Petronella Cybersecurity News

It’s no coincidence that the maturity levels in the new Cybersecurity Maturity Model Certification (CMMC) are being referred to as levels of “cyber hygiene.”  The World Health Organization (WHO) has been advising us that the most efficient way to protect against the Coronavirus (COVID-19) is to wash our hands regularly for at least 20 seconds […]

What is Breach Fatigue? You know when you are craving a food… Let’s say pepperoni pizza.   You think about it all day.  You dream about it at night.   You’re trying to watch your figure but that warm, stretchy, gooey, deliciousness won’t stop haunting you. So you give in.  You’re going to have “just one slice” […]

By this point, you should hopefully understand that the purpose of the Cybersecurity Maturity Model Certification (CMMC) is to simplify cybersecurity for federal contractors and sub-contractors. Katie Arrington, the DOD’s Chief Information Security Officer for Acquisition and Sustainment, noticed (quite aptly) that “self-certifying” just wasn’t cutting the cake, so to speak.  Hackers were targeting contractors, […]

State Department officials blamed the Russian military intelligence agency’s (GRU) Main Center for Special Technology (GTsST), for cyberattacks targeting the country of Georgia this past October; attacks that not only impacted thousands of websites, but actually disrupted two Georgian networks.  This is the first time the US State Department openly linked the GTsST to Sandworm, […]

Sometimes, government requirements and regulations can make you feel like you are Alice falling down new rabbit holes, trying to figure out just what exactly your business needs to do to win (and keep) your contracts and subcontracts. Do you need to be NIST certified? SP 800-53 or SP 800-171, or both?  What are FARS […]

Beginning today, February 25, 2020, Mozilla will now automatically send all of their US-based customers’ DNS queries to Cloudflare DNS servers, as opposed to the default DNS servers set by their users via their new feature, DNS-over-HTTPS (DoH). DoH executes DNS look-ups over an encrypted server instead of just sending them over plaintext, making it […]

There is a national shortage of cybersecurity specialists, and the former head of the NSA, Mike McConnell, is actively trying to fix that issue. McConnell is a DC professional but is now splitting his time between there and the University of South Florida, in an attempt to fill in this gap of about 500,000 professionals […]

Hackers used a spear-phishing campaign to successfully target an undisclosed natural gas compression facility here in the US, leading to a two-day closure. Their network and data were encrypted with ransomware, which essentially shut down the company’s control and communication abilities. While CISA did not provide many details about the virus involved, it appears that […]

Law firms appear to be the latest black hat hacking trend. No less than FIVE law firms have been breached by cybercriminal group, Maze, in the last four months, and the results have been devastating.  Not only have these criminals STOLEN data, but they’ve also released extremely sensitive protected health information (PHI) from veterans’ pain […]

The Columbus County school system, which was taken offline after a cybersecurity attack last October, is STILL feeling the effects today, even though progress is being made. Last night, school officials updated the county commissioners at a meeting on their current situation.  The National Guard has been helping and while some of their equipment has […]

One of the most frequent questions I hear from our clients about the new Cybersecurity Maturity Model Certification, after a few choice words, is: “How much is this going to cost me?” It’s a great question, and one I can’t fully answer because, unfortunately, they haven’t even rolled out the auditor program yet!! That being […]

Healthcare providers in the US aren’t the only ones dealing with increased cyber attacks. A new report shows that while the National Health Service (NHS – the UK’s Government-funded medical and health care services provider) was compromised over 200 times by ransomware attacks from 2014 to 2017, the measures they took to fortify their cyber […]

“Nothing in life is free.” A lot of people use Avast’s antivirus to protect their computer.  It costs you nothing out of pocket and it’s a pretty effective little cybersecurity tool. Sound to good to be true right? That’s because it is. Did you know that, by default, Avast not only collects your browser activity, […]

Not only has it been leaked that the UN was hacked, but there’s also evidence suggesting they tried to cover it up. What We Know According to a confidential internal document that was leaked to The New Humanitarian and shared with the  Associated Press (AP), more than 40 servers in Geneva and Vienna were compromised.  […]

As if having your medical data compromised wasn’t bad enough… Now your medical secrets are being held hostage! It’s a breezy but sunny afternoon.  You’re going about your day, minding your own business when you receive a random text message from an unknown number saying that they have personal medical information about you that they will […]

Two billion dollars sure does sound like a lot of money for a class action lawsuit, but when you are a major credit reporting agency whose negligence compromised over 147 million people’s personal information? It’s really not.  Click here to file a claim free, online, if you were a potential victim of the massive Equifax […]

Among all the security features available today, two-factor authentication (2FA) is by far one of the most important, and apparently, Google is aware of that!  In their most recent iOS “Smart Lock” app update, they included a feature that will allow you to use your iPhone as a physical 2FA device.  After you set it […]

I know you are all aware of what I’m about to tell you, but just in case you momentarily forgot, I’m going to refresh your memory… Every year, Microsoft stops supporting select versions of its software.  What this means is that they discontinue any sort of security updates or patches.   What does this mean for […]

In case you were ever wondering if your practice needs to encrypt its ePHI? Let the $3 million HIPAA penalty paid last month by the University of Rochester Medical Center (URMC), one of the largest medical systems in NY State, serve as a warning. The Department of Health and Human Services’ Office for Civil Rights […]

Directly on the heels of LockerGoga and MegaCortex, a different strand of ransomware, Maze, which was first discovered nearly a year ago, started to target private companies in the US in November, and the FBI wants to make sure you know about it. Just two days after issuing an alert for LockerGoga and MegaCortex, the […]