June in Review: Insurers Pull Back in Risky Areas, Resilience Expands to New Markets, and MOVEit Risks Continue
Can you believe we're already entering the 2nd half of 2023?
Between dealing with a growing list of MOVEit vulnerabilities, getting ready for the mid-year bind date, and attending industry events such as the Gartner Summit and Airmic, we know it's easy to lose track of everything that’s happened. So without further ado, let's dive right in and catch you up on the latest trends and headlines!
?? Learn From Our Experts - Insights for Cyber Resilience:
- "Moneyballing" Cyber Resilience. Want to be more strategic when managing cyber risk? Do you need help clarifying what that looks like? Discover how to apply the Moneyball pattern to cybersecurity and turn tactics into Cyber Resilience strategies.
- Understanding Your Cloud Exposure. As organizations move to the cloud, finding insurance coverage that adequately protects against modern cyber risks is becoming increasingly challenging. Learn how the combined powers of Resilience and Amazon Web Services (AWS) can enhance the resiliency of your cyber risk strategy.
?? Threat Intel - Stay Informed on The Latest Cyber Threats
TRENDING VULNERABILITIES
- CVE-2023-27997?A Fortinet Heap buffer overflow in SSL-VPN pre-authentication vulnerability where Fortinet saw limited exploitations and urged users to upgrade their appliance to the newest firmware. (Source)
- CVE-2023-34362?MOVEit vulnerability exploited by the Cl0p ransomware group, who started announcing possible victims of their data exfiltration this week. (Source)
- CVE-2023-34414?A Thunderbird vulnerability affecting Thunderbird package, versions <0:102.12.0-1.0.1.el7_9 (Source)
- Sandbox escape flaws discovered in vm2 library. The flaws are tracked as CVE-2023-32314, CVE-2023-30547, CVE-2023-29017, and CVE-2023-32313.??(Source)
- Critical and high-severity issues were addressed in Adobe Patch Tuesday. (Source)(Source)(Source)
Recent leaks and data incidents
- Columbus Regional Healthcare System targeted by Daixin ransomware. Daixin ransomware claims to have targeted the North Carolina non-profit on May 18th, 2023, encrypting their servers after exfiltrating 70GB of data and deleting backups. The actors allege that negotiations occurred in which the hospital claimed they could not get cyber insurance to pay out quickly and that they could not afford the ransom. The attackers have since leaked more than 250,000 files. The file lists previewed by DataBreaches[.]net contained accounting and billing records. Preliminary inspections did not uncover any patient databases. However, some patient data was included in other types of files. (Source)
- Forsyth County hit by suspected ransomware attack. On June 9th, 2023, Georgia County disclosed that it recently discovered and stopped a suspected ransomware attack on its network. An unauthorized party accessed some of the networks during the attack. An investigation determined that certain files were removed from a server. (Source)
- JamaicaEye website hit by a cyberattack. On June 11th, 2023, the Jamaican Ministry of National Security confirmed that a ‘cyber-incident’ impacted access to the website of the National Closed-Circuit Television Surveillance Programme, dubbed ‘JamaicaEye.’ There was reportedly no compromise to video footage or evidence recorded by the cameras.?(Source)
- Generations Federal Credit Union discloses data breach. The Texas financial institution revealed that an unauthorized party accessed consumers’ names, Social Security numbers, addresses, government-issued identification numbers, and more. Affected individuals were sent data breach letters on June 12th, 2023. (Source)
领英推荐
?? ICYMI - What's New in?Cybersecurity?and?Insurance:
Highlights in Cyber Insurance:
- Resilience launches into European Market - Reinsurance News. Cyber insurer Resilience has expanded its operations in the European market, now supporting clients in Ireland, Spain, Italy, Sweden, and Denmark.?
- Trium Cyber receives Lloyd’s approval for first-of-its-kind war exclusion buyback option?| The Insurer. Trium Cyber, which began underwriting at the start of this year, has received approval from Lloyd’s for a war exclusion buyback option associated with Market Bulletin Y5381, with its CEO viewing it as a placeholder while the market works through its wording issues.
- WSJ News Exclusive | Home Insurers Curb New Policies in Risky Areas Nationally. The pullback goes beyond California and Florida as insurers face climate risks and inflation.?
- Cyber Insurance Premiums Surge by 50% as Ransomware Attacks Increase. US cyber insurance premiums surged 50% in 2022 as increased ransomware attacks and online commerce drove demand for coverage.?
Highlights in Cybersecurity:
- BA's UK staff and Boots hit by cyber security breach with contact and bank details exposed. Hackers exploited a vulnerability in MOVEit Transfer software last week to access a range of information which is now casting a cloud over a growing number of UK firms and their staff.
- Verizon Data Breach Investigation Report 2023. Take advantage of this influential and well-cited report on cyber incident trends.
- Minneapolis Data Breach a ‘Worst-Case Scenario’ after Ransomware Attack. Nearly 200K leaked files reveal sensitive student and educator information in a devastating attack that experts say endangers the school community.?
- Hackers threaten to leak 80GB of confidential data stolen from Reddit. Hackers threatened to release confidential data stolen from Reddit unless the company withdrew its controversial API price hikes.
Before you go...
Did we miss any important stories??Please share your knowledge with us in the comments.
How can we make this newsletter better??We'd love to hear your suggestions.
Found this helpful??Encourage your network to sign up for monthly updates.
Realtor Associate @ Next Trend Realty LLC | HAR REALTOR, IRS Tax Preparer
1 年Thanks for the updates on, The Threatonomics Newsletter.