Tampa Bay Times hit by Ryuk, new variant of stealer aimed at gov’t, finance
On the heels of a Ryuk ransomware attack on the Tampa Bay Times, researchers reported a new variant of the Ryuk stealer being aimed at government, financial and law enforcement targets.
The Times attack didn’t result in a breach, noted...
Pre-Olympics cybersecurity exercise kicks off in Tokyo
A three-day cybersecurity wargame began today in Tokyo in preparation for the upcoming Olympic Summer Games.
This
particular exercise has 140 workers from 58 critical infrastructure firms
defend against malware attacks that attempt to disrupt devices used for
telecommuting, according to the Nippon
News...
Bill seeks to reform NSA surveillance, aiming at Section 215, FISA process
Congress took on dual issues of Fourth Amendment and privacy rights in a bill meant to reform the Patriot Act to end the authority of NSA’s phone recording program, as well as, reform the FISA process, addressing the problems...
Three Magecart operatives arrested in Indonesia
Several members of a group allegedly behind hundreds of Magecart-style attacks were arrested last month in Indonesia as the result of an international law enforcement operation.
Interpol’s ASEAN Cyber Capability Desk and the Indonesian National Police just announced late last...
New York considers bills banning ransom payments
Two bills have
been introduced into the New York State Senate that if passed would ban municipalities
from paying money demanded by ransomware attackers.
The bills are
S7246
introduced, by Sen. Phil Boyle, (R), and S7289,
introduced by Sen. David Carlucci (D).
The first
bill would...
Bots vs. Bad actors: How to spot the difference and protect yourself
Hackers. Bots. Trolls. Cybercriminals. We’ve all heard these terms used – sometimes interchangeably – to describe alleged perpetrators of cyberattacks and other malicious online activity. But as social media grows as the cyberattack vector of choice, it’s important for...
Critical vulnerabilities found in GE medical gear
The DHS Cybersecurity and Infrastructure Security Agency has issued a warning of six critical-rated vulnerabilities in several GE medical monitoring devices.
Advisory ICSMA-20-023-01 covers the GE CARESCAPE Telemetry Server, ApexPro Telemetry Server, CARESCAPE Central Station (CSCS) and Clinical Information Center...
Citrix fixes bug used in ransomware attacks; Auto maker GEDIA falls victim to exploit
Citrix over the last six days has been releasing firmware updates to fix CVE-2019-19781, a critical remote code execution vulnerability in its Citrix Application Delivery Controller, Citrix Gateway and SD-WAN WANOP products, which cybercriminals have actively exploited in an...
NYPD arrests ninth Methbot gang member
The New York City Police Department has arrested a ninth member of the Methbot click-fraud gang, according to court documents.
Sergey
Denisoff’s arrest comes one year after eight other Methbot members were charged
and arrested. Denisoff was not named in the original...
Why automating network security policies is the missing link to digital transformation
Never
in the history of business has technology evolved as rapidly as it is now. The
speed of conducting business in the digital era has spurred enterprises to
adopt hybrid cloud-based systems, micro-segmentation and virtual platforms as
crucial elements of enterprise-level digital transformations....
Privacy takes a hit, as storage bucket leaks cannabis dispensary POS data
A misconfigured Amazon Web Services S3 storage bucket was discovered leaking data that had been collected by a point-of-sale system used by multiple cannabis dispensaries, researchers from vpnMentor reported on Wednesday.
The exposed bucket, which was found on Christmas eve...
Alphabet CEO supports EU push to temporarily ban facial recognition in public spaces
Alphabet CEO Sundar Pichai’s
decision to back the EU’s proposal to ban the use of face recognition in public
spaces for five years drew praise from rights activists.
“I think it is important that governments and
regulations tackle it sooner rather than later...
The Dearth of Skilled Cybersecurity Personnel
The cybersecurity industry is currently experiencing a shortage of trained staff in epidemic proportions. While complex and sophisticated malware is generated in increasing numbers daily, the skilled personnel needed to prevent or remediate the ever-increasing malevolent code is simply...
PupyRAT found sniffing around EU energy concern
A command and
control server used by the Iranian-associate group PupyRAT that is
communicating with the mail server of a European energy sector organization for
the last several months.
Recorded Future’s
Insikt Group reported PupyRAT, a remote access trojan, had been chatting with
the November2019...
Best practices for reducing third-party risk
The simple truth is that the security measures
organizations put in place are not enough to protect them from threats. Third
parties can present the greatest area of risk exposure — both for data security
and for regulatory compliance. It is much...
DEF CON China conference put on hold due to coronavirus outbreak
DEF CON team is hoping that the 2019-nCoV outbreak will improve and they can go on as planned, or reschedule.
Remember the Clipper chip? NSA’s botched backdoor-for-Feds from 1993 still influences today’s encryption debates
We'll laugh at today's mandated holes in the same way we laugh at those from 25 years ago Enigma More than a quarter century after its introduction, the failed rollout of hardware deliberately backdoored by the NSA is still...
Average Ransomware Payments More Than Doubled in Q4 2019
Ransomware attackers collected an average of around $84,000 from victim organizations, up from $41,000 in Q3 of 2018, Coveware says.
Seven Years Later, Scores of EAS Systems sit Un-patched, Vulnerable
Two years after a false EAS alert about an incoming ICBM sowed terror in Hawaii, and seven years after security researchers warned about insecure, Internet connected Emergency Alert System (EAS) hardware, scores of the devices across the U.S. remain...
One Small Fix Would Curb Stingray Surveillance
The technology needed to limit stingrays is clear—but good luck getting telecoms on board.
