$1.38 Billion Settlement Reached in Equifax Data Breach Class Action Lawsuit
A $1.38 billion settlement has been reached to resolve the Equifax data breach class action lawsuit filed on behalf of victims of the 2017 data breach that affected 147 million Americans and 15.2 million individuals in the United Kingdom. The settlement was given final approval by a court in the Northern District of Georgia on Monday, January 13, 2020. Class members will be able to claim up to $20,000 to cover out-of-pocket losses....
January 2020 Patch Tuesday Sees Microsoft Patches 49 Vulnerabilities
January 2020 Patch Tuesday has seen Microsoft issue patches for 49 vulnerabilities including 7 rated critical, along with a fix for the Crypt32.dll vulnerability discovered and publicly disclosed by the U.S. National Security Agency. Microsoft has also issued its last round of updates for Windows 7, which reached end of life on January 14. None of the vulnerabilities in this month’s updates are being exploited in the wild and details...
NSA Issues Cybersecurity Advisory on Critical Flaw Affecting Windows 10 and Windows Server
The U.S. National Security Agency has taken the unusual step of publicly disclosing a vulnerability to a software vendor. This is the first time that such a disclosure has been attributed to the NSA. The vulnerability, tracked as CVE-2020-0601, affects Windows 10 and Windows Server 2016 and 2019, and has been rated as critical by the NSA, but only important by Microsoft. When the NSA discovers vulnerabilities they are usually kept...
Erie, Colorado Loses $1 Million To BEC Scam
The town of Erie in Colorado has been duped by a business email compromise (BEC) scam. A payment of $1.01 million intended for the construction firm contracted to build the Erie Parkway bridge was sent to a bank account controlled by the scammers. In contrast to most BEC scams that are conducted via email, this scam was performed via the town’s website. A form on the website was used to make a change to the payment method for SEMA...
Travelex Cyberattack Forces Shutdown of Online Currency Services
The world’s largest foreign exchange company, Travelex, experienced a cyberattack on New Year’s Eve which took its website out of action and affected companies such as Tesco, Barclays, and HSBC which used its FX services. Since the attack occurred, Tesco, Sainsbury’s, and other companies that use Travelex FX services have been unable to provide online currency exchanges to their customers. Travelex discovered a virus on its...
Ransomware Victim Takes Legal Action Against Attackers and ISP Hosting its Stolen Data
Southwire, one of the largest manufacturers of cabling and wire in the United States, has taken legal action against the unknown individuals behind the attack and an internet service provider hosting a website where its stolen data has been published. The threat actors infiltrated Southwire’s network in December 2019, stole 120 GB of company data, and then deployed Maze ransomware on 878 computers. A ransom demand of 850 Bitcoin ($6...
Microsoft Takes Down 50 Phishing Domains Used by North Korea-Backed Threat Group
Microsoft has sought help from the courts to take down domains used by the North Korea-backed hacking group, Thallium (APT37). After securing the court order from the U.S. District Court for the Eastern District of Virginia, 50 that were being used by the hacking group to attack the United States have now been seized. Microsoft’s Digital Crimes Unit (DCU) and Threat Intelligence Center (MSTIC) have been tracking the activity of the...
Three Members of Goznym Banking Trojan Gang Sentenced
Three individuals who were part of the criminal organization responsible for the Goznym malware attacks in Europe and North America between 2015 and 2016 have been sentenced for their role in the operation, according to a recent announcement by the U.S. Department of Justice. The Goznym banking Trojan was a hybrid of the Nymaim malware dropper and Gozi banking malware and was primarily distributed via massive email spamming campaigns....
Data of 267 Million Facebook Users Exposed Online
A database containing the user IDs, names, and telephone numbers of 267 million Facebook users has been exposed online for a period of around two weeks as a result of a misconfigured Elasticsearch cluster. The exposed database was discovered by Bob Diachenko and security researchers at Comparitech. It is believed to have been created by individuals based in Vietnam. Most of the individuals whose data has been exposed are based in the...
435,000 Weak RSA Keys Identified in IoT Devices
RSA is a commonly used encryption protocol for securing communications. RSA encryption uses asymmetric cryptographic keys, one of which is public and can be shared and the other is private. In order to decrypt data, the private key is required. RSA keys are created by multiplying two random prime numbers. These prime factors should be different. No two RSA keys should share the same prime factors, but researchers at Keyfactor have...
Unsecured Web Filtering Database Exposed Private Browsing Histories and PII
A database containing around 1 million web browsing records of internet users has been left unprotected online. The 890GB database contained daily logs of internet activity of customers of various internet service providers along with personally identifiable information that tied the browsing histories to specific end users. In many cases, highly sensitive internet histories were exposed, including specific videos that were viewed on...
Zeppelin Ransomware Used to Attack MSPs, Technology, and Healthcare Companies
Security researchers at Blackberry Cylance have identified a new variant of Buran ransomware which is being used in targeted attacks on technology and healthcare companies in Europe and the United States. The new ransomware variant was first detected on November 6, 2019. It is written in Delphi and is a member of the VegaLocker and Buran ransomware family. It is believed to be distributed under the ransomware-as-a-service model. The...
Ransomware Attacks on Network Attached Storage (NAS) Devices on the Rise
A hacker succeeds in gaining access to the computer systems of a business and ransomware is deployed, but there is a fair chance that the business will recover its files from backups and not pay the ransom. However, if backups are not available, there is a high chance that the business will have to pay since data loss is simply not an option. It is therefore no surprise that hackers are now targeting backups and Network Attached...
Ransomware Attack on IT Company Impacts more than 100 Dental Practices
More than 100 dental practices have had essential files encrypted as a result of a ransomware attack on an IT service provider. On November 25, 2019, the Englewood, Colorado-based IT firm Complete Technology Solutions (CTS) was attacked and its data was encrypted by Sodinokibi ransomware, aka rEvil. The firm was reportedly issued with a ransom demand of $700,000 in cryptocurrency for the keys to unlock the encrypted files. The firm...
Elaborate Man-in-the-Middle Attack Diverts $1 Million Payment to Israeli Startup
$1 million in venture capital funding intended for an Israeli startup was diverted to an attacker-controlled bank account in an elaborate wire transfer email scam. The funding was being transferred from a Chinese VC firm and the funds were intended to help the Israeli firm kick start its business. The scam was uncovered by researchers at Check Point Software who called it the “ultimate man-in-the-middle attack.” The researchers...
FBI Issues Warning Following Increase in E-Skimming Attacks
The FBI has issued a warning following an increase in e-skimming attacks on small and medium sized businesses and government agencies. E-skimming is the term given to the loading of malicious code onto e-commerce websites that captures credit card information when consumers purchase products online. The code sends personal information and credit card details to an attacker-controlled domain in real-time. These attacks are performed on...
Google Rolls out DNS-over-HTTPS in Chrome 78 and Fixes 37 Vulnerabilities
Google has released Version 78 of Chrome, which includes fixes for 37 vulnerabilities in the browser and several new features, including DNS-over-HTTPS (DoH). DoH is an experimental addition to the browser to test the new technology and comes a month after Firefox added DoH to its browser. DoH has already been implemented by several DNS providers to improve privacy and security. Essentially, DoH introduces the same security benefits...
Free Decyptor for STOP Ransomware Released
Researchers at New Zealand-based cybersecurity firm Emsisoft have released a free decryptor for STOP ransomware. STOP ransomware is primarily used to attack consumers rather than businesses and is usually delivered via cracked software and adware bundles distributed on websites that offer cracks for legitimate software applications such as Photoshop. The threat actors behind the campaign are highly active. In fact, STOP ransomware is...
How Much Does Cisco Umbrella Cost?
If you are looking for a content filtering solution that will protect your business from web-based threats, Cisco Umbrella will no doubt be one of the solutions you look at, but how much does Cisco Umbrella cost? Many cybersecurity solution providers offer price lists on their websites to allow potential customers to decide whether the solution falls within their budget. The lack of pricing on the Cisco website may give you an idea...
Only 32% of Companies are Adopting a Security-First Approach to Cloud Data Storage
A recent survey conducted by the Poenmon Institute has revealed less than a third (32%) of companies are adopting a security-first approach to data stored in the cloud. The survey was conducted for the 2019 Thales Global Cloud Security Study on 3,000 IT and IT security professionals in 8 countries – Australia, Brazil, France, Germany, India, Japan, the UK and the US. The survey revealed 48% of corporate data is now stored in the...
U.S. Senate Passes Cybersecurity Legislation to Protect Infrastructure & Aid Recovery from Ransomware and Other Cyberattacks
The U.S. Senate has passed a new bill – the DHS Cyber Hunt and Incident Response Teams Act – that calls for the Department of Homeland Security (DHS) to create dedicated Cyber Hunt and Incident Response Teams to help private and public sector organizations respond to and recover from cyberattacks. A similar bill (H.R. 1158) was recently passed by the House of Representatives and both will now be consolidated and will head...
Healthcare Industry Cybersecurity Matrix of Information Sharing Organizations Issued by HSCC
The U.S. Healthcare and Public Health Sector Coordinating Council (HSCC) has published a new resource to help healthcare organizations start participating in threat intelligence sharing and stay abreast of the latest cybersecurity threats affecting the healthcare sector. Many healthcare organizations understand the importance of cybersecurity information sharing but have yet to make a start. Getting started can be somewhat daunting,...
58% of CISOs Believe Surviving a Data Breach Will Make Them More Attractive to Future Employers
Data breaches are best avoided by Chief Information Security Officers (CISOs) through the implementation of a strong cybersecurity framework, but should disaster strike it could actually be good for a CISO’s job prospects, provided of course that the breach is successfully remediated. Otherwise, the reverse is likely to be the case. That is the view of a majority of CISOs who took part in a recent Optiv Security survey for the...
Flaws in GPS Trackers Can be Exploited to Reveal the Location of Children
Many parents are using GPS trackers to monitor the location of their children, but a recent study conducted by researchers at Avast Threat Labs has shown that far from improving safety, parents could be putting their children at risk. GPS trackers allow parents to see where their children are at all times, but they also allow others to locate their children due to the number of bugs in the devices and associated apps. The study was...
Digital Extortion and Fileless Malware Attacks Have Soared in 1H, 2019
The first 6 months of 2019 have seen significant increases in business email compromise (BEC) attacks, ransomware attacks, and other forms of cyber extortion, according to a mid-year cybersecurity roundup from Trend Micro. The report, titled Evasive Threats, Pervasive Effects, provides insights into the current threat landscape and the main threats currently faced by businesses. Ransomware attacks have increased significantly, but the...
Multi-Factor Authentication Stops 99.9% of Automated Cyberattacks
A new report from Microsoft suggests 99.9% of all automated cyberattacks on Microsoft platforms and other online services are blocked by multi-factor authentication, highlighting the importance of this security measure for stopping data breaches. Microsoft says that there are more than 300 million fraudulent sign-in attempts to Microsoft cloud services every day and that figure is steadily growing. There are also around 167 million...
Even When Warned, Many Users Do Not Change Breached Passwords
In February, Google launched its Password Checkup service on chrome, which displays a warning to users when they login to a website using a password that is known to have been compromised in a previous data breach. Each username is checked against a database of more than 5 billion compromised logins. If the password used matches one associated with the same username in the database, the warning is triggered. The chrome extension has...
Researchers Provide Insights into Motivations Behind Healthcare Cyberattacks
A new report from FireEye provides insights into the motivations behind cyberattacks on U.S. healthcare organizations. The report shows patient information is not the only type of sensitive data being sought. There has been a marked increase in cyberattacks on cancer research institutes and medical institutions for the research data they hold. The attacks are being conducted by Advanced Persistent Threat (APT) groups affiliated to...
Custom 404 Pages Used to Serve Fake Microsoft Office 365 Login Forms
A new phishing campaign has been detected by security researchers at Microsoft that uses custom 404 pages to display a fake Office 365 login form. A single domain is used in this campaign and a custom 404 page is created that displays the fake Office 365 login form. The custom 404 page is displayed when any visitor to the website attempts to visit a non-existent web page. Since any URL could be entered to generate the 404 page, the...
Texas Ransomware Attack Affects 23 Government Agencies
The Texas Department of Information Resources (DIR) has issued a statement confirming the state has experienced a major ransomware incident that has affected multiple agencies. For security reasons, the names of the affected agencies have not been released, but DIR has confirmed that at least 23 government entities have been affected by “a coordinated ransomware attack.’ The systems and networks of the State of Texas were not...
2019: A Particularly Bad Year for Healthcare Data Breaches
Cyberattacks on healthcare organizations have continued to increase throughout the first half of 2019 and this year has seen the discovery of the second largest healthcare data breach ever reported. American Medical Collection Agency experienced a cyberattack in which the records of more than 20 million patients were exposed and potentially stolen. It should be no surprise to hear that in terms of both the number of healthcare data...
Capital One Data Breach Impacts 106 Million Customers: Hacker Arrested
Capital One, the 7th largest U.S. commercial bank and the 5th largest credit card issuer in the United States, has announced it has recently suffered a major data breach that has impacted more than 100 million credit card applicants in the United States and a further 6 million in Canada. The data breach was discovered on July 19, 2019 after the hacker allegedly responsible for the attack posted information on her Github and social...
Equifax to Pay up to $700 Million to Settle Data Breach Case
The massive data breach at the credit reporting firm Equifax in 2017 exposed the personal and financial information of 147 million Americans. The breach triggered a series of federal and state investigations to determine how the breach occurred, whether it could have been prevented, and whether Equifax had implemented sufficient security controls. The investigation has been completed and the subsequent data breach case has now been...
Second Major Florida Ransomware Attack Raises Ransom Total to $1.1 Million in a Month
Two Florida cities suffered major ransomware attacks in the past month that wiped out their computer and phone systems. First came the news that Riviera Beach had suffered a major ransomware attack. The attack started on May 29, 2019 and was detected the following day. The ransomware took the city’s phone system, email system, and water payment system out of action. A ransom demand of 65 Bitcoin ($592,000) was issued by the attackers...
Florida City Pays $600,000 Ransom to Hackers for Keys to Unlock Encrypted Files
A ransomware attack on the city of Riviera Beach in Florida has paralyzed the city’s computer system for more than 3 weeks and has caused widespread disruption. The attack started on May 29 with a single email. A member of the Riviera Beach police department received an email with an infected email attachment. When the attachment was opened, ransomware was deployed. The attack took down the city’s online services and computer systems....
Radware Survey Reveals the 2019 Cost of a Cyberattack is now $4.6 Million
A recent survey by Radware has confirmed there has been a significant increase in the cost of a cyberattack in 2019. The average cost of remediating a cyberattack is now $4.6 million which is a 53% increase from 2018 when the survey was last conducted. Further, the number of companies that are now spending more than $10 million remediating cyberattacks has increased from 7% in 2018 to 13% in 2019 – An increase of more than 85%. The...
Norsk Hydro Ransomware Attack Estimated to Cost Firm Between $58 and $70 Million
Disaster strikes and ransomware is installed on the network. If backups have been made and they have also not been encrypted, files can be unlocked without having to pay the ransom. Even in such cases, the cost of the attack can be considerable, as the Norwegian aluminum and renewable energy company Norsk Hydro discovered. Ransomware had been installed on its systems on March 18, 2019. The ransomware strain used was a variant of Vega...
Google Has Been Storing Unhashed G-Suite Passwords for 14 Years
Google has recently announced it has discovered an error was made in its enterprise password recovery feature that has resulted in G Suite passwords being stored on internal servers in plaintext for 14 years. The passwords could not be accessed remotely by anyone outside of Google, but the error does pose a security risk. Any Google employee with access to its servers could have viewed those passwords. The problem does not affect...
International Law Enforcement Operation Shuts Down Goznym Malware Gang
The international criminal gang behind the infamous Goznym malware has been disbanded following a complex law enforcement investigation in Bulgaria, Germany, Georgia, Moldova, Ukraine, and the United States. The investigation has resulted in indictments for ten defendants, five of whom have been apprehended: Two in Germany, one in Bulgaria, one in Moldova, and the alleged leader of the gang in Georgia. Five Russian nationals involved...
New Intel MDS Vulnerabilities Allow Sensitive Data to Be Accessed from CPUs
Four Microarchitectural Data Sampling (MDS) vulnerabilities have been discovered in Intel processers which could be exploited using a variety of different attack methods to gain access to sensitive information. The flaws can be exploited on computers as well as in cloud environments and can allow information to be obtained from the operating system, applications, virtual machines, and trusted execution environments. The information...
Microsoft Issues Patches for 79 Vulnerabilities Including Critical Wormable Flaw
May 2019 Patch Tuesday has seen Microsoft release security updates to correct 79 vulnerabilities including one critical flaw that could potentially be exploited in a WannaCry-style malware attack. The wormable vulnerability (CVE-2019-0708) is in Remote Desktop Services and can be exploited by sending specially crafted requests via Remote Desktop Protocol (RDP). The vulnerability is pre-authentication and requires no user interaction....
Cost of the Equifax Data Breach? $1.5 Billion and Counting
In 2017, the Atlanta-based credit bureau Equifax suffered a massive data breach that saw the personal information of 150 million people compromised. According to the company’s recent earnings release, the cost of the Equifax data breach has risen to $1.5 billion plus legal fees. The Department of Homeland Security had warned Equifax about a software vulnerability a few months prior to the attack, which was exploited to gain access to...
DHS Cybersecurity and Infrastructure Security Agency Issues Guidelines for O365 Migrations
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a set of guidelines and best practices to help organizations migrate to Microsoft Office 365 and avoid introducing vulnerabilities that could make it easier for cybercriminals to conduct attacks and gain access to Office 365 accounts. There has been a major increase in the number of organizations that have transitioned to...
City of Baltimore Suffers Second Ransomware Attack in 14 Months
A ransomware attack on the City of Baltimore has forced the city to take most of its servers offline. This is the second such attack to hit the city in a little over a year. Baltimore suffered a similar attack in March 2018. In that attack, it’s 911 and 311 systems were taken out of action due to ransomware file encryption. The latest incident has not affected the 911 and 311 systems nor its core essential services, although many...
Verizon 2019 Data Breach Investigations Report Reveals Latest Cyberattack Trends
Verizon has released its 2019 Data Breach Investigations Report. The annual report provides an in-depth analysis of global data breaches, new cyberattack trends, and an overview of the current threat landscape. This is the 12th consecutive year that Verizon has produced the report and this year’s instalment is most extensive DBIR report released to date. Verizon now collects data from 73 sources and included 41,686 reported security...
Businesses Are Not Well Prepared to Deal with Serious Security Breaches
A recent survey conducted by Vanson Bourne on 600 IT decision makers has revealed confidence in the ability to respond to a serious data breach is low. 77% of respondents did not believe they were extremely well prepared to deal with a major data breach, which is especially worrying considering 60% of respondents said they had experienced such a breach in the past two years. Just under a third (31%) of respondents said they had...
PII of 137,000 Individuals Discovered in Unsecured Elasticsearch Database
An unsecured Elasticsearch database containing the personally identifiable information of approximately 137,000 people has been exposed over the Internet. The database was discovered by security researcher Jeremiah Fowler, who determined that the data belonged to the medical emergency evacuation service provider SkyMed. Fowler discovered the security settings for the database had not been correctly configured and the database could be...
FBI’S 2018 Internet Crime Report Shows Massive Increase in BEC Attack Losses
The Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) has released its 2018 Internet Crime Report which shows there was a dramatic rise in losses due to cybercrime in 2018. In 2018, IC3 received 351,936 complaints involving more than $2.7 billion in losses. That represents an increase in losses of more than 92% compared to 2017. 2018 accounted for 36% of all losses from the past five years and complaints about...
297 Flaws Patched by Oracle in its April Security Update
Oracle’s April security update includes patches for 297 vulnerabilities across its product suite. Users of Oracle products have been advised to update the products as soon as possible to prevent the vulnerabilities from being exploited. This is especially important for this security update as it includes 53 critical bugs that have been assigned a CVSS v3 base score of 9.0 or above. 47 of those have a CVSS v3 score of 9.8. The patches...
Microsoft Confirms Support Agent’s Credentials were Compromised and Customers’ Email Data Potentially Accessed
Microsoft has experienced a data breach that has lasted at least three months. During that time, hackers were able to access affected users’ email addresses, email subject lines, folder names, and email contacts. The breach affected certain users of its web email services: Hotmail, MSN, and Outlook. A Microsoft support agent’s account details were compromised on January 1, 2019 which allowed the attackers to gain access to information...
SpamTitan Leading Secure Email Gateway Solution According to G2 Crowd
Selecting the best business security software can be a headache. Even when business leaders know exactly what they want from a software solution, choosing the right product can be difficult. After determining that a software solution ticks all the boxes and has all the required features, many businesses discover that it is a nightmare to use. When it comes to security software it is important to choose a solution that’s user friendly...
Pharmaceutical Giant Targeted in Long-Term Cyber Espionage Campaign
The German pharmaceutical giant Bayer has announced that it has been targeted by hackers who installed malware on its network. The attack was contained, but the malware was not removed for months. Instead, Bayer has been observing the malware in an attempt to determine the ultimate goal of the attack and the identity of the threat actors behind the campaign. The malware was installed on its network in early 2018. The affected systems...
Restaurant Chain Data Breach Impacts more than 2 Million Customers
A malware infection has impacted around 2 million customers of the Planet Hollywood, Earl of Sandwich, Chicken Guy!, Tequila Taqueria, Mixology, and Buca di Beppo restaurant chains. The announcement about the attack was recently made by Earl Enterprises, which operates all of the above brands. The breach was detected by Brian Krebs of KrebsonSecurity, who discovered credit cards were being sold on the darknet marketplace, Joker’s...
Jackson County, Georgia Pays $400,000 Ransom to Recover Encrypted Files
After considering the potential costs and benefits, Jackson County, Georgia determined that paying the ransom demand to unlock files encrypted in ransomware attack was the best option, even though the ransom demand was around $400,000. The attack occurred over the weekend of March 2/3, 2019, and resulted in the widespread encryption of data. The email system of the country’s government was taken out of action, and even systems used by...
STOP Ransomware Delivered via Software Cracks
STOP ransomware, a crypto-ransomware variant that uses the .rumba file extension on encrypted files, is being delivered via software cracks. Software cracking programs that generate licenses for popular software programs are commonly used to deliver malware. The executable files often install spyware and adware code during the cracking process and while it is not unknown for other malware to be installed when the programs are run, it...
Cryptocurrency Mining Malware Tops Most Wanted Malware List
Check Point’s Most Wanted Malware report for December 2018 shows that cryptocurrency mining malware was the leading malware threat in December. The top four malware threats in December 2018 were all cryptocurrency miners. Top spot goes to the Monero miner Coinhive: An online miner that uses the processing power of visitors’ computers whenever they visit a website that has had the miner installed. Coinhive has topped the Most Wanted...
Free Decryptor for Fileslocker Ransomware Developed After Master Key Leaked
A free decryptor for Fileslocker ransomware has been developed following the leaking of the master key for the ransomware on Pastebin. The master key is the key used by threat actors to decrypt files that have been encrypted by the ransomware. The post was created on December 29, 2018 and states that the master key, which decrypts the private key, is “applicable to V1, V2 version” and that the poster is “waiting for security personnel...
More Than 50 Accounts Compromised in San Diego School District Data Breach
A major data breach has been reported by the San Diego School District that has potentially resulted in the theft of the personal information of more than half a million current and former staff and students. The data exposed as a result of the breach date back to the 2008/2009 school year. The breach was detected following reports from district staff of a spate of phishing emails. The emails were highly believable and fooled users...
Webinar: Cost-Effective DNS-Based Web Filtering
In order to protect against web-based threats such as malware, ransomware, viruses, exploit kits, malvertising, and phishing, businesses need to implement a web filtering solution. A web filter allows businesses to carefully control the websites and webpages that employees can access while connected to the wired and wireless networks. All Internet traffic is routed through the filter where controls are applied to block malware...
Marriott Announces 500 Million-Record Breach of Starwood Hotel Guests’ Data
The Marriott hotel chain has announced it has suffered a massive data breach that has resulted in the theft of the personal information of up to 500 million guests of the Starwood Hotels and Resorts group. Marriott discovered the data breach on September 8, 2018 after an alert was generated by its internal security system following an attempt by an unauthorized individual to access the Starwood guest reservation database. Third-party...
75% of Employees Lack Security Awareness
MediaPro has published its 2018 State of Privacy and Security Awareness Report which assesses the level of security awareness of employees across different industry sectors. The report is based on the responses to questionnaires sent to 1,024 employees across the United States that probed their understanding of real-world threats and security best practices. This is the third year that MediaPro has conducted the study, which...
Microsoft Addresses 49 Flaws Including One Actively Exploited Vulnerability
Almost 50 vulnerabilities have been patched by Microsoft on October Patch Tuesday including one zero-day vulnerability that is being actively exploited in the wild by the FruityArmor APT group. The zero-day (CVE-2018-8453) is linked to the Win32k component of Windows and is an elevation-of-privilege vulnerability discovered by Kaspersky Lab. If exploited, a threat actor could run arbitrary code in kernel mode and could create new...
Increased Remote Desktop Protocol Attacks Prompts IC3 to Issue Warning
The FBI’s Internet Crime Complaint Center (IC3) has issued a warning to businesses about the abuse of remote administration tools such as Remote Desktop Protocol. The warning was prompted by a significant rise in attacks and darknet marketplaces selling RDP access. Remote Desktop Protocol was first introduced into Windows in 1996 and has proven to be a valuable tool. It allows employees to connect to their office computer remotely and...
Cofense Takes a Closer Look at Healthcare Phishing Attacks
Cofense, the leading provider of human-based phishing threat management solutions, has published new research that shows the healthcare industry lags behind other industry sectors for phishing defenses and is routinely attacked by cybercriminals who often succeed in gaining access to sensitive patient health data. The Department of Health and Human Services’ Office for Civil Rights publishes a summary of data breaches reported by...
Study Reveals SMB Employees Are Taking Major Data Security Risks
Cyberattacks on large enterprises often make the headlines as they tend to involve the theft of large quantities of data, but small to medium sized businesses also face a high risk of cyberattacks and data breaches. According to a new report from the Chicago-based SMB consultancy firm Switchfast, there are now 4,000 cyberattacks on SMBs every day. SMBs are often viewed as easy targets. The rewards for a successful attack may not be so...
Faxploit Attack Uses Fax Machine to Gain Network Access and Steal Data
Since the 1960s, businesses have been using fax machines to send and receive orders and communicate data quickly. To a large extent, email has replaced the fax, although faxes are still extensively used, especially in healthcare. It has been estimated that there are still around 300 million fax machines in use around the world. While fax technology is old – it was first developed in the late 1800s – faxes are not typically...
SamSam Ransomware Developer Has Earned $6 Million in Ransom Payments
SamSam ransomware has been used in many attacks on healthcare providers and educational institutions over the past two and a half years. In contrast to many other ransomware variants, the ransom payments are considerably higher, typically of the order of tens of thousands of dollars. What also makes SamSam ransomware different is its method of deployment. While many ransomware variants are installed as a result of employees opening...
Businesses Turn Employee Safety Solution into Phishing Alert System
Fast action is required when cybersecurity threats are detected to limit the harm caused. When phishing emails are received, or ransomware or malware threats are detected in the email system, fast action can prevent a costly data breach. Many businesses are now turning to their employee safety solutions as an additional protection against phishing and to instantly notify staff of a cyberattack in progress. Mass Notification Systems...
Reddit Data Breach Shows 2-Factor Authentication is Not Always Effective
A sizeable Reddit data breach has been discovered. An unauthorized individual gained access to several Reddit systems and succeeded in downloading a significant number of users’ credentials, including usernames, email addresses, and salted hashed passwords as well as public messages, and in some cases, private messages. The database that was copied was an old backup and included data from 2015, when the website was launched, through...
Hacking Group Steals $1 Million from Russian Bank via Compromised Router
The hacking group known as MoneyMaker has pulled off a $1 million cyberheist after gaining access to a Russian bank through an outdated router used in one of its regional branches. Vulnerabilities in the PIR Bank router were exploited to first give the hackers access to the router, and then to the Automated Work Station Client of the Russian Central Bank via network tunnels configured in the router. Once access to the Automated Work...
U.S. Military Data Stolen as a Result of the Failure to Change Default FTP Passwords
U.S. military computers have been accessed by a hacker and sensitive military documents have been stolen and listed for sale on online hacking forums. The U.S. defense breach was made possible due to a simple error – the failure to change the default FTP password on a Netgear router. Cybersecurity firm Recorded Future found out about the documents being sold online, which include maintenance course e-books explaining how MQ-9 reaper...
Microsoft Issues Patches for 54 Vulnerabilities; 17 Critical
This Patch Tuesday has seen Microsoft issue patches for 54 vulnerabilities, 27 of which could allow remote code exploitation. 17 of the flaws have been rated critical and 33 are rated important. Three of the vulnerabilities were disclosed before Microsoft released patches. The patches address bugs in 15 products. The majority of the critical flaws are scripting errors in Internet Explorer, including four memory corruption...
Why You Should Use a Web Filter to Prevent Employees Accessing Pornography
Many companies have realized that acceptable Internet usage policies are insufficient and do not prevent employees accessing pornography at work. While employees can be told that the viewing of pornography at work is unacceptable, and viewing pornography is likely to result in instant dismissal, it does not stop porn from being accessed at work by some individuals. The accessing of pornography in offices and other places of work is...
SMB IT Security Survey Reveals Confidence in Cybersecurity Defenses is Low
A recent SMB IT security survey has revealed that while security spending has increased by 17% year over year, IT professionals are less confident in their ability to prevent data breaches. That is not surprising given that 68% have reported having experienced at least one data breach in the past 12 months, 29% of organizations experienced a phishing attack, and 18% have had to deal with a ransomware infection. The SMB IT security...
Worldwide Cybersecurity Spending in 2017 to Exceed $86.4 Billion
Gartner has released a new report predicting worldwide cybersecurity spending in 2017 will reach $86.4 billion. The information security market is now the fastest growing sector and will increase by 7% by the end of 2017. Gartner predicts growth in the sector will be similar in 2018, with spending rising to $93 billion next year. Within the infrastructure protection segment, Gartner says the biggest growth will be in security testing....
HITRUST and Trend Micro Partnership to Improve Cyber Threat Xchange Capabilities
The Health Information Trust Alliance (HITRUST) has partnered with Trend Micro to form the HITRUST Cyber Threat Management and Response Center which will enhance the capabilities of the HITRUST Cyber Threat Xchange. The HITRUST Cyber Threat Xchange is the most widely adopted threat information sharing organization serving the healthcare industry. The HITRUST Cyber Threat Xchange provides detailed information on the latest cyber...
UK Hospital Cybersecurity Funding to Increase by £21 Million
Hospital cybersecurity funding has been increased in the UK in the wake of the recent WannaCry ransomware attacks that crippled parts of the NHS. Health Secretary Jeremy Hunt has pledged a further £21 million ($27 million) will be made available to 27 major trauma centers in the UK to improve their cybersecurity protections. The additional hospital cybersecurity funding is intended to make it harder for hospitals to be attacked with...
NIST Small Business Cybersecurity Act of 2017 Approved by House Committee
The NIST Small Business Cybersecurity Act of 2017 has been approved by the U.S. House Committee on Science, Space, and Technology. The new act requires the National Institute for Standards and Technology to issue new cybersecurity guidance for small businesses to help them manage cybersecurity risk. Cyberattacks on small businesses are now commonplace with cybercriminals often targeting small businesses. Smaller businesses may not...
74% of Organizations Vulnerable to Insider Threats
Spending on cybersecurity defenses has increased to reduce the risk of attacks by cybercriminals, yet organizations still feel vulnerable to insider threats. Furthermore, insider threats have increased in the past 12 months, according to a recent survey conducted on U.S. IT security professionals. 508 IT security professionals were surveyed by LinkedIn’s Information Security Community and Crowd Research Partners in a study conducted...
February Patch Tuesday Delayed as Microsoft Fixes Last Minute Issues
The Valentine’s Day update from Microsoft did not arrive yesterday as planned. February Patch Tuesday will be coming, just a little later than usual. The decision to bundle together updates means that if urgent flaws are not fixed in time, they would have to wait until the following month to be fixed. In this case, Microsoft has chosen to delay its monthly round of patches to make sure some serious issues are addressed and included in...
HITRUST Threat Catalogue Helps Healthcare Industry Prioritize Cybersecurity Threats
The HITRUST Alliance has announced that the organization will be releasing the HITRUST Threat Catalogue in March: A new resource to help healthcare organizations improve security by aligning the wide range of current cybersecurity threats and risk factors with its Common Security Framework. The Health Insurance Portability and Accountability Act (HIPAA) requires all covered entities to conduct a risk assessment to identify the...
Reputation Loss of More Concern than a Data Breach
Data breaches are a constant worry for most organizations, although a new study from the Ponemon Institute has shown that while the theft of data is a concern, it is the fallout from poor risk management that is the biggest worry. The biggest fear is not loss of data but loss of reputation. The study, which was sponsored by RiskVision, was conducted on 641 professionals involved in risk management at their respective organizations....
Global Cybercrime Costs Will Top $6 Trillion in 5 Years
A recent report published by Cybersecurity Ventures suggests global cybercrime costs will double over the next five years. Global cybercrime costs in 2015 are estimated to have reached $3 trillion. The damage inflicted by cybercriminals has been predicted to top $6 trillion by 2021. The managed security services provider (MSSP) and advisory firm calculated the damages from theft of intellectual property and data, financial fraud,...
Final Cybersecurity Guidance on Medical Devices Issued by FDA
Final cybersecurity guidance on medical devices has been issued by the U.S. Food and Drug Administration (FDA). The 30-page document augments previous guidance published by the FDA in 2014 and is intended to help manufacturers of medical devices implement policies, procedures, and controls to secure postmarket devices. Previous guidance has covered security controls and policies that should be implemented to ensure medical devices are...
Microsoft Admits Its Windows 10 Update Policy Was Too Aggressive
The aggressive tactics used by Microsoft to get push its Windows 10 upgrade annoyed many users. Many Windows users felt they were being bombarded with communications telling them to upgrade for security recommendations. The frequency that dialog boxes popped up on screens and the inability to remove or prevent notifications from appearing angered many Windows 7 and Windows 8 users. During a weekly podcast, Chris Capossela, Microsoft’s...
63% Increase in Healthcare Data Breaches in 2016
There has been a 63% increase in major healthcare data breaches in 2016, according to the 2016 Healthcare Cyber Breach Report from cybersecurity firm TrapX. The report, which covers healthcare data breaches in 2016 from January 1 to December 12, shows that while the total number of healthcare records exposed in 2016 was considerably lower than last year, the number of incidents increased substantially. In 2015, 111,812,172 records...
Samsa Ransomware Nets Criminals at Least $450,000 in a Year
The cybercriminals who have been infecting consumers and businesses with the ransomware variant SamSa have reportedly extorted $450,000 from businesses and consumers over the past 12 months, according to a recent report from Palo Alto Networks Unit 42 team. Researchers were able to calculate the cybercriminals’ minimum earnings by monitoring the Bitcoin Wallet addresses used by the attackers. Palo Alto Networks was able to see...
70% of Businesses Infected With Ransomware Pay Up
A recent study conducted on behalf of IBM Security has clearly demonstrated why ransomware has proved so popular with cybercriminals. Out of 600 businesses that were surveyed, almost half reported having experienced a ransomware attack. Out of those that had, 70% paid the attackers to supply keys to unlock the encryption. Ransom demands are typically around $700 per infected device, although the amounts charged can vary considerably....
Windows 8 and 10 Update Knocks Users Offline?
Internet Service Providers in the UK and Belgium have been flooded with calls from disgruntled customers who have been prevented from accessing the Internet over the weekend. The problem has been attributed to a flawed update that was automatically installed by Microsoft. The problems started last week with customers of ISPs BT, Plusnet, and TalkTalk experiencing intermittent Internet access, while Sky and Virgin Media customers also...
323,000 New Malware Samples Being Discovered Every Day
According to the latest figures from Kaspersky Lab, there are now more than 323,000 new malware samples being released every day: An increase of 13,000 per day compared to last year and 253,000 more malicious files per day than in 2011. Kaspersky Lab’s cloud database now contains the signatures for more than 1 billion forms of malware. The massive rise in new forms of malware is due to more sophisticated means of creating new malware....
Insider Breach Threat Main Concern of Half of IT Professionals
Almost half of IT professionals believe the insider breach threat is more of a concern than the threat posed by hackers. Hackers may pose a major risk to data security, but it is the insider breach threat that is most difficult to deal with. IT security solutions can be purchased to secure the network perimeter, but protecting data from internal attacks and accidental breaches is a major challenge. 49% of IT professionals that...
What are the Highest Risk IoT Devices for Enterprises?
Internet-connected devices can introduce considerable security risks, but what are the highest risk IoT devices for enterprises? According to a new report from cloud-based information security company Zscaler, the highest risk IoT devices for enterprises are surveillance cameras – devices that are purchased and installed to decrease risk. Unfortunately, while surveillance cameras can be used to reduce the risk of theft of equipment,...
Research Suggests Increased Enterprise Security Risk from IT Decentralization
A recent VMWare sponsored study conducted by Vanson Bourne suggests enterprises face an increased security risk from IT decentralization and IT professionals are not ready to deal with the security challenges that come from moving their IT infrastructure to the cloud. Vanson Bourne conducted the study on 3,300 individuals in 20 industries from 20 countries. Respondents were asked about IT decentralization and use of the cloud...
70% of IT Pros are Concerned about Cloud Security Risks
More organizations are now taking advantage of the benefits of the cloud, yet 70% of IT professionals are concerned about cloud security risks, according to the second global Cloud Security Survey from Netwrix Corp. The biggest concern is the potential for sensitive data to be accessed by employees of cloud service providers and third parties. 69% of respondents said unauthorized access was their biggest concern. Malware was also...
Can Antivirus Software Prevent Ransomware Attacks?
Can antivirus software prevent ransomware attacks? It’s possible, but extremely unlikely according to a recent survey conducted by Barkly. The survey showed that out of the companies polled, 100% of organizations that had experienced a ransomware attack in the past 12 months said they had AV software but it did not prevent ransomware from locking up files. Companies were also asked about some of the other protections they had in place...
IT Security Spending to Increase by 9% by 2018
The cybersecurity market is expected to continue to experienced strong growth as organizations increase their IT security spending to tackle the growing number of cybersecurity threats. As cyberattacks become increasingly sophisticated and more varied, organizations need to purchase new security products and commit more resources to keeping their networks and data secure. According to a new report from BCC Research, IT security...
SSL-Based DDoS Attacks ‘Trend of Q3’, says Kaspersky Lab
According to the latest threat intelligence report from Kaspersky Lab, cybercrime-as-a-service has proliferated in recent months and the cybercrime trend of the quarter is SSL-based DDoS attacks. Ransomware may still be a major issue, but the biggest threat facing businesses is SSL-based DDoS attacks. This is backed up by the 2016 Internet Organized Crime Threat Assessment (IOCTA) from Europol. The Europol report contains a stark...
Beazley Data Breach Insights Report Highlights Extent of Ransomware Problem
The Beazley Data Breach Insights Report is an annual publication summarizing the data breaches experienced by the company’s clients in the first nine months of the year. This year’s report shows there has been a 65% increase in data breaches in 2016, rising from 931 data breaches in 2015 to 1,437 breaches in 2016. Ransomware attacks have also increased significantly. There were 43 known attacks in 2015, whereas in 2016 the total has...
Hacktivist Indicted for Hospital DDoS Attacks
DDoS attacks rarely result in prosecution; however, this week the hacktivist allegedly behind a series of major hospital DDoS attacks in 2014 has been indicted on charges of conspiracy and intent to cause damage to a protected computer. If convicted of he hospital DDoS attacks, the hacktivist faces up to 15 years in jail. Martin Gottesfeld from Somerville, Mass., is alleged to have been involved in a series of DDoS attacks on Boston...
St. Jude Medical Faces New Allegations of Medical Device Vulnerabilities
In August, Muddy Waters published a report that alleged certain St. Jude Medical devices were susceptible to cytberattacks that placed the safety of patients at risk. Muddy Watters placed a short-selling bet on St. Jude Medical stock after being supplied with details of security vulnerabilities from research firm MedSec. St. Jude Medical has denied that the vulnerabilities exist, while a team of researchers from the University of...