Dear All,

Welcome to this fortnight edition of 16th – 30th September 2020, CF bytes. 

This fortnight edition looks at various major developments in the Security industry. NIST  released 800-53 Rev 5 guidance  update on  security and privacy controls.  FBI released warning on increase of botnet launched  credential stuffing  attacks on financial sector. McAfee went public by listing its IPO on Nasdaq. 

In attacks and breaches, Governments across the world tightened penalties on companies who had inadequate security practices in place by issuing them stiff fines. Insider Frauds involving bribes given to employees and contractors in exchange to get an unfair advantage to the third-party sellers in the Amazon marketplace were uncovered and the guilty were punished harshly following an internal investigation. Meanwhile, the first confirmed death due to the ransomware attack on the hospital was reported in Germany. State-sponsored massive espionage operations in Multiple countries by China were also uncovered during this period.

Security News

1. McAfee Corp. has filed to go public, adding to the roster of companies rushing to cash in on a hot market for U.S. initial public offerings. Read more.
2. The U.S. National Institute of Standards and Technology this week released a long-awaited guidance update, Special Publication 800-53 Revision 5, describing “next-generation security and privacy controls” and how to use them. Read more.

3. Phixius enables the secure exchange of payment-related information with connected credentialed service providers (CSPs). This helps to improve automation and reduce payment fraud in areas of onboarding customer information, payer authorization, and to enhance customer services. Read more.
4. The FBI is warning organizations in the financial sector about an increase in botnet-launched credential stuffing attacks. Many of these attacks, which target APIs, are being fed by billions of stolen credentials leaked over the last several years. Read more.
5. Musk announced on Twitter that, after a full year in the making, The Boring Company’s first operational “loop tunnel” in Las Vegas is nearing completion. Read more.

Attacks / Breaches

1. A Chinese technology company with links to Beijing’s military and intelligence agencies has been compiling personal information on millions of people from the US, UK, Australia, Canada, India, and Japan. Read more.
2. The Medisys Health Group reported a ransomware data breach involving the personal information of about 60,000 of its clients. Medisys retrieved the data by paying a ransom and went to say the risk of public disclosure of the information was low. Read more.
3. Dunkin’ Donuts breach settlement requires the company to pay $650,000 in penalties and costs to the state of New York. The company is to notify customers impacted in the attacks, reset those customers’ passwords, and provide refunds for unauthorized use of customers’ stored value cards. Read more.

4. A woman in Germany died during a ransomware attack on the Duesseldorf University Hospital, in what may be the first death directly linked to a cyberattack on a hospital. Read more.
5. Six people were indicted on allegations of paying over $100,000 in bribes to Amazon employees and contractors as part of a scheme to give third-party sellers unfair advantages on the Amazon marketplace. Read more.