InfoSecSherpa Newsletter — 03 May 2021

Your Guide Up a Mountain of Information!
  1. Toronto reveals potential cyber breach
    (Insurance Business Canada, 03 May 2021)
    The city of Toronto suffered a potential data breach related to a third-party file transfer software vendor — an incident that occurred way back in January.
  2. Andy Ellis, Operating Partner at YL Ventures, Inducted into CSO Hall of Fame
    (Street Insider, 03 May 2021)
    Andy Ellis (Andy Ellis), Operating Partner at YL Ventures, CEO at Duha and investor and advisor to several cybersecurity startups including Grip Security, Orca Security and Vulcan Cyber, has been inducted into the prestigious IDG CSO Hall of Fame.
  3. Security Executive Council welcomes five new security experts
    (Security Magazine, 03 May 2021)
    The Security Executive Council (SEC) has welcomed Tom Bello, Coral Gehring, Matthew Giese, Bill King, and Tom Mahlik to its faculty of esteemed security experts.
  4. Personal cyber insurance market poised for explosive growth
    (Insurance Business America, 03 May 2021)
    Our reliance on personal devices increased significantly, and so did our vulnerability to cybercrime, wire transfer fraud, social engineering schemes, cyber bullying and extortion.
  5. Alaska Court System briefly forced offline amid cyber threat
    (Bowling Green Daily News, 03 May 2021)
    The Alaska Court System has temporarily disconnected most of its operations from the internet after a cybersecurity threat on Saturday, including its website and removing the ability to look up court records.
  6. A Rust-based Buer Malware Variant Has Been Spotted in the Wild
    (The Hacker News, 03 May 2021)
    Dubbed “RustyBuer,” the malware is distributed via emails masquerading as shipping notices from DHL Support, and is said to have affected no fewer than 200 organizations across more than 50 verticals since early April.
  7. Lawyers Brace for Virginia Privacy Law Amid California Compliance
    (Bloomberg Law, 03 May 2021)
    The Virginia Consumer Data Protection Act was signed in March by Gov. Ralph Northam (D). It’s the second state-level comprehensive consumer privacy law to be passed in the U.S., after California.
  8. Report: Iran Likely Behind Cyber Attacks on Israeli Supply Chain Companies
    (The Algemeiner, 03 May 2021)
    A new group, calling itself Networm, is reportedly behind both incidents. It sent an ultimatum to both companies, demanding hundreds of thousands of dollars to prevent exposure of the stolen information.
  9. Chinese hackers targeting Russian nuclear submarine design firm with PortDoor malware
    (Teiss, 03 May 2021)
    Chinese hackers recently targeted a general director at the Rubin Design Bureau, a Russian defence contractor that designs nuclear submarines for the Russian Navy, using the PortDoor malware delivered via spear-phishing emails.
  10. Shlayer malware abusing Gatekeeper bypass on macOS
    (JAMF, 26 April 2021)
    Shlayer malware detected allows an attacker to bypass Gatekeeper, Notarization and File Quarantine security technologies in macOS. The exploit allows unapproved software to run on Mac and is distributed via compromised websites or poisoned search engine results.

#Librarian turned #InformationSecurity professional. Your guide up a mountain of information!