<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 10/21/2021

SHARE

Breaches

Ransomware Sinks Teeth into Candy-Corn Maker Ahead of Halloween

The manufacturer of some of Halloween's most popular sweet treats has been hit with a ransomware attack that disrupted production mere weeks before the candy industry's biggest holiday. Chicago-based Ferrara Candy Co. confirmed publicly that a cyber-incident that encrypted some of its systems on Oct. 9, affecting the production of its numerous popular confection brands, including Brach's Candy Corn, which is a confection that divides candy enthusiasts into "love it" and "hate it" groups. READ MORE...


Why is Cybersecurity Failing Against Ransomware?

Hardly a week goes by without another major company falling victim to a ransomware attack. Nate Warfield, CTO at Prevailion, discusses the immense challenges in changing that status quo. Yes, security is hard - no one is ever 100 percent safe from the threats lurking out there. But how is it that time and time again, companies - big companies - are continuing to fall for ransomware attacks? Why aren't we getting any better at preventing them? READ MORE...


The Ransomware Payment Dilemma: Should Victims Pay or Not?

It's time to steer the conversation away from whether payment bans should be implemented to how and when they should take effect. While the ransomware spikes of 2021 appear to have temporarily subsided, the issue remains a pressing concern among the US cybersecurity community. On Sept. 21, the US Department of the Treasury announced a set of proposed sanctions and regulatory tools focused on disrupting the ransomware model by increasing ransom payment reporting to government agencies, among other actions. READ MORE...

Hacking

US govt to ban export of hacking tools to authoritarian regimes

The Commerce Department's Bureau of Industry and Security (BIS) today announced new controls that would ban U.S. companies from exporting and reselling software and hardware tools that could be used to fuel authoritarian practices through malicious hacking activities and human rights abuse. The rule will become effective in 90 days and will effectively ban the export of "cybersecurity items" for National Security (NS) and Anti-terrorism (AT) reasons. READ MORE...

Software Updates

Google Patches 19 Vulnerabilities in Chrome 95 Browser Refresh

Google has released a new version of its flagship Chrome web browser with patches for a total of 19 vulnerabilities, including 16 reported by external researchers. The most severe of these issues is CVE-2021-37981, a heap buffer overflow in Skia, for which a $20,000 bounty reward was paid, Google said in an advisory. Next in line are CVE-2021-37982 (use-after-free issue in the Incognito component) and CVE-2021-37983 (use-after-free error in Dev Tools). READ MORE...

Information Security

Many organizations lack basic cyber hygiene despite high confidence in their cyber defenses

SpyCloud released an analysis of IT security leaders' perceived threat of ransomware attacks and the maturity of their cybersecurity defenses. The report found that while 81% of those surveyed consider their security to be above average or exceptional, many lack basic cyber hygiene - 41% lack a password complexity requirement, one of the cheapest, easiest forms of protection, and only 55.6% have implemented multi-factor authentication (MFA). READ MORE...

On This Date

  • ...in 1879, After 14 months of testing, Thomas Edison first demonstrates his electric lamp, hoping to one day compete with gaslight.
  • ...in 1940, Ernest Hemingway's novel For Whom the Bell Tolls is published.
  • ...in 1961, Bob Dylan records his first album in a single day at a cost of $400.
  • ...in 1994, North Korea and the US sign an agreement requiring North Korea to halts its nuclear weapons program and agree to international inspections.