June 30th, 2024

• TeamVIewer Hacked Again
• Polyfill.io, Bought by Chinese Company, Now Dishing Out Malware
• Nvidia and Arm Warn of New Flaws in Their Graphics Chip Support Software
• SEC Issues Updated Guidance on Cybersecurity Disclosure Requirements
• New Attack Using Microsoft Management Console Files
• Apple Warns App Store is in Breach of EU Rules
• Meta Tries to Wiggle Out of Responsibility for False Ads – And Loses So Far
• US and Julian Assange Come to Terms – Plead Guilty and Time Served
• Microsoft Releases Skeleton Key to AI Badness
• Is the Federal Reserve Negotiating a $50k Ransom for 33 TB of Data Hacked – NO!
• Neiman Marcus Joins the Snowflake Breach Train
• Auto Dealer Cloud Provider Hit by Cyberattack – Dealers Freeze -UPDATE

Security News for the Week Ending June 28th, 2024

This week’s news bites: NYC’s Gotham restaurant forced to close after cyber scam, what
happens when hackers do what they say they will – ask the fed, is Amazon joining Silicon Valley
and going after monthly recurring $, Arkansas governor says Temu is spyware and Polish
parliament strips official of immunity after using spyware.

Read details here.

As thousands of car dealerships are learning the hard way, if you lose a key vendor and
don’t have a backup plan, it can have a very serious impact on operations and revenue.
Remember that cloud vendors are almost never responsible for making sure that your
data is safe. If you don’t have an alternate plan for business continuity, please contact
us.

Mitch
www.CyberCecurity.com
www.TurnkeyCybersecurityAndPrivacySolutions.com
Mitch@CyberCecurity.com
720-891-1663

June 23rd, 2024

• If You Install 100 Apps on Your iPhone, Will it Call Russia Sitting on Your Nightstand
• High Impact Vulnerability Identified in Phoenix UEFI Firmware Used in Many PCs
• Apple and Tesla Battery Supplier Creates Battery With 100 Times Greater Than Conventional Ones
• If You Use Kaspersky Software, Now is the Time to Uninstall It
• Ringleader of Scattered Spider Arrested in Palma de Mallorca
• Vermont Legislature Fails to Override Governor’s Veto
• Two Federal Contractors Pay Multi-Million Fines Over Cybersecurity Lapses
• Hackers Plead Guilty to Breaching Law Enforcement Information Portal
• Feds Release Healthcare Specific Cybersecurity “Goal”
• Radiology Practice Hacked – 500,000 People Affected
• Data for 2.8 Million People Stolen in Sav-Rx Breach
• Auto Dealer Cloud Provider Hit by Cyberattack – Dealers Freeze
• Snowflake Customers Who Were Hacked Are Getting Extorted

Security News for the Week Ending June 21st, 2024

This week’s news bites: Are you prepared for fifth party breach, another day, another Snowflake
victim announced, security bug allows anyone to spoof Microsoft employee emails, hackers leak
Kansas City police department data and TikTok sues US government.

Read details here.

As more federal contractors pay multi-million dollar fines for security lapses, you should
be getting nervous. You have two strategies: try your best to stay out of the DoJ’s
targets or just hope that it won’t happen on your watch. What is your strategy? If you
need help with this, please contact us.

Mitch
www.CyberCecurity.com
www.TurnkeyCybersecurityAndPrivacySolutions.com
Mitch@CyberCecurity.com
720-891-1663

June 16th, 2024

• London Hospitals in Crosshairs of Supply Chain Attack of Their Own Making
• How The Feds Use a Civil War Era Law to go After Lax Cybersecurity Practices
• Google Announces Support for Texting 911 Using Rich Text Services (RCS)
• Zyxel Releases Emergency Security Fix for Their NAS Devices
• Microsoft Patches Zero-Click Outlook Vulnerability
• Privacy Requests Increased 246% in Two Years
• Vermont Governor Vetoed What Would Have Been Strongest Privacy Bill – May Get Override
• Are You NPU Ready? Do You Even Know What an NPU is?
• NSA Releases Mobile Device Best Practices
• Snowflake Breach That Affected Ticketmaster, Santander, Affects Hundred+ More
• Cleveland Shuts Down Systems and City Hall As They Try to Understand Cyber ‘Incident’

Security News for the Week Ending June 7th, 2024

This week’s news bites: Trump tells crypto execs he won’t regulate crypto if re-elected, have I
been pwned adds 151 million new compromised emails, Marsh insurance says volume of cyber
claims hit record in 2023, FTC fires shot across the bow to connected car makers over privacy
and artists are fighting back against AI theft of their work.

Read details here.

Is Apple’s new AI capability a great invention, as Apple wants you to believe, or creepy
spyware, as Elon Musk told his followers on Twitter? Need help figuring out the rules
around your AI use? Please contact us.

Mitch
www.CyberCecurity.com
www.TurnkeyCybersecurityAndPrivacySolutions.com
Mitch@CyberCecurity.com
720-891-1663

June 9th, 2024

• You Don’t Trust Your ISP’s Hardware – But Your Employees Will
• EU Data Act Now in Effect – Affects Companies that Have a Presence in the EU
• Russia May be Escalating War – Blowing up Buildings in Europe – Could Extend to Here
• UK to Propose MANDATORY Reporting for Ransomware attacks and Licensing for All Payments
• New York AG Sues Over NovaTech and AWS Crypto Mining Pyramid Schemes
• UPDATE – The Pumpkin Eclipse ‘Bricks’ 600,000 Home Routers
• DoJ Indicts, Arrests CFO of Far Right Wing Media Epoch Times for Stealing $67 Million
• LA School District Investigating Potential Breach of 26 Million Records
• Frontier Communications Warns 750,000 of Data Breach After Extortion Threat
• Breach at Eye Care Management Services Company Exposes Data on 400,000

Security News for the Week Ending June 7th, 2024

This week’s security news bites: Trump decides to join TikTok instead of banning it; promises to
never ban it if elected, It is hard to keep a good hacker down – Breach Forums returns,
ChatGPT can now voice characters, FCC takes totally inadequate steps to protect critical
routing protocol and Senator pushes White House panel to streamline federal cyber rules.

Read details here.

If you need help understanding and complying with CISA’s new software security
attestation rules, please contact us.

Mitch
www.CyberCecurity.com
www.TurnkeyCybersecurityAndPrivacySolutions.com
Mitch@CyberCecurity.com
720-891-1663

June 1st, 2024

• 58 Thousand Websites Leave their Keys, Literally, in the Proverbial Door
• FedRAMP Panel Aims to Make Achieving fedRAMP Certification Simpler
• Millions of IoT Devices at Risk Due to Buggy Cellular Modem – And Will Never be Secure
• FTX Exec Sentenced to 7.5 Years
• Feds Arrest Two in Pig Butchering Scam That Netted $73 Million
• UK Continues Quest to Eliminate Privacy
• The Pumpkin Eclipse ‘Bricks’ 600,000 Home Routers
• Pharma Giant Cencora Breach Compromised More Than Half a Million Patient’s Data
• Conservative Cell Carrier Patriot Mobile Announces Data Breach
• Hacker Sells Santander Bank Stolen Data
• Hackers Steal $300 Million in Bitcoin from DMM Bitcoin Crypto Exchange

Security News for the Week Ending May 31st, 2024

This week’s security news bites: feds say ChangeHealth can file breach notices on behalf of
doctors after all, NIST says National Vulnerability Database will be current by September, while
feds tell companies to improve security, theirs sucks too, Google is warning people about
changes to ads due to privacy laws and cyber teams intentionally underreport breaches so they
don’t get fired.

Read details here.

As more and more devices get connected to the Internet, whether they need to be or not,
the risk to the rest of your network increases (see important issues/patches above).
Since you absolutely, positively CANNOT count on your IoT vendor to patch bugs, that
leaves it up to you to mitigate the risk from the vulnerability yourself. If that doesn’t
scare you, it should. If you need help with this please contact us.

Mitch
www.CyberCecurity.com
www.TurnkeyCybersecurityAndPrivacySolutions.com
Mitch@CyberCecurity.com
720-891-1663