Tuesday, January 28, 2020

NY Bills Would Ban Municipalities From Meeting Ransomware Demands

Two state senators from New York State introduced bills that would ban municipalities from meeting ransomware attackers’ demands. On January 14, 2020, NYS Senator Phil Boyle of the 4th Senate District proposed Senate Bill S7246. Senator Boyle along with...

Russian National Pleads Guilty to Having Run Cardplanet Marketplace

A Russian national pleaded guilty to having operated Cardplanet and another website that provided digital criminal services to its customers. Appearing before Senior U.S. District Judge T.S. Ellis III, Aleksei Burkov, 29, pleaded guilty to charges of access device...

Shlayer Trojan Accounted for 30% of Detections for macOS in 2019

The Shlayer trojan accounted for approximately 30% of all of Kaspersky Lab’s malware detections for the macOS platform in 2019. Kaspersky Lab revealed on Securelist that Shlayer has been the most common threat to target its macOS userbase for...

UPS Says Phishing Incident Might Have Exposed Some Customers’ Data

The United Parcel Service (UPS) revealed that a phishing incident might have exposed the information of some of its customers. In its “Notice of Data Breach” letter, UPS disclosed that an unauthorized person had used a phishing attack to...

Health Quest Begins Notifying Patients Affected by Phishing Incident

Health Quest announced that it’s begun notifying patients whose information might have been exposed in a phishing incident. According to its website notice, Health Quest first learned of the incident in July 2018 when several employees fell for a...

GDPR Regulators Have Imposed $126M in Fines Thus Far, Finds Survey

A new survey found that regulators have thus far imposed imposed $126 million worth of fines for data breaches and other GDPR infringements. According to DLA Piper’s GDPR Data Breach Survey, data protection regulators imposed €114 million (about US$126...

Domain Name of WeLeakInfo.com Seized by FBI and DOJ

The Federal Bureau of Investigations (FBI) and the Department of Justice (DOJ) announced that they have seized the domain name for weleakinfo.com. On January 16, the U.S. Attorney’s Office for the District of Columbia announced that the FBI and...

Ako Ransomware Using Spam Attachments to Target Networks

Security researchers observed that Ako ransomware is using malicious spam attachments to go after organizations’ networks. On January 14, AppRiver Senior Cybersecurity Analyst David Pickett contacted Bleeping Computer and told the computer self-help site that his company had observed...

Emotet Used Phishing Emails to Target the United Nations

The Emotet trojan recently leveraged a phishing campaign to target email addresses associated with users at the United Nations. In an email provided by Cofense to Bleeping Computer, Emotet’s handlers pretended to be representatives of Norway to the United...

GCHQ Urges People to No Longer Use Windows 7 PCs for Banking, Email

The Government Communications Headquarters (GCHQ) is urging people to no longer use computers with Windows 7 installed for banking or email. A spokesperson for the National Cyber Security Centre (NCSC), a part of GCHQ, encouraged consumers to upgrade their...

Texas School District Lost $2.3M to Phishing Email Scam

A school district in Texas announced that it lost approximately $2.3 million after falling victim to a phishing email scam. On January 10, the Manor Independent School District (MISD) published a statement on Twitter and Facebook in which it...

DSG Retail Limited Fined £500K by ICO Following Malware Attack

The UK Information Commissioner’s Office (ICO) fined DSG Retail Limited £500,000 following a malware attack that affected millions of the retailer’s customers. As the result of an investigation, the ICO learned that the DSG Retail Limited had suffered a...

Alomere Health Notifies Patients of Employee Email Compromise

Alomere Health said that it’s begun notifying patients of a security incident that involved the compromise of two employees’ email accounts. According to a statement posted to its website, Alomere Health began notifying its patients on January 3, 2020...

SNAKE Ransomware Targeting Entire Corporate Networks

Security researchers have observed samples of the new SNAKE ransomware family targeting organizations’ entire corporate networks. Discovered by MalwareHunterTeam and analyzed by Vitali Kremez, SNAKE is written in Golang and contains a high level of obfuscation. Upon successful infection,...

Canyon Bicycles Revealed that Digital Attackers Accessed Its IT Systems

Canyon Bicycles revealed that malicious individuals succeeded in accessing its IT systems as the result of a digital attack. The German bike manufacturer announced in a press release that the digital attack occurred shortly before the turn of the...

DEF CON China conference put on hold due to coronavirus outbreak

DEF CON team is hoping that the 2019-nCoV outbreak will improve and they can go on as planned, or reschedule.
The Register

Remember the Clipper chip? NSA’s botched backdoor-for-Feds from 1993 still influences today’s encryption debates

We'll laugh at today's mandated holes in the same way we laugh at those from 25 years ago Enigma  More than a quarter century after its introduction, the failed rollout of hardware deliberately backdoored by the NSA is still...

Average Ransomware Payments More Than Doubled in Q4 2019

Ransomware attackers collected an average of around $84,000 from victim organizations, up from $41,000 in Q3 of 2018, Coveware says.
The Security Ledger

Seven Years Later, Scores of EAS Systems sit Un-patched, Vulnerable

Two years after a false EAS alert about an incoming ICBM sowed terror in Hawaii, and seven years after security researchers warned about insecure, Internet connected Emergency Alert System (EAS) hardware, scores of the devices across the U.S. remain...

One Small Fix Would Curb Stingray Surveillance

The technology needed to limit stingrays is clear—but good luck getting telecoms on board.