Weekend Must Reads on Infosec

5 ?????????????? ?????????? ???? ?????????????????????? ???????????????? & ????????????????????

1. MOVEit attack victim count surpasses 1,000 organizations

The fallout from the zero-day vulnerability exploit in the MOVEit file transfer service has now affected over 1,000 organizations, marking a nearly 40% increase in impacted entities within a week. Victims are still emerging months after the initial discovery, with third-party vendors often being the source of breaches. A majority of victims, around two-thirds, suffered breaches because their third-party vendors used MOVEit, or their vendors' vendors utilized the service. Many downstream victims, including accounting firms, consultancies, and pension actuaries, were affected. Broad data-sharing practices have drawn in victims who otherwise wouldn't have been impacted by Clop's attacks. Over 80% of identified victims are in the U.S., including 173 colleges and universities.

Read more on cybersecuritydive. Blog written by Matt Kapko.

2. Cigna Health Data Leak: 17 Billion Records Exposed

A non-password-protected database containing a massive 17 billion records, equivalent to 6.35 terabytes of data, was exposed due to a security lapse at Cigna Health. The leaked information pertained to healthcare providers, including names, addresses, contact numbers, and negotiated rates for medical procedures. The leak, discovered by researcher Jeremiah Fowler, prompted Cigna to secure the database, clarifying that patient data wasn't compromised. The exposed data aimed to fulfill transparency regulations but posed risks to Cigna's internal network. The breach highlighted the significance of safeguarding unique National Provider Identifier (NPI) numbers and potential vulnerability to ransomware attacks.

Read more on hackread. Blog written by Habiba Rashid.

3. SEC cyber attack regulations prompt 10 questions for CISOs

1. What does the company's risk landscape look like, and what is the company's current cybersecurity risk profile?
2. How does the company keep the fort secure, and how does it manage cybersecurity risks?
3. Is the company ready for a storm? Does it have an incident response plan?
4. Is the company winning? What cybersecurity metrics does it track?
5. What are the company's crown jewels, and how does it guard them?
6. How does the company stay ahead of threats?
7. Are the company's allies trustworthy? What's the company's plan for third-party risk management?
8. Does the company foster a security-conscious culture? What are its cybersecurity training and awareness programs?
9. Does the company invest wisely? How is its cybersecurity budget allocated?
10. Can the company control the narrative during a crisis? How will it handle communications in the event of a significant breach?

Read more on techtarget. Blog written by Frank Kim.

4. Forever 21 Discloses Employee Data Breach; 500K Affected

Forever 21 experienced a cyber incident impacting a limited number of systems, with unauthorized access to files between January 5 and March 21, 2023. Although the retailer believes no data was copied or shared, it potentially affected 539,207 individuals, including sensitive information like names, social security numbers, and health plan details. Security experts stress the importance of extending data security measures to all collected information, including employee data. Erich Kron from KnowBe4 highlights the risk of identity theft or phishing attacks, advising potential victims to stay vigilant against such threats and consider credit locks to prevent unauthorized account openings.

Read more on mytotalretail. Blog written by Joe Keenan.

5. Five signs your clients need a Cybersecurity makeover

Sign #1: Outdated Software and Hardware

Sign #2: Inadequate Employee Training and Awareness

Sign #3: Inability to Keep Up with Emerging Threats

Sign #4: Lack of Incident Response Capabilities

Sign #5: Lack of Compliance with Regulatory Requirements

Read more on tahawultech. Blog written by Ziad Nasr.

While jumping into the next task,

If you do one thing:?

Do something today your future self will be thankful for.?

Autodit?offers Tools & Solutions for

• SMBs' InfoSec Compliances (10 hour effort from Engineering Leadership)
• Large Enterprises' Third Party Risk Assessments, RFP Questionnaire Response Automation, Security Awareness LMS, Trust Center
• Custom Integrations & InfoSec Frameworks for Real Time Monitoring of your Information Security Readiness Posture.

Ping our Founder,?Prithvi Raju Alluri?now!