Skip to main content

Friday Five 11/18

by Robbie Araiza on Friday November 18, 2022

Contact Us
Free Demo
Chat

Inadequate cybersecurity efforts, questionable data privacy practices, and ransomware made the top headlines this past week. Catch up on the latest stories in this week's Friday Five!

MISCONFIGURATIONS, VULNERABILITIES FOUND IN 95% OF APPLICATIONS BY ROBERT LEMOS

Synopsys' latest Software Vulnerabilities Snapshot 2022, published this past week, found that nearly every application has at least one vulnerability or misconfiguration that affects security, nearly a quarter of which are highly or critically severe vulnerabilities. Weak SSL and TLS configuration, missing Content Security Policy (CSP) header, and information leakage through server banners were reportedly the most common software issues that were found. Read up on the report's details in the full story at Dark Reading, including software supply chain dangers and how organizations can better identify these vulnerabilities.

Read more

WATCHDOG: AGENCY OVERSEEING CYBERSECURITY FOR OFFSHORE ENERGY FALLING SHORT BY CHRISTIAN VASQUEZ

A watchdog report from the U.S. Government Accountability Office (GAO), publicly released this past week, claims that the Department of Interior’s Bureau of Safety and Environmental Enforcement has taken “few actions” to address cybersecurity risks despite the agency claiming to have begun addressing those issues seven years ago. According to Chris Grove, director of cybersecurity strategy at Nozomi Networks, a firm that works with offshore oil and gas rigs, “We’re not dealing with just a system going down or a website or data leakage or maybe some financial loss, there could be major consequences for an offshore oil rig not operating as intended.”

Read more

TELEHEALTH SITES PUT ADDICTION PATIENT DATA AT RISK BY LINDSEY ELLEFSON

The Opioid Policy Institute (OPI) and Legal Action Center (LAC) released their findings from a joint 16-month analysis of 12 major substance-use-focused mobile health websites, which found that all 12 websites have technologies that collect, identify, and share information about users with third parties and had ad trackers that are used for advertising purposes. Such tracking is reportedly able to avoid the protections granted to patients by the Health Insurance Portability and Accountability Act (HIPAA) along with CFR Part 2, which guarantees the confidentiality of treatment records and protects individuals from having their treatment history used against them. Read the full story from Wired to learn why this concerns privacy experts in a post-Roe world.

Read more

FBI: HIVE RANSOMWARE EXTORTED $100M FROM OVER 1,300 VICTIMS BY SERGIU GATLAN

According to the FBI in its recent joint advisory with the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS), "as of November 2022, Hive ransomware actors have victimized over 1,300 companies worldwide, receiving approximately US$100 million in ransom payments." While Hive has reportedly focused its efforts on Healthcare and Public Health organizations, the greater list of victims includes organizations from a wide range of industries and critical infrastructure sectors such as government facilities, communications, and information technology.

Read more

RESEARCHERS QUIETLY CRACKED ZEPPELIN RANSOMWARE KEYS BY BRIAN KREBS

According to a recent tell-all from an anonymous IT manager whose organization was affected by Zeppelin ransomware, researchers from a cybersecurity consulting firm known as Unit 221B were able to crack Zeppelin's encryption. The firm was reportedly wary of advertising its ability to crack Zeppelin ransomware keys because it didn’t want to tip its hand to Zeppelin’s creators and risk them changing their encryption approach. “The minute you announce you’ve got a decryptor for some ransomware, they change up the code,” said Lance James, founder of Unit 221B.

Read more

Tags:  Vulnerabilities Data Privacy Ransomware

Recommended Resources

The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention

All the essential information you need about DLP in one eBook.

6 Cybersecurity Thought Leaders on Data Protection
6 Cybersecurity Thought Leaders on Data Protection

Expert views on the challenges of today & tomorrow.

Digital Guardian Technical Overview
Digital Guardian Technical Overview

The details on our platform architecture, how it works, and your deployment options.

Don't Fall Behind

 

Get the latest security insights

delivered to your inbox each week.