InfoSecSherpa Newsletter — 16 June 2021

  1. First American Financial settles SEC charges for cyber-security failures
    (Compliance Week, 15 June 2021)
    First American Financial Corp. on Tuesday reached a $487,616 settlement with the Securities and Exchange Commission (SEC) for failing to maintain cyber-security disclosure controls and procedures that exposed more than 800 million title insurance records containing sensitive customer information.
  2. Election workers protected US democracy. Now, we must protect them
    (CNN, 16 June 2021)
    Their stories were harrowing. Several were forced to temporarily abandon their homes, fearing for their safety. Many spent their own money on home security systems. Others required around-the-clock police surveillance.
  3. GAO urges IRS to adopt tougher data security as TurboTax grapples with compromised accounts
    (ZDNet, 15 June 2021)
    The Government Accountability Office said it disagrees with the IRS stance that they do not have the authority to improve data security.
  4. Using risk quantification to assess cyber risk
    (Security Magazine, 16 June 2021)
    If all of the risks are receiving similar severity scores, it is virtually impossible to prioritize the cyber risks that are most relevant to your business and ensure that resources are allocated appropriately.
  5. State of Cybersecurity — How’s Indiana Doing?
    (Building Indiana, 16 June 2021)
    A first-of-its-kind study has been submitted to the Indiana Executive Council on Cybersecurity (IECC) that provides a new overview on the state of Hoosier cybersecurity.
  6. Essential Eight Cyber Security Controls to Be Mandated for Almost All Federal Departments and Agencies
    (National Law Journal, 15 June 2021)
    The Essential Eight is a baseline set of security strategies designed to minimize the risk of security incidents. At this stage, no guidance has been provided as to the timeline for when this might happen; however, a decision as to the preferred approach is planned to be made by the end of the year.
  7. Warner previews cyber breach notification bill
    (Washington Technology, 15 June 2021)
    Sen. Mark Warner (D-Va.), chairman of the Senate Select Committee on Intelligence, on Monday reiterated calls for a bipartisan breach notification law and discussions about whether ransom payments should be legal.
  8. A 6-year Cyberespionage Campaign Uncovered In The Middle East
    (IS Buzz News, 16 June 2021)
    The group behind the malicious activity — dubbed Ferocious Kitten — has been active since at least 2015 and delivers a custom malware called “MarkiRAT” that steals data and can execute commands on the victim’s machine.
  9. Inside the Market for Cookies That Lets Hackers Pretend to be You
    (Vice, 16 June 2021)
    A representative for the hackers who breached EA said they bought the cookie from a site called Genesis Market.
  10. Malware Attack on South Korean Entities Was Work of Andariel Group
    (The Hacker News, 16 June 2021)
    A malware campaign targeting South Korean entities that came to light earlier this year has been attributed to a North Korean nation-state hacking group called Andariel, once again indicating that Lazarus attackers are following the trends and their arsenal is in constant development.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store