Network Security News | Ingalls Information Security

Articles of interest from the week of September 14, 2020

Written by John Frasier | Sep 14, 2020 4:00:00 AM

Data Breaches Exposes Vets, COVID-19 Patients

Social engineering and employee mistakes lead to breach Veteran’s Administration and the National Health Service. A pair of healthcare-related data breaches at high-profile government agencies has impacted tens of thousands of people. First, a cyberattack at the U.S. Department of Veterans Affairs (VA) has impacted about 46,000 veterans, exposing their financial information. And another incident, at the U.K.’s National Health Service, exposed personal information for 18,105 Welsh citizens. (By: Tara Seals, Threatpost) Ingalls: At a time when cybersecurity is more strategic to businesses than ever before, determining ones cybersecurity risk management strategy is crucial. Our Master Risk Control: Pick A Cybersecurity Risk Management Strategy blog post provides some valuable insight on the different options.


Windows Exploit Released For Microsoft ‘Zerologon’ Flaw

Security researchers and U.S. government authorities alike are urging admins to address Microsoft’s critical privilege escalation flaw. The vulnerability, dubbed “Zerologon,” is a privilege-escalation glitch (CVE-2020-1472) with a CVSS score of 10 out of 10, making it critical in severity. The flaw was addressed in Microsoft’s August 2020 security updates. However, this week at least four public PoC exploits for the flaw were released on Github, and on Friday, researchers with Secura (who discovered the flaw) published technical details of the vulnerability. (By: Lindsey O’Donnell, Threatpost) Ingalls: The current data breach landscape speaks to the critical need for businesses to take a proactive approach to cybersecurity in order to be positioned for early detection and fast response. To help fight cyberattacks, Ingalls’ offers Managed Detection and Response (MDR), our MDR offers advanced anomaly detection, threat hunting and sophisticated response guidance utilizing a defense-in-depth approach.


Blackbaud Hack: Us Healthcare Organizations Confirm Data Breach Impacted 190,000 Patients

Separate incidents at two US healthcare organizations may have resulted in the personal data of more than 190,000 patients being compromised following a high-profile cyber-attack against a third-party cloud software provider. Children’s Minnesota, one of the largest children’s healthcare organizations in the US, recently announced that the personal data of more than 160,000 patients may have been compromised in the incident. Separately, Our Lady of the Lake Regional Medical Center in Baton Rouge, Louisiana, also announced this week it had been subject to a breach via the Blackbaud attack. (By: Jessica Haworth, The Daily Swig) Ingalls: No one plans to fail; however, failing to plan will often lead to a disaster when it comes to cybersecurity risk management. Depending on your organization’s size and stakeholders (regulators, shareholders, etc.), having a bad plan can cost your organization even more than if it had no plan at all! We've seen many different versions of breach victims with no plan, good plans, bad plans, and half a plan or less. Our experience in preparing the right plan for your organization can mean the difference between resolving a serious problem with little to no impact or having a minor issue balloon into shareholder lawsuits, regulatory fines, and other nightmares. Contact us today to discuss how you can prepare for successfully managing a cybersecurity crisis by having the right Incident Response Plan.



This Security Awareness Training Email Is Actually a Phishing Scam

A creative phishing campaign uses an email template that pretends to be a reminder to complete security awareness training from a well-known security company. With the rise of phishing attacks, cybersecurity companies offer phishing education and simulation tests to see how well employees can spot malicious emails. In a new phishing campaign analyzed by Cofense, and originally brought to light by KnowBe4, threat actors send emails that pretend to be from KnowBe4, reminding them to log in and take their phishing training. (By: Lawrence Abrams, Bleeping Computer) Ingalls: Our Managed Detection and Response (MDR) service is designed for advanced detection, threat hunting, and response guidance. Unlike a traditional Managed Security Service Provider (MSSP), our service is geared toward proactive prevention. This includes our in-house Phishing Email Helpdesk (PEH) where we analyze your suspicious email and provide you with detailed recommendations.



5 Industries At Risk For Cyberthreats During COVID-19

The coronavirus pandemic has drastically changed people’s everyday lives and limited their options. However, cybercriminals have capitalized on this unprecedented situation. Here are five sectors at an increased risk of cyberattacks during COVID-19. (By: Devin Partida, ISBuzz News) Ingalls: We believe it is important that there are affordable and effective cybersecurity solutions for organizations of every size. We offer best-in-class information security solutions suitable for the largest enterprise companies at a price point that is affordable for SMBs. Request a demo for your company today.