Veracity Consulting’s Vice President of Technology, Amy Krohn delivers the following recap of the cybersecurity happenings for the end of June through early July 2017 time period.

Template Injection Used in Attacks on U.S. Critical Infrastructure: The recent attacks aimed at energy facilities and other critical infrastructure organizations in the United States have leveraged a technique called template injection, according to Ciscoís Talos intelligence and research group.The U.S. Department of Energy said it was working with affected firms and pointed out that only administrative and business networks appeared to be impacted, not systems controlling the energy infrastructure.

Dok’ Mac Malware Used to Target Swiss Banks:A variant of the Dok malware for Mac targets Swiss banking users in attacks that appear to be part of Operation Emmenta.

PoS Malware Hits Avanti Payment Kiosks:Cybercriminals used PoSeidon PoS malware to steal payment card and biometric data from Avanti kiosks.

Flaws Found in Dell EMC Data Protection, ESRS Products: Dell EMC provides patches and workarounds for vulnerabilities found in its Data Protection Advisor and ESRS Policy Manager products.

Kaspersky Releases Open Source Digital Forensics Tool: Kaspersky releases source code of Bitscout, a compact and customizable tool designed for remote digital forensics.

Google to Completely Ban WoSign, StartCom Certificates in Chrome 61: websites still using StartCom or WoSign-issued certificates should consider replacing these certificates. Apple and Mozilla have already decided to ban WoSign and StartCom for at least one year. Talk to your System Administrator and web developers about this change.

75 % of U.S. Companies Think GDPR Doesn’t Apply to Them: A new report focusing on Europe’s General Data Protection Regulation (GDPR) preparedness shows a worrying disconnect between Business and Security. GDPR will come into effect in May 2018, and the regulation will require close cooperation between Business, IT and Security to enable and ensure regulatory compliance across the whole organization. The penalty for failure is severe: up to €20 million or 4% of global turnover.  To comply with disclosure requirements, companies need to have a detailed and thorough incident response plan in place; and for this to be effective, all aspects of the business (not just IT and Security) need to know exactly what must be done.  If you don’t have one talk to your IT teams about it. If you need a security assessment, contact the Veracity team and we will get you started.

About Veracity Consulting

Veracity Consulting is a Kansas City-based technology firm with a reputation of implementing and managing IT solutions and business strategies. Our mission is to change the complex world of technology into a more efficient and profitable solution for businesses and communities. We use a collaborative approach with our clients to create and implement viable and relevant solutions. We offer a comprehensive range of commercial and government solutions in the areas of Program Management, Data Management and Analytics, Strategy and Architecture, Managed Infrastructure, and Security.

About Amy Krohn

Amy Krohn has served as a leader in the technology industry for over 20 years.  Her areas of expertise include leading organizations and companies in executive leadership, strategic planning, enterprise architecture, as a mentor, leadership development, organizational change management, delivery management, vendor management, service management, and process improvements.  Amy currently serves as Veracity Consulting’s Vice President of Technology.