Security News for the Week Ending Aug 6, 2021
Cyber Insurance Company Coalition Says Claims Payment Down From Last Year
Cyber insurer Coalition says that it’s clients’ average claims for losses for ransomware attacks was $184,000 for the first half of this year, down 45% from the second half of last year. This, they say, is because they are doing better at negotiating ransoms. Note that these numbers are only for their clients and the numbers will likely go up if the feds make it illegal to pay ransoms. Coalition also says that attacks on small to medium size businesses are UP 57% Credit: Gov Infosecurity
CIA Awards Multi-Billion Dollar Cloud Contract to AWS, Microsoft, Oracle and IBM
Unlike the Pentagon, the CIA understands that we live in a multi-cloud world. Their strategy is to let 4 IDIQ contracts and let out a bid request for each deal. That way no one can dispute the underlying contract and even if one award is disputed, that does not impact the whole deal. And, since each award is much smaller, it may not make sense to spend millions to dispute it. Remember that the CIA pioneered using commercial cloud vendors with a sole-source AWS deal years ago and after watching JEDI go up in flames, they probably saw the handwriting on the wall. Credit: Data Center Dynamics
Researchers Poke Holes in Apple’s macOS Privacy Protections
Researchers presented ways to poke holes in Apple’s privacy protections at a Black Hat presentation. Some of the holes have been fixed by Apple, but others require third party Mac software vendors to fix their software. The bugs are not a master key to unlock the system, but still, they need to be fixed. Read the details here.
You Know How Your Cloud Systems Are Isolated from Other? Maybe Not!
Researchers at Black Hat say that isolation between different customers in AWS may not be as strong as we think. They reported several holes to Amazon that allowed them to put data in other customers’ S3 buckets and even read other customers’ data. AWS has patched the specific holes, but it points to a likely wider problem than just this. Credit: Darkreading