Hope for stable cyber insurance rates, a U.S. supermarket chain penalized for poor cloud security, and more.
Welcome to Cyber Security Today. It’s Monday July 4th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
This is Independence Day in the United States. If you’re listening on this holiday, thanks for tuning in.
Cyber insurance rates in Canada and the U.S. may be stabilizing. That’s the conclusion of insurance broker Marsh. In an analysis of recent rates offered by insurers, Marsh has seen a downward trend since the record rate increases in December. Not that cyber insurance rates aren’t increasing, it’s just that they’re not increasing as fast as they were. However, the report adds, usually lower increases are offered only to companies that can show strong cyber risk controls. Insurers are still being selective about the risk of customers they are willing to cover. Organizations that have not made the cybersecurity improvements deemed necessary by insurers are still facing challenges getting coverage, the report notes. And if organizations can get coverage it tends to be significantly more expensive compared to customers deemed a lower risk. Riskier firms also face more restrictive terms and conditions than others. For example, one insurer may insist coverage be shared with another insurance company. Or there may be restricted coverage for ransomware and business interruption. In short, if you want better cyber insurance step up your cybersecurity defences.
Application developers using the Jenkins open source automation server need to tighten their security controls. This is the implication after the company last week released a security advisory for vulnerabilities in 25 of its plugins for the server. As a story in The Register notes, 11 of the vulnerabilities are rated high severity. The problem is for 21 of the plugins no fix was immediately available.
A U.S. company called Geographic Solutions, which provides applications for job and unemployment insurance programs offered by American state and local governments, is recovering from a cyber attack. As of Saturday, when this podcast was recorded, the company’s site was still offline. Geographic Solutions took some of its IT systems offline because of the attack. The impact hit customers. CNN reported that unemployment payments to people were delayed in Tennessee and Nebraska.
The Wegmans supermarket chain will pay New York State US$400,000 for improperly storing customer data in the cloud. In one case the state found Wegmans kept the data in a misconfigured Microsoft Azure cloud storage container. This was a database backup file that was misconfigured when it was created in January 2018 and not fixed until this April. That’s when Wegmans was notified by a security researcher. A month later Wegmans discovered a second cloud storage container that was also misconfigured. One problem: Wegmans didn’t have an inventory of everything stored in the cloud. In addition to the penalty Wegmans has to toughen its cybersecurity practices.
The FBI has released a report on the MedusaLocker strain of ransomware. It’s the latest in a regular series of reports on ransomware groups from the agency that includes indicators of compromise IT security teams should watch out for. Those distributing MedusaLocker usually try to exploit vulnerabilities in Microsoft’s Remote Desktop Protocol. There’s a link to the report in the text version of this podcast at ITWorldCanada.com.
The HackerOne bug bounty platform has acknowledged an employee abused their position to get bounty payments from customers last month. HackerOne co-ordinates the bug bounty programs of software companies. These programs offer payments to people who report application vulnerabilities in exchange for a monetary reward. In this case the now-fired employee accessed HackerOne security reports, then using that information called software companies claiming to have found a hole in their application. The problem was the vulnerability had already been reported. HackerOne has notified seven companies of possible improper activity by the former employee. It emphasizes that the former staffer had no access to customers’ personal data. It’s an unusual type of insider attack. HackerOne was able to identify the culprit because it has logging data on who accesses the vulnerabilities reports that customers send it.
Finally, you may recall me reporting on two ransomware attacks that crippled government computers in Costa Rica in the spring. According to SC Media last week the Moody’s credit rating agency said the country has managed the crisis relatively well. While some digital government services have not yet been fully restored, Moody says that hasn’t stopped the government from operating. But, it warns, ransomware groups may increasingly target smaller countries after seeing how crippling an attack can be.
Remember links to details about podcast stories are in the text version at ITWorldCanada.com.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.