Tuesday, January 28, 2020
SC Magazine

Tampa Bay Times hit by Ryuk, new variant of stealer aimed at gov’t, finance

On the heels of a Ryuk ransomware attack on the Tampa Bay Times, researchers reported a new variant of the Ryuk stealer being aimed at government, financial and law enforcement targets. The Times attack didn’t result in a breach, noted...
SC Magazine

Pre-Olympics cybersecurity exercise kicks off in Tokyo

A three-day cybersecurity wargame began today in Tokyo in preparation for the upcoming Olympic Summer Games. This particular exercise has 140 workers from 58 critical infrastructure firms defend against malware attacks that attempt to disrupt devices used for telecommuting, according to the Nippon News...
SC Magazine

Bill seeks to reform NSA surveillance, aiming at Section 215, FISA process

Congress took on dual issues of Fourth Amendment and privacy rights in a bill meant to reform the Patriot Act to end the authority of NSA’s phone recording program, as well as, reform the FISA process, addressing the problems...
SC Magazine

Three Magecart operatives arrested in Indonesia

Several members of a group allegedly behind hundreds of Magecart-style attacks were arrested last month in Indonesia as the result of an international law enforcement operation. Interpol’s ASEAN Cyber Capability Desk and the Indonesian National Police just announced late last...
SC Magazine

New York considers bills banning ransom payments

Two bills have been introduced into the New York State Senate that if passed would ban municipalities from paying money demanded by ransomware attackers. The bills are S7246 introduced, by Sen. Phil Boyle, (R), and S7289, introduced by Sen. David Carlucci (D). The first bill would...
SC Magazine

Bots vs. Bad actors: How to spot the difference and protect yourself

Hackers. Bots. Trolls. Cybercriminals. We’ve all heard these terms used – sometimes interchangeably – to describe alleged perpetrators of cyberattacks and other malicious online activity. But as social media grows as the cyberattack vector of choice, it’s important for...
SC Magazine

Critical vulnerabilities found in GE medical gear

The DHS Cybersecurity and Infrastructure Security Agency has issued a warning of six critical-rated vulnerabilities in several GE medical monitoring devices. Advisory ICSMA-20-023-01 covers the GE CARESCAPE Telemetry Server, ApexPro Telemetry Server, CARESCAPE Central Station (CSCS) and Clinical Information Center...
SC Magazine

Citrix fixes bug used in ransomware attacks; Auto maker GEDIA falls victim to exploit

Citrix over the last six days has been releasing firmware updates to fix CVE-2019-19781, a critical remote code execution vulnerability in its Citrix Application Delivery Controller, Citrix Gateway and SD-WAN WANOP products, which cybercriminals have actively exploited in an...
SC Magazine

NYPD arrests ninth Methbot gang member

The New York City Police Department has arrested a ninth member of the Methbot click-fraud gang, according to court documents. Sergey Denisoff’s arrest comes one year after eight other Methbot members were charged and arrested. Denisoff was not named in the original...
SC Magazine

Why automating network security policies is the missing link to digital transformation

Never in the history of business has technology evolved as rapidly as it is now. The speed of conducting business in the digital era has spurred enterprises to adopt hybrid cloud-based systems, micro-segmentation and virtual platforms as crucial elements of enterprise-level digital transformations....
SC Magazine

Privacy takes a hit, as storage bucket leaks cannabis dispensary POS data

A misconfigured Amazon Web Services S3 storage bucket was discovered leaking data that had been collected by a point-of-sale system used by multiple cannabis dispensaries, researchers from vpnMentor reported on Wednesday. The exposed bucket, which was found on Christmas eve...
SC Magazine

Alphabet CEO supports EU push to temporarily ban facial recognition in public spaces

Alphabet CEO Sundar Pichai’s decision to back the EU’s proposal to ban the use of face recognition in public spaces for five years drew praise from rights activists. “I think it is important that governments and regulations tackle it sooner rather than later...
SC Magazine

The Dearth of Skilled Cybersecurity Personnel

The cybersecurity industry is currently experiencing a shortage of trained staff in epidemic proportions.   While complex and sophisticated malware is generated in increasing numbers daily, the skilled personnel needed to prevent or remediate the ever-increasing malevolent code is simply...
SC Magazine

PupyRAT found sniffing around EU energy concern

A command and control server used by the Iranian-associate group PupyRAT that is communicating with the mail server of a European energy sector organization for the last several months. Recorded Future’s Insikt Group reported PupyRAT, a remote access trojan, had been chatting with the November2019...
SC Magazine

Best practices for reducing third-party risk

The simple truth is that the security measures organizations put in place are not enough to protect them from threats. Third parties can present the greatest area of risk exposure — both for data security and for regulatory compliance. It is much...
ZDNet

DEF CON China conference put on hold due to coronavirus outbreak

DEF CON team is hoping that the 2019-nCoV outbreak will improve and they can go on as planned, or reschedule.
The Register

Remember the Clipper chip? NSA’s botched backdoor-for-Feds from 1993 still influences today’s encryption debates

We'll laugh at today's mandated holes in the same way we laugh at those from 25 years ago Enigma  More than a quarter century after its introduction, the failed rollout of hardware deliberately backdoored by the NSA is still...

Average Ransomware Payments More Than Doubled in Q4 2019

Ransomware attackers collected an average of around $84,000 from victim organizations, up from $41,000 in Q3 of 2018, Coveware says.
The Security Ledger

Seven Years Later, Scores of EAS Systems sit Un-patched, Vulnerable

Two years after a false EAS alert about an incoming ICBM sowed terror in Hawaii, and seven years after security researchers warned about insecure, Internet connected Emergency Alert System (EAS) hardware, scores of the devices across the U.S. remain...

One Small Fix Would Curb Stingray Surveillance

The technology needed to limit stingrays is clear—but good luck getting telecoms on board.