InfoSecSherpa Newsletter — 05 May 2021
3 min readMay 5, 2021
- Peloton users’ private account data was left exposed
(C|Net, 05 May 2021)
Peloton users’ private data, including birthday, location, gender, weight and workout statistics, was exposed to the public due to a leaky application programming interface. - NIST Seeks Feedback on Guide to Implementing HIPAA Security Rule
(Health IT Security, 05 May 2021)
Industry stakeholders are being urged to comment on proposed changes to the NIST HIPAA Security Rule resource guide, including its uses and applications. - 61% of cybersecurity teams are understaffed
(Help Net Security, 05 May 2021)
Only 31 percent say HR regularly understands their cybersecurity hiring needs. <<< THIS! This is what InfoSec needs to work with HR on! - Government needs a massive investment in FedRAMP
(FCW, 05 May 2021)
FedRAMP is the much-needed standardized security process for companies that deploy software via the cloud to prove they adhere to Federal Information Security Management Act standards for protecting government networks and data. - Emerging open cloud security framework has backing of Microsoft, Google and IBM
(Tech Crunch, 05 May 2021)
The Cloud Security Notification Framework (CSNF), a new working group that includes Microsoft, Google and IBM is trying to create a new open and standard way of delivering this information. - Biden administration, Congress unite in effort to tackle ransomware attacks
(The Hill, 05 May 2021)
The Department of Homeland Security (DHS), the Department of Justice, and Capitol Hill are all spearheading efforts to get a handle on ransomware attacks, which have skyrocketed during the COVID-19 pandemic as cyber criminals targeted vulnerable networks that came under increased strain. - NYDFS recommends critical new practices to reduce supply chain risk in wake of SolarWinds attack
(JD Supra/Hogan Lovells, 05 May 2021)
While acknowledging that no “silver bullet” exists that would prevent all supply chain attacks, the report makes clear that DFS expects regulated entities to adopt a more rigorous approach to third party risk management. - Dell Fixes A Security Flaw In Its Computers Since 2009
(Somag News, 05 May 2021)
It turns out that such cyber aggression must initially take possession of the computer to attack. In other words: the hacker cannot attack the machine from a code sent over the Internet, he must do it manually at least at the beginning. - Belgium’s parliament and universities hit by cyber attack
(Euro News, 05 May 2021)
Unknown hackers committed a distributed denial of service (DDoS) attack at 11:00 (CEST), Belnet said, designed to prevent the availability of certain online services by overloading servers with data. - Cyber attack on Illinois Attorney General’s office appears far worse than first thought
(ABC 7 Chicago, 04 May 2021)
Illinois’ top law enforcement agency has been under attack now since at least April 10. A ransomware gang penetrated the Attorney General’s computers and took control of countless confidential files, containing case information and personal data, essentially locking down the system office and statewide.
