January 27, 2022

• Why Don’t People Trust the Gov with Their Info – The No Fly List is No Longer Secret
• Are You Whining About Having Only 72 Hours to Report a Breach – Check This Out
• A Report on the State of Cybersecurity Maturity Across the Defense Industrial Base
• ChatGPT – It’s Free – For Now
• Apple Rolls Out Patches to iOS and macOS Including Arbitrary Code Execution Bugs
• User Opening the Wrong Email Cost Baltimore School District $10 Million
• Hacker Who Allegedly Stole Info on Everyone is Austria Arrested
• AI and Medical Research
• Senator Jerry Moran’s Campaign Was Scammed out of $700k in BEC Scheme
• Hackers Demand $10 Mil Not to Leak League of Legends Source Code
• Google Takes Down 50,000 Account Pro-Chinese Influence Op Called Dragonbridge

Security News Bites for the Week Ending January 27th, 2023
This week’s security news bites: Oh, boy, bad day at work – FAA NOTAM failure caused by
contractor deleting the wrong files. AI tools are great at … creating disinformation.
Congressman ‘coming for answers’ after no-fly-list hack. Princeton student invents AI to detect
AI. Here is who is getting rich in the crypto biz – fugitive cryptoqueen bilked investors out of $4
billion.

Read the details here.

Is your ransomware and incident response plan adequate for today’s threat? If you can’t
answer that “yes” with certainty, please contact us.

Mitch
www.CyberCecurity.com
www.TurnkeyCybersecurityAndPrivacySolutions.com
Mitch@CyberCecurity.com
720-891-1663

January 20, 2022

• APIs are Placing Your Enterprise at Risk
• Did You Really Delete That Data Before Disposing of That Device
• If You Want to Find Out About What Data Apple Collects From You, You Will Need to Read Their 70,000 Word Privacy Policies
• Create an SBoM in Less Than 60 Seconds for Free
• Researcher Got $107,000 Bug Bounty from Google for Backdoor Account Bug in SmartHome Speakers
• This Year’s NDAA Has an Important Cybersecurity Provision
• Congress Rolls Back Proposal to Restrict Use of Chinese Chips
• Cellebrite Hacked to the tune of 1.7 Terabytes of Software and Docs
• How Long Does it Take to Recover from Ransomware?
• Hackers Compromise Financial Services Firm and Publish Stolen Data

Security News Bites for the Week Ending January 20th, 2023
This week’s security news bites: New York Gov signs right to repair law, when are folks going to
realize that vendors are the weak link, even Bitcoin developers are not immune from losing all
.coins, Netflix plans to crack down on account sharing and which states might enact privacy
legislation this year.

Read the details here.

This week I am not going to harp about third-party risk. Instead, are you sure that when
you dispose of a computing device from a copier to a phone, that your sensitive data is
wiped? If you can’t answer that with certainty, please contact us.

Mitch
www.CyberCecurity.com
www.TurnkeyCybersecurityAndPrivacySolution

January 15, 2022

• Windows 8 is Officially Dead this Month
• Using MSPs to Administrate Your Cloud Services
• Intel Adds Security Features to Xeon Product Line
• Possibly the Best Explanation of Technical Debt on the Planet
• Supreme Court Tells NSO Group Nice Try
• Russia Considers Legalizing Pirated Movie Screenings
• Apple Faces Import Ban for Patent Infringement on Watch
• General Nakasone Urges Congress to Renew FISA Law
• UK’s Royal Mail ‘Experiencing Severe Service Disruption’
• 4 Million Aflac Cancer Policy Holders and Zurich Auto Policyholders Data Leaked
• Hackers Leak SF Transit Police Sensitive Files

Security News Bites for the Week Ending January 13th, 2023
Security news bites for this week: What could possibly go wrong – Cali’s digital license plates
hacked. The AICPA, owner of the SOC 2 “Security” certification, was hacked. Norton Lifelock
warns of possible password manager account compromise. Germany’s cartel watchdog not
happy with Google and Asian eCommerce hacking group is netting billions in fraud.

Read the details here.

Another week, another vendor data breach. This time 4 million policyholders’ data is
available on the dark web. Is your vendor cyber risk management program adequate? If
you have questions, please contact us.

Mitch
www.CyberCecurity.com
www.TurnkeyCybersecurityAndPrivacySolutions.com
Mitch@CyberCecurity.com
720-891-1663

Read the details here.

January 08, 2022

• Synology Patches “Maximum Severity” Vulnerability in their VPN Routers
• Rackspace Says it is Not Going to Turn Their Hosted Exchange Service Back on and More than Half of their Customers Have Some of their Data Back
• EU’s NIS2 Directive
• CVSS 10 Kernel Bug in Linux
• CISA Adds Two New Veeam Backup Vulnerabilities to the Actively Exploited List
• Qualcomm Bugs Affect Microsoft, Lenovo and Samsung Devices
• DoJ Arrests Hacker Behind $100 Million Attack on Mango Markets
• The First of Undoubtedly Many Lawsuits Against LastPass Filed
• Twitter has Some Interesting Challenges
• McGraw-Hill Left Student Data Unprotected
• Locomotive Maker Wabtec Discloses Ransomware Attack
• 235,000,000 Twitter Users’ Data Leaked FOR FREE
• You Don’t See This Very Often
• Texas’ Metropolitan Area EMS Authority Reveals Breach Affecting 600,000

Security News Bites for the Week Ending January 6th, 2023
The security news bytes for this week include: more FTX cybercrime, Slack joins Okta in losing
source code, Tesla, others at risk from cross-origin resource sharing, Ireland says Facebook
cannot bury consent to steal your data inside user agreement because there is no way to opt
out and France fines Apple $8 million over checkbox.

What would your employees do if they got a call or an email telling them that you had
data exposed with no password. Try calling/emailing someone from a random outside
email address or phone and see what happens. If it is not what you want to happen – call
us.

Mitch
www.CyberCecurity.com
www.TurnkeyCybersecurityAndPrivacySolutions.com
Mitch@CyberCecurity.com
720-891-1663

Read the details here.

January 01, 2022

• Power Outage – More Electrical Substations Shot up
• Hackers Follow Willie Sutton’s Credo
• NY Department of Financial Services Publishes Crypto Rules for Covered Entities
• CISA is Warning of Active Attack Against Palo Alto Firewalls
• Senate Introduces Bill to Ban Huawei from US Financial System
• The TikTok Beat-Down Goes On
• Tip for iPhone Users for Thwarting Some Attacks
• LastPass Admits Breach Compromised Users Password Vaults
• Lake Charles (LA) Memorial Hospital Breach Affects 270,000

Security News Bites for the Week Ending December 30th, 2022
Security news for this week: Comcast Xfinity accounts hacked in widespread 2FA bypass, TSA
may roll out facial recognition security screening nationwide next year, scammers are scamming
the scammers – karma works, Bahamian regulators seize $3.5 billion in FTX assets, Girls do
porn founder and FBI fugitive arrested in Spain and will the crypto crash impact cybersecurity in
2023?

Are you prepared to resist a hack? Many companies think so and many are
compromised. Want to improve the odds? Call us.

Read the details here.