Add yet another malicious encryption program to the expanding ranks of ransomware programs that target large enterprise networks in hopes of scoring big financial payoffs. The latest such threat is called Snake, a ransomware program written in the Go programming…
Category: IT SECURITY GURU
CES Suffers Cyberattack on First Day in Las Vegas
The attack, still under investigation, hit early in the morning of Jan. 7. On the opening day of the huge Consumer Electronics Show (CES), officials in Las Vegas were busy assessing the damage from a cyberattack that hit the city.…
Pittsburgh Unified School District hit by ransomware
The Pittsburgh Unified School District is still recovering from a ransomware attack that took place over the holiday recess, but its superintendent says school is open for business. Janet Schulze, Superintendent, Pittsburg (Pa.) Unified School District, told district members in…
Iran Cyberattack Scare exploited by Microsoft Phishing Scam
An attacker is attempting to take advantage of the recent warnings about possible Iranian cyberattacks by using it as a theme for a phishing attack that tries to collect Microsoft login credentials. With the rising escalations between the United States and…
Minnesota Hospital Breach Exposes Medical Info of Roughly 50K
The personal and medical information of 49,351 patients was exposed following a security incident involving two employees’ email accounts as disclosed by Minnesota-based Alomere Health. Alomere Health is a community-owned and non-profit general medical and surgical hospital with 127 beds that has been twice named…
Travelex suffers ransomware attack and results to pen and paper
Police are investigating hackers holding Travelex’s computers for ransom, forcing the company’s staff to resort to using pen and paper to record transactions. The firm initially said it had discovered the attack on New Year’s Day and immediately took its systems down,…
Warning of Potential Iranian Cyberattacks by DHS
Recent US military action in Baghdad could prompt retaliatory attacks against US organizations, it says. Concerns about an Iranian cyber response to the recent American military strike in Baghdad grew this week with the US Department of Homeland Security urging…
Deepfakes banned by Facebook but not all altered content
Facebook is rolling out a new set of rules aimed at curbing the spread of manipulated media as the specter of highly convincing deepfake videos looms large over not only the US presidential elections. An announcement by the platform’s vice president of…
2020 in cyber: The view from the security frontline
By John Conwell, data scientist at DomainTools The security industry is in constant flux. As attackers move the goal posts in order to further their own nefarious aims, the security industry scrambles to keep up. As we approach the beginning…
US Government Publishing Office Website attack
The Federal Depository Library Program (FDLP) website was attacked by a group of hackers claiming to represent the government of Iran. An obscure US federal website was attacked and vandalized on January 4, resulting in the site being taken down…
ToTok has Returned to Google Play Despite Claims being a ‘Spy Tool’
The communications app faces continued backlash after a New York Times report said it was used as a government spying tool. Mobile application ToTok has been reinstated to the Google Play app ecosystem, after it was removed last month due…
InfoTrax Breached 20+ Times
The Federal Trade Commission (FTC) finalized a settlement with a Utah-based tech company that got hacked and had the personal info of over a million clients stolen following a series of more than 20 undetected network intrusions. InfoTrax Systems, a…
Pro-Iran Messages sent by Hackers Deface U.S. Gov
A U.S. government website was vandalized late Saturday by hackers who posted images of a bloodied President Donald Trump being punched in the face and pro-Iran messages. The defaced website was the Federal Depository Library Program (FDLP) website, which makes U.S. federal government…
Austria Unprepared After Cyberattack on Foreign Ministry Says MP
The Austrian State Department’s IT systems were under a ‘serious attack’ suspected to be carried out by a state-backed threat group according to a joint statement from the Foreign Ministry (BMEIA) and the Ministry of the Interior (BMI). “A coordination committee…
Ongoing cyberattack State actors may be behind Austria’s foreign ministry
An ongoing and “serious cyberattack” at Austria’s foreign ministry could be the work of nation-state actors, the country’s government said. The ministry has set up a “coordination committee” to respond to the attack, which started as the country’s Greens party…
Japanese sex hotels search engine announces security breach
HappyHotel.jp is a website that operates similarly to Booking.com, but lets registered users search and book rooms in love hotels across Japan. In a message posted on its website, Almex, the company behind the service, said it detected unauthorized access to its servers…
Email scammers angle for cash by attacking London veterans group
A London regimental association is on alert after email scammers posing as the group’s president tried to fool veterans into sending cash. The First Hussars Association, representing about 140 retired members of the London-based regiment, saw its members targeted by…
Iran retaliation may include cyberattacks warns DHS
Although it stressed there is no evidence of a specific credible threat to the U.S. after the killing Iranian General Qasem Soleimani, the Department of Homeland Security Saturday issued a National Terrorism Advisory System Bulletin warning of retaliation, including cyberattacks. Source: SC…
AI developed in robots to detect harassment in emails
Artificial intelligence programmers are developing bots that can identify digital bullying and sexual harassment. Known as “#MeTooBots” after the high-profile movement that arose after allegations against the Hollywood producer Harvey Weinstein, the bots can monitor and flag communications between colleagues and are…
Cybersecurity Predictions for 2020: What Do Experts Think?
Tim Mackey, Principal Security Strategist for the Synopsys CyRC (Cybersecurity Research Centre): Politicians, be weary of digital assistants Cyber-attacks on 2020 candidates will become more brazen. While attacks on campaign websites have already occurred in past election cycles, targeted attacks…
Ransomware Attack on Maritime Facility Results in Coast Guard Warning
The U.S. Coast Guard last month issued a safety bulletin following a ransomware attack that impaired both the IT systems and industrial control systems of a facility regulated by the Maritime Transportation Security Act (MTSA), and prompted a 30-hour operational shutdown. The…
Security Awareness Training Company KnowBe4 Enters 2020 with Record Growth
KnowBe4, the company that provides the world’s largest security awareness training and simulated phishing platform, today announced a massive year-over-year sales increase with another record-breaking quarter. In the fourth quarter of 2019, KnowBe4 reached 54% growth over Q4 2018, increasing…
Sextortion Email Scammers are Trying Out New Tactics to Circumnavigate Spam Filter
Sextortion scammers have started to utilize new tactics to bypass spam filters and secure email gateways so that their scam emails are delivered to their intended recipients. Sextortion scams are emails that pretend to be from an attacker who has…
Active Network, A School Software Vendor, Suffers Data Breach
Active Network’s Blue Bear Software platform reported that unauthorized activity in its network earlier this year resulted in customer PII being exposed. The company reported the issue to the California Attorney General’s office stating it recently became aware that between Oct. 1,…
Starbucks Devs Leave API Key in GitHub Public Repo
One misstep from developers at Starbucks left exposed an API key that could be used by an attacker to access internal systems and manipulate the list of authorized users. The severity rating of the vulnerability was set to critical as…
IoT Company Wyze Suffered a Leak of 2.4m Emails and Device Data
An exposed Elasticsearch database, owned by Internet of Things (IoT) company Wyze, was discovered leaking connected device information and emails of millions of customers. Wyze makes smart home cameras and connected devices like connected bulbs and plugs, which can be…
Hackers Impersonate Canadian Banks In Two-year Long Phishing Attack
It has been reported that Canadian banks are being impersonated in a phishing campaign targeting both individuals and businesses via a large-scale infrastructure shared with previous attacks going back to 2017 and pointing to the same attackers. The infrastructure behind these Canadian focused attacks includes hundreds of…