Beaumont fires employee for leaking patient data (Modern Healthcare) Beaumont Health fired an employee accused of disclosing confidential information of more than 1,000 patients to a person suspected of working on behalf of a personal injury attorney. Beaumont discovered the patient data breach Dec. 10 and began an internal investigation. The employee is believed to have accessed PHI without authorization from Feb. 1, 2017, until October 22, 2019.
Citrix releases new patches to plug critical server vulnerability (ZDNet) The Citrix vulnerability saga seems to have concluded with Citrix providing patches in the past week. Throughout the month exploit codes became public and one group began patching and backdooring vulnerable servers, likely to isolate them for future attacks.
Microsoft Leaves 250M Customer Service Records Open to the Web (Threatpost) Comparitech, a security company, uncovered no less than five unsecured Elasticsearch servers containing records spanning from 2005 to December 2019. The servers had been indexed by search engine BinaryEdge and stored troves of Microsoft consumer service information in plain text including email addresses, IP addresses, and physical locations.
Mitsubishi Electric discloses security breach, China is main suspect (ZDNet) This month, Japanese manufacturing firm Mitsubishi revealed that it had been the victim of a data breach in June 2019. The intrusion was detected after Mitsubishi Electric staff found a suspicious file on one of the company’s servers and is believed to have resulted from privilege escalation from a compromised employee account.
P&N Bank Data Breach Exposes Trove of User Data (SecurityWeek) On December 12, 2019, during a server upgrade on a third-party hosting provider PII of P&N customers was breached. Included in the breach were names, addresses, email addresses, phone numbers, customer numbers, age, account numbers and balance, and other details.
Strategies for securing the cloud
PoC Exploits Do More Good Than Harm: Threatpost Poll (Threatpost) Following the Citrix vulnerability (and the release of a PoC Citrix exploit), Threatpost polled its readership about whether or not releasing PoCs is a good thing, with most saying they were. Experts weigh in on both sides of the issue.
Head in the Clouds: Scaling Business Workloads Without Scaling Risk (Security Intelligence) Limor Kessem outlines the security risks and considerations that need to be taken into account when scaling in the cloud. While it’s not fair to say that cloud migration and scaling isn’t without risk, careful assessments can help you scale successfully.
Top Four Security Predictions for 2020 (Security Magazine) Hal Lonas weighs in on what the four key security trends of 2020 might be. Among them are further growth in phishing scam complexity and shifts in the security landscape that might necessitate the use of AI.
Are We Secure Yet? How to Build a ‘Post-Breach’ Culture (Dark Reading) Are we secure yet? Rich Armour in Dark Reading answers an emphatic “no!” In this post, Rich covers how to create a strong culture of security after a breach and ways to measure engagement from key organizational stakeholders and turn security into a regularly maintained process rather than a destination.
Receive the next edition of Nightfall’s Cloud Security Newsletter straight in your inbox by subscribing here.
Stuart McClure, CEO and founder of Cylance as well a Nightfall Investor talks about his what sparked his interest in information security as well as how he built prominent security companies like Foundstone and Cylance, the latter of which was acquired by Blackberry for $1.4 billion last year. Stuart shared his thoughts on the importance of AI in cloud security as well as what it takes to innovate in the infosec space.
With Zoom and Slack being used together, there's increased likelihood for Zoom invitations to be shared internally with Slack members who are not authorized to attend these meetings. Learn how Nightfall is addressing the issue.
Enrique Salem, Partner at Bain Capital Ventures & Nightfall board member, shares his thoughts on the COVID-19 pandemic's impact on information security programs as well as advice that's gotten him through his long and distinguished career in the industry.
The complexity of modern information security means that security is no longer just an IT issue. DLP is the responsibility of everyone in your company. Learn how to pick the right solution with this guide.