What’s New in v8 of the CIS Controls
Back in 2018, the State of Security spent a lot of time going over v7 of the Center for Internet Security’s Critical Security Controls (CIS Controls). We noted at the time how the Center for Internet Security shuffled the order of requirements for many of the existing controls in that ... Read More
DOJ Recovers $2.3M in Bitcoin Ransom Paid by Colonial Pipeline
Investigators recovered $2.3 million in bitcoin paid by the Colonial Pipeline Company to DarkSide following a ransomware attack in early May. On June 7, the Department of Justice (DOJ) revealed that law enforcement agencies had been tracking transfers of bitcoin when they spotted the movement of 63.7 bitcoins associated with ... Read More
Understanding the Cloud Security Challenges for SMBs
The events of 2020 didn’t prevent small- to mid-sized businesses (SMBs) from adopting the cloud. Impact Networking reported that SMBs’ overall cloud spending grew 6.3% between 2019 and 2020. Such growth is projected to lead more than a third (35%) of SMBs to annually spend between $600,000 and $1.2 million ... Read More
“Network Security” the Biggest Concern for Public Cloud Adoption, Reveals Survey
Cloud misconfigurations represent something that’s plaguing many organizations’ cloud adoption efforts. For example, a 2020 report found that 91% of cloud deployments contained at least one misconfiguration that left organizations exposed to potential digital threats. Those weaknesses contributed to more than 200 data breaches between 2018 and 2020, noted SC ... Read More
Record Setting $40M Ransom Paid to Attackers
CNA, one of the largest U.S. commercial and casualty insurance companies, reportedly met a $40 million ransom demand after suffering a ransomware infection earlier in the year. As of this writing, that’s the largest ransom demand ever reported to have been paid by a company following a ransomware attack ... Read More
New Executive Order Seeks to Strengthen Security of Federal Government Networks
The Biden Administration published a new executive order (EO) to strengthen the digital security of U.S. federal government networks. Published on May 12 by The White House, the executive order covered much of what many media outlets reported would appear in the draft. This included the issue of supply chain ... Read More
Survey: Only 39% of Orgs Have Ability to Retain Cyber Security Talent
The cyber security skills gap was a problem prior to the pandemic. In a survey of 342 security professionals released in early 2020, Tripwire found that 83% of security experts felt more overworked going into the new year compared to how they felt at the start of 2019. Tripwire asked ... Read More
Inside the DarkSide Ransomware Attack on Colonial Pipeline
On May 8, the Colonial Pipeline Company announced that it had fallen victim to a ransomware attack a day earlier. The pipeline operations include transporting 100 million gallons of fuel daily to meet the needs of consumers across the entire eastern seaboard of the U.S. from Texas to New York, ... Read More
Biden Administration Drafting EO to Help U.S. Gov’t Secure Digital Supply Chain
The Biden administration said it’s drafting an executive order to help the United States government better defend itself against digital supply chain attacks. A Step Up for Federal Procurement According to NPR, the executive order that’s being drafted will include several initiatives designed to strengthen the security of the United ... Read More
Sodinokibi Ransomware Gang Extorts Apple Through Supply Chain Attack
The Sodinokibi ransomware gang is trying to extort Apple following an attack against one of the tech giant’s business partners. According to Bloomberg News, someone using the moniker “Unknown” announced on April 18 that the Sodinokibi/REvil gang was about to disclose their “largest attack ever.” ... Read More
