside the Roundhouse for this session because of coronavirus health concerns, which is making the state’s Capitol look and feel very empty, typically it’s buzzing with visitors and lobbyists. In the chambers, they’ve even installed dividers to help protect lawmakers. Some legislators say although the public can’t come inside, they’re encouraging people to still participate remotely.

“We are going to be working through Zooms, we’re going to be making sure people are still connected. We want…

Source…

Week in review: Most effective security practices, worst password offenders, Patch Tuesday forecast

/in


Here’s an overview of some of last week’s most interesting news, reviews, articles and podcasts:

Open source vulnerabilities go undetected for over four years
For its annual State of the Octoverse report, GitHub has analyzed over 45,000 active code directories to provide insight into open source security (vulnerabilities) and developers’ practices regarding vulnerability reporting, alerting and remediation.

How to reduce the risk of third-party SaaS apps
Third-party SaaS apps (and extensions) can significantly extend the functionality and capabilities of an organization’s public cloud environment, but they can also introduce security concerns. Many have permission to read, write, and delete sensitive data, which can have a tremendous impact on security, business, and compliance risk.

Why microlearning is the key to cybersecurity education
Microlearning and gamification are new ways to help encourage and promote consistent cybersecurity learning. This is especially important because of the changing demographics: there are currently more millennials in the workforce than baby boomers, but the training methods have not altered dramatically in the last 30 years.

Which security practices lead to best security outcomes?
A proactive technology refresh strategy and a well-integrated tech stack are, according to a recent Cisco report, two security practices that are more likely than many others to help organizations achieve goals such as keeping up with business, creating security culture, managing top risks, avoiding major incidents, and so on.

Hackers are targeting the COVID-19 vaccine supply chain
Unknown hackers have been trying to compromise accounts and computer systems of employees in organizations involved in the COVID-19 vaccine supply chain.

Review: The Perfect Weapon
Released at the peak of the US 2020 election campaign and just before the election itself, the documentary examines the harsh reality of today’s conflicts between nations, relying not so much on physical weapons but rather on attacking the enemy in a more stealthy and unpredictable way, with cyber weapons.

How prevalent is DNS spoofing? Could a repeat of the Dyn/Mirai DDoS attack have the same…

Source…