Tuesday, March 19, 2019
SC Magazine

Norwegian aluminum producer Norsk Hydro hit by an unspecified cyberattack

Norwegian aluminum producer Norsk Hydro was hit by a cyber attack which began Monday evening and escalated into the night. The Norwegian National Security Authority (NSM) declined to comment on what type of attack it was but said the extent...
SC Magazine

Glitch exposes Sprint customer data to other users

A bug has allowed some Sprint customers to see the personal data of other customers from their online accounts. The information visible includes names, cell phone numbers as well as calls made by other users and, and a Tech Crunch report cited...

6 Ways Mature DevOps Teams Are Killing It in Security

New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.
The Register

Ransomware drops the Lillehammer on Norsk Hydro: Aluminium giant forced into manual mode after systems scrambled

Norway the power and metals wrangler could have seen this one coming Norwegian power and metals giant Norsk Hydro is battling an extensive ransomware infection on its computers.…

Old Tech Spills Digital Dirt on Past Owners

Researcher buys old computers, flash drives, phones and hard drives and finds only two properly wiped devices out of 85 examined.

The Case of the Missing Data

The latest twist in the Equifax breach has serious implications for organizations.
SecurityWeek

Industrial Cybersecurity Firm Nozomi Launches Research Department

Industrial cybersecurity solutions provider Nozomi Networks on Tuesday announced the formal launch of the company’s research department, Nozomi Networks Labs. read more
SecurityWeek

Cloudflare Launches New HTTPS Interception Detection Tools

Security services provider Cloudflare on Monday announced the release of two new tools related to HTTPS interception detection.  read more

CIA bribery scam – crooks offer to erase child abuse evidence for $10,000

This scam is both intimidating and disturbing - the crooks are presenting themselves as corrupt CIA officials who will take a bribe.
The Hacker News

Android Q — Google Adds New Mobile Security and Privacy Features

Google has recently released the first beta version of Android Q, the next upcoming version of Google's popular mobile operating system, with a lot of new privacy improvements and other security enhancements. Android Q, where Q has not yet been...
SecurityWeek

Mobile App Security Firm Blue Cedar Raises $17 Million

Blue Cedar, a San Francisco-based company that specializes in securing mobile applications, on Tuesday announced that it raised $17 million in a Series B funding round. read more
SC Magazine

Authorities had OK to use Broidy’s hands, face to unlock phones confiscated in raid

Federal agents raiding the offices of former Republican National Committee (RNC) Deputy Finance Chair Elliot Broidy last year looking for details on his dealings with a number of people, including “Trump administration associates,” were authorized to use the fundraiser’s...

Norsk Hydro Shuts Plants Amid Ransomware Attack

The cyberattack, first detected on Monday night, has shut down Norsk's entire global network.
ZDNet

Severe security bug found in popular PHP library for creating PDF files

Vulnerability patched last year, but many websites and web apps will most likely remain vulnerable for years.
The Security Ledger

Podcast Episode 138: Hacker President? Joseph Menn of Reuters talks Beto and Cult of the Dead Cow

In this exclusive podcast interview with Security Ledger, Reuters investigative technology journalist Joseph Menn talks about his upcoming book on the iconic hacking group Cult of the Dead Cow and his discovery that U.S. presidential candidate Beto O'Rourke of...

Does GDPR compliance reduce breach risk?

Compliance can be costly and often feels more like red tape and a barrier to business than anything that provides a benefit. A report by EY and the International Association of Privacy Professionals (IAPP) estimates that organizations have spend...
The Hacker News

Ransomware Attack Forces Aluminum Manufacturer to Shutdown Systems Worldwide

Photo by Terje Pedersen / NTB scanpix One of the world's largest producers of aluminum has been forced to shut down several of its plants across Europe and the U.S. after an "extensive cyber attack" hit its operations, leaving companies'...
SecurityWeek

Microsoft Dominates 2018’s Most Exploited Vulnerabilities

Eight of the top ten most exploited vulnerabilities in 2018 affected Microsoft products. Only one -- but the second most exploited -- was an Adobe vulnerability. The last one, ranking at the ninth most exploited vulnerability of 2018, was...

US Orgs Not Ready to Comply with CCPA

US Orgs Not Ready to Comply with CCPAProtecting consumer privacy has become a top priority for legislators as candidates launch their 2020 campaigns and try to win over voters. According to research findings revealed in the new CCPA and...
SC Magazine

Orange County hit and taken offline with ransomware

The Orange County, N.C., government was knocked offline by a ransomware attack early Monday morning. County officials discovered files were being encrypted and shut down its entire network in an effort to stop the malware from spreading, effectively shutting down...

Mozilla Releases Security Updates for Firefox

Original release date: March 19, 2019Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA)...

Microsoft Ending Support for Windows 7

Original release date: March 19, 2019All software products have a life-cycle. After January 14, 2020, Microsoft will no longer provide security updates or support for PCs running the Windows 7 operating system. After this date, this product will no...
F5 Networks

OpenSSL vulnerability CVE-2019-1559

OpenSSL vulnerability CVE-2019-1559 Security Advisory Security Advisory Description If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_ ...

Now Available: Recording of Chinese Malicious Cyber Activity Briefing

Original release date: March 19, 2019The Cybersecurity and Infrastructure Security Agency (CISA) has posted the February 14, 2019, Awareness Briefing on Chinese Malicious Cyber Activity. This webinar provides background and mitigation techniques on Chinese malicious cyber activity targeting managed...
WMware

VMware and Pwn2Own Vancouver 2019

We wanted to post a quick acknowledgement that VMware will have representatives in attendance at Pwn2Own Vancouver 2019 to review any vulnerabilities that may be demonstrated during the security contest. Stay tuned for further updates. As always please sign up...