{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


linkedin facebook twitter instagram
An insurance company lost its argument over whether it should help a client clean up after a ransomware attack. The U.S. Department of Homeland Security is warning about unpatched medical devices. And it looks like suspected North Korean hackers targeted U.S. government agencies. This is CyberScoop for Friday, January 24.

Judge orders an insurer to cover ransomware-related claims

A Maryland federal judge on Thursday ruled that an Ohio insurer must cover the costs following a ransomware attack that forced a client to replace much of its technology. State Auto Property & Casualty Insurance is on the hook for losses incurred by National Ink & Stitch, a Maryland screen printing business, after a 2016 hack resulted in “direct physical loss or damage” of National Ink & Stitch’s property. The summary judgment decision from Judge Stephanie A. Gallagher, of the U.S. District Court of Maryland, comes amid ongoing skepticism with the way insurance companies have waded into data security incidents, which are difficult to predict. Jeff Stone has the update.

A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.

DHS flags six major flaws in medical tech

The Cybersecurity and Infrastructure Security Agency detailed six vulnerabilities, known collectively as “MDhex,” lurking in medical technology manufactured by GE Healthcare. The issues exist in GE’s line of patient monitors, including some versions of the Central Information Center product, the Apex Telemetry Server/Tower, the Central Station, a Telemetry Server and three monitor products that display vital patient information to hospital professionals. No known public exploits specifically target these vulnerabilities, CISA said in its alert. Five of the vulnerabilities were assigned a severity score of 10 on a scale of 1-10, while the sixth was rated an 8.5 on the National Infrastructure Advisory Council’s system. Jeff has more.

There's something phishy going on here

In the second half of 2019, a U.S. government agency was targeted by repeated spearphishing attempts that could be from a mysterious group that has evaded attribution for years, according to new research issued Thursday by security firm Palo Alto Networks. The campaign, waged between July and October of 2019, also targeted two unnamed foreign nationals who are “professionally affiliated with” North Korea. But the identity of the attackers is still unknown. The suspected hacking group, the “Konni Group” — which Unit 42 and researchers from Cisco Talos have detailed in previous research — is known to target entities and individuals “who have interest in, are directly linked to, or conduct business in North Korea.” Shannon Vavra explains.

A Sandworm-style hack on a utility

Security researcher Jason Larsen had a point to prove: Replicating techniques of a vaunted Kremlin-linked hacking group isn’t that hard. And defending against those techniques doesn't need to be complicated. So Larsen broke into the sensitive control system network of a European utility (one of his clients), and showed them how to improved their defenses. He presented his findings for the first time publicly at the S4 conference this week. Sean Lyngaas was there.

DOD contractors need to get hip to the cyber

The Department of Defense has been planning for nearly a year to update its cybersecurity certification framework for contractors who serve the military. But the process apparently is news to some contractors. A survey published by Tier 1 Cyber found that few DOD vendors are aware of the new standard, which DOD is calling the Cybersecurity Maturity Model Certification (CMMC). Overall, the survey found contractors have “gotten the message” on the importance of cybersecurity, but few have implemented mitigation efforts to the imposing threats, Tier1 Cyber says. FedScoop’s Jackson Barnett explains the results.

Intel to join cyber workforce initiative

Intel has decided to join the likes of Apple, Facebook, IBM, Google and PwC in an initiative launched last fall focused on tackling cybersecurity workforce issues. The members of the initiative, part of the Aspen Cybersecurity Group, have pledged to change cybersecurity job descriptions and job requirements to appeal to a broader, more diverse talent pool. For instance, they’re taking out certain words that may sound too “masculine.” Shannon covered the news before.

State CIOs want harmony (and money)

It should be no surprise that the National Association of State Chief Information Officers, which speaks on behalf of state technology leaders from across the country, has cybersecurity on its mind. NASCIO's latest publication — a short wishlist of federal support for state IT offices — focuses on clarifying the relationship between Washington's cybersecurity agencies and state governments. The group’s top priority continues to be a desire to harmonize the numerous cybersecurity regulations the federal government enforces on state governments. States also want a regular funding stream for cybersecurity programs, especially in light of the ongoing outbreak of ransomware attacks across the country. StateScoop's Colin Wood talks with NASCIO about its priorities.

DHS cyber boss keeps urgency as Iran tension subsides

Awareness of Iran’s cyber-capabilities among state and local governments shouldn’t be wasted as tensions subside, the Department of Homeland Security’s top cybersecurity official told a roomful of city leaders this week. “While it may look at this thing has cooled off for the time being, let’s take advantage of this moment,” Chris Krebs, the director of DHS’s Cybersecurity and Infrastructure Security Agency, told attendees of the U.S. Conference of Mayors winter meeting at a Washington hotel. “Even if the Iranian threat is gone, you know what’s still out there? Ransomware. That’s something every single person in this room needs to be thinking about intimately.” Benjamin Freed has more at StateScoop.

Tweet Of The Day


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}