Beaumont fires employee for leaking patient data (Modern Healthcare) Beaumont Health fired an employee accused of disclosing confidential information of more than 1,000 patients to a person suspected of working on behalf of a personal injury attorney. Beaumont discovered the patient data breach Dec. 10 and began an internal investigation. The employee is believed to have accessed PHI without authorization from Feb. 1, 2017, until October 22, 2019.
Citrix releases new patches to plug critical server vulnerability (ZDNet) The Citrix vulnerability saga seems to have concluded with Citrix providing patches in the past week. Throughout the month exploit codes became public and one group began patching and backdooring vulnerable servers, likely to isolate them for future attacks.
Microsoft Leaves 250M Customer Service Records Open to the Web (Threatpost) Comparitech, a security company, uncovered no less than five unsecured Elasticsearch servers containing records spanning from 2005 to December 2019. The servers had been indexed by search engine BinaryEdge and stored troves of Microsoft consumer service information in plain text including email addresses, IP addresses, and physical locations.
Mitsubishi Electric discloses security breach, China is main suspect (ZDNet) This month, Japanese manufacturing firm Mitsubishi revealed that it had been the victim of a data breach in June 2019. The intrusion was detected after Mitsubishi Electric staff found a suspicious file on one of the company’s servers and is believed to have resulted from privilege escalation from a compromised employee account.
P&N Bank Data Breach Exposes Trove of User Data (SecurityWeek) On December 12, 2019, during a server upgrade on a third-party hosting provider PII of P&N customers was breached. Included in the breach were names, addresses, email addresses, phone numbers, customer numbers, age, account numbers and balance, and other details.
Strategies for securing the cloud
PoC Exploits Do More Good Than Harm: Threatpost Poll (Threatpost) Following the Citrix vulnerability (and the release of a PoC Citrix exploit), Threatpost polled its readership about whether or not releasing PoCs is a good thing, with most saying they were. Experts weigh in on both sides of the issue.
Head in the Clouds: Scaling Business Workloads Without Scaling Risk (Security Intelligence) Limor Kessem outlines the security risks and considerations that need to be taken into account when scaling in the cloud. While it’s not fair to say that cloud migration and scaling isn’t without risk, careful assessments can help you scale successfully.
Top Four Security Predictions for 2020 (Security Magazine) Hal Lonas weighs in on what the four key security trends of 2020 might be. Among them are further growth in phishing scam complexity and shifts in the security landscape that might necessitate the use of AI.
Are We Secure Yet? How to Build a ‘Post-Breach’ Culture (Dark Reading) Are we secure yet? Rich Armour in Dark Reading answers an emphatic “no!” In this post, Rich covers how to create a strong culture of security after a breach and ways to measure engagement from key organizational stakeholders and turn security into a regularly maintained process rather than a destination.
Receive the next edition of Nightfall’s Cloud Security Newsletter straight in your inbox by subscribing here.
Financial services businesses can use DLP to eliminate the risk of data exfiltration and boost their overall security strategy. Learn what the different types of PII are, what’s really at stake when this data is at risk, and how laws only do some of the work needed to keep data safe.
Maynard Webb, a Nightfall investor, tech veteran, and industry thought leader recently joined us for a discussion. We talk about how his early career shaped his values and perspective, what motivated him to write his New York Times bestseller, Rebooting Work, as well as how the coronavirus will reboot the tech industry.
It's impossible to understand cloud security without first understanding the shared responsibility model. First touted by AWS, the shared responsibility model is now a staple of many services and the best way of understanding on which parties specific security obigations lie.
Ryan Nece followed in his father Ronnie Lott’s footsteps to become a Super Bowl champion, philanthropist, and venture capital leader. As the co-founder and managing partner of Next Play Capital, he's investing in rising startups like Caliva, hims, and Nightfall. Ryan shares what it takes to achieve in Silicon Valley, why giving back is essential for personal and professional growth, and how he manages a demanding, multi-faceted career.
Stuart McClure, CEO and founder of Cylance as well a Nightfall Investor talks about his what sparked his interest in information security as well as how he built prominent security companies like Foundstone and Cylance, the latter of which was acquired by Blackberry for $1.4 billion last year. Stuart shared his thoughts on the importance of AI in cloud security as well as what it takes to innovate in the infosec space.