Hackers accessed US agency network | Researchers find 100M Bing search records online | BlueVoyant: Supply chains present cybersecurity issues
September 25, 2020
ISACA SmartBrief on Cybersecurity
Advancing the best guidance and learning in cybersecuritySIGN UP ⋅   SHARE
Top Story
The Cybersecurity & Infrastructure Security Agency has revealed that an unnamed US government agency was hacked by attackers who used valid credentials for multiple users of Microsoft 365 accounts, domain administrator accounts and credentials for the agency's Pulse Secure VPN server. The hackers were able to download files from the accounts and breach the agency's internal network before being detected by the agency's intrusion detection system.
Full Story: ZDNet (9/24) 
LinkedIn Twitter Facebook Email
Security in the News
Researchers find 100M Bing search records online
An unsecured database containing 100 million records from Microsoft's Bing search engine was discovered by Wizcase's security researchers, prompting Microsoft to act. Wizcase reports that no specific names or email addresses were involved but that some of the search terms were shocking and could be used for blackmail.
Full Story: The Kim Komando Show (9/23) 
LinkedIn Twitter Facebook Email
Cybersecurity vulnerabilities in an enterprise's supply chain could leave that organization in a weak position to defend against cyberattacks, BlueVoyant reports. Organizations typically have an average of more than 1,000 vendors in their supplier ecosystems, and 82% of organizations acknowledged having a data breach due to supply chain issues during the past year, the cybersecurity company says.
Full Story: ZDNet (9/23) 
LinkedIn Twitter Facebook Email
With remote learning, school districts are reporting more ransomware attacks. Brett Callow, a threat analyst for Emsisoft, says the cybercriminals are changing tactics, threatening to publish employee information online and demanding more than $150,000 instead of just a few thousand dollars.
Full Story: Stateline/Pew Charitable Trusts (9/22) 
LinkedIn Twitter Facebook Email
Breach and Attack Simulation For Dummies
The best way to know you're protected in today's ever-changing landscape of threats is to attack yourself. With breach and attack simulation tools, you can safely emulate attacks on your production network — making it easy to find vulnerable gaps and misconfigurations.
Download the eBook to learn more.
Closing the Skills Gap
According to one estimate, the cybersecurity field will have 3.5 million unfilled jobs by next year. Ntirety CEO Emil Sayegh suggests a dual counterattack: businesses investing in developing employee skills and hiring third parties to keep "eyes on glass."
Full Story: Forbes (9/22) 
LinkedIn Twitter Facebook Email
New from ISACA
Why have many internal audit functions failed to drive the type of value stakeholders expect? The question provokes varying responses. Voids in competencies, hiring challenges, and budgetary constraints are frequently used to defend IA. These and various other challenges are problematic and can prevent the IA function from becoming a value-generating corporate partner. A contributing factor for many IA functions is its reluctance to address "indiscernible" threats. Full Story: ISACA
LinkedIn Twitter Facebook Email
Data Breaches
Eyeware-maker Luxottica's operations in Italy and China were shut down by a ransomware attack. The attack was first noticed by consumers, and employees confirmed they were sent home because of "serious IT problems."
Full Story: Insurance Business Asia (9/24) 
LinkedIn Twitter Facebook Email
Managing Data
Almost every company has a plan for recovering data lost in a cyberattack, but nearly one in four have never bothered to test it, states a study by Dimensional Research for StorageCraft. Two-thirds of IT leaders think their CEOs either don't want to know the details about data recovery or are not interested.
Full Story: Security Boulevard (9/24) 
LinkedIn Twitter Facebook Email
There comes a time when you have to stand up and be counted.
Gale Sayers,
professional American football player
LinkedIn Twitter Facebook Email
Certifications  |    Certificates  |    Training and Events  |    Resources  |    Membership  |    Enterprise
SmartBrief publishes more than 200 free industry newsletters - Browse our portfolio
Sign Up  |    Update Profile  |    Advertise with SmartBrief
Unsubscribe  |    Privacy policy
SmartBrief, Inc.®, 555 11th ST NW, Suite 600, Washington, DC 20004