Hours after being alerted by KrebsOnSecurity, Facebook last week deleted almost 120 private discussion groups totaling more than 300,000 members who flagrantly promoted a host of illicit activities on the social media network’s platform.
KREBS ON SECURITY, 04.16.2018
MEDantex, a Kansas-based company that provides medical transcription services for hospitals, clinics and private physicians, took down its customer Web portal last week after being notified by KrebsOnSecurity that it was leaking sensitive patient medical records – apparently for thousands of physicians.
ABC Denver Channel 7, 04.25.2018
Critical infrastructure, entertainment, finance, healthcare, telecoms, among recent targets of the Lazarus Group, aka Hidden Cobra.
DARK READING, 04.26.2018
PHYS ORG, 04.27.2018
Facebook has built some of the most advanced algorithms for tracking users, but when it comes to acting on user abuse reports about Facebook groups and content that clearly violate the company’s “community standards,” the social media giants; technology appears to be woefully inadequate.
KREBS ON SECURITY, 04.18.2018
On April 19, 2018, an industry partner notified NCCIC and the FBI of malicious cyber activity that aligns with the techniques, tactics, and procedures (TTPs) and network indicators listed in the Alert.
Threat actors generate, launder, spend, and reinvest more than $1.5 trillion in illicit funds, according to a new study on cybercrime’s ‘web of profit.’
DARK READING, 04.20.2018
An industry group of 34 high-tech companies led by Microsoft, have signed today a tech accord, agreeing to defend customers at all costs from cybercriminal and nation-state cyber-attacks, but also not to provide any technical aid to governments looking to launch cyber-attacks on other countries, companies, or individual users.
In February 2014 the U.S. National Institute of Standards in Technology (‘NIST’) published the first NIST Cybersecurity Framework, responding to an Executive Order on improving critical infrastructure cybersecurity issued by President Obama. At the end of last year, NIST released draft two of the Framework for Improving Critical Infrastructure Cybersecurity Version 1.1, which incorporates feedback received by NIST since the release of Version 1.0.
THE NATIONAL LAW REVIEW, 04.20.2018
THREAT SECURITY, 04.18.2018
Just 11 percent of information security professionals are women, and although women in the field are more likely than their male co-workers to hold a master’s degree or higher, they still hold less workplace authority. With that in mind, and given the ongoing cyberseucity skills shortage, the industry is making meaningful steps toward inclusion, as evidenced by the many engaging discussions on the topic that took place RSAC 2018.
SECURITY INTELLIGENCE, 04.20.2018
In 2000, odds were most judges wouldn’t scold most companies for not having multi-factor authentication. A password was enough. But now, when Google offers multi-factor authentication on gmail accounts, the bar has been raised. What’s reasonable has changed, and just using passwords might not be reasonable anymore.
In one report from CSO Online called “The Current State of Cybercrime,” from a study conducted less than a year ago in the U.S., it was found that 6 out of 10 boards “believe cyber risk is an IT problem.” As long as this belief exists, organization leaders will remain disengaged from the solutions and their role in supporting a robust cyber risk management strategy.
SECURITY INTELLIGENCE, 04.19.2018
THREAT POST, 04.17.2018
Approximately 50,000 Minecraft accounts have been infected with malware that can format users’ hard drives, delete backup data, and remove system applications, according to a research from security vendor Avast.
SOFTPEDIA NEWS, 04.19.2018
The True Cost of Sound Recording Piracy to the U.S. Economy
Piracy of recorded music costs the U.S. sound recording industries billions of dollars in lost revenue and profits – but that’s not all. This study shows that recorded music theft costs American workers significant losses in jobs and earnings, and also costs the U.S. government substantial lost tax revenue.
PIT Journal, Cycle 6.2015
MUSIC AND MOVIE PIRACY
How Much Do Music and Movie Piracy Really Hurt the U.S. Economy?
Supporters of stronger intellectual property enforcement – such as those behind the proposed new Stop Online Piracy Act (SOPA) and Protect IP Act (PIPA) bills in Congress – argue that online piracy is a huge problem, one which costs the U.S. economy between $200 and $250 billion per year, and is responsible for the loss of $750,000 American jobs.
ATTACK OF THE HACK
BACK BLAZE, 10.11.2017
THE BALTIMORE SUN, 04.02.2018
BLEEPING COMPUTER, 03.29.2018
Russian Hackers Target U.S. Power, Water Facilities.
Russian government hackers have been targeting U.S. government entities as well as organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors for the past two years, according to a joint Technical Alert issued by the Department of Homeland Security and the Federal Bureau of Investigation.
ENVIRONMENT NEWS SERVICE, 03.16.2018
RUSSIAN THREAT ACTORS
DHS/FBI Alert: Russian Governemnt Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors.
Yesterday’s unprecedented DHS/FBI announcement states that, since at least March 2016, “Russian govenemnt cyber actors – hereafter referred to as “threat actors” – targeted govenmenrt entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.”
CYBER X, 03.18.2018
U.S. says Russian hackers targeted American energy grid.
The Trump Administration on Thursday accused Russian government hackers of carrying out deliberate, ongoing operation to penetrate vital U.S. industries, including the energy grid – a major ratcheting up of tensions between the two countries over cybersecurity.
SECURITY WEEK, 03.14.2018
COMPUTER WEEKLY, 03.16.2018
PANAMA PAPERS TAX SCANDAL
THE GUARDIAN, 03.14.2018
ZD NET, 03.14.2018
ZD NET, 03.12.2018
New POS Malware Pinkkite takes flight.
A new family of point-of-sale malware, dubbed Pinkkite, has been identified by researchers who say the malware is tiny in size, but can deliver a hefty blow to POS endpoints.
THREAT POST, 03.14.2018
Cybersecurity by the numbers: market estimates, forecasts, and surveys.
What is the state of the cybersecurity industry and practice today? Recent surveys and analysis provide fresh insights, from senior management and board of directors not taking cyber threats seriously enough, IoT and mobile security deficiencies, the perennial cybersecurity skills shortage, new types of a global cyber war.
INFORMATION SECURITY MANAGEMENT
DARK READING, 03.16.2018
CYBERATTACKS PLAGUE PHARMECEUTICAL AND HEALTHCARE SECTOR
SECURITY WEEK, 03.15.2018
CSO Online, 01.23.2018
DARK READING, 03.02.2018
SECURITY & PRIVACY
CFOs don’t worry enough about cyber risk.
Every executive and board of directors is asking themselves the same question in regard to their cyber risk right now: what can we do differently to avoid being the next Equifax, Yahoo! Or Target, and protect our shareholder value?
HARVARD BUSINESS REVIEW, 12.01.2017
THE WASHINGTON POST, 03.01.2018
VIRUS & THREATS
SECURITY WEEK, 02.26.2018
SC Magazine, 01.22.2018
National Stores, Inc. notifies customers that malware may have compromised payment cards
National Stores, Inc., (”National Stores“ or the ”Company“) announced today that it has been the victim of a malware attack, enabling unauthorized parties to access payment card information. Immediately upon detecting the incident, the Company engaged…
The Daily Mail, 01.21.2018
Hackers Abuse Google Ad Network To Spread Malware That Mines Cryptocurrency
More than a decade ago Google bought DoubleClick, one of the first major advertising services on the Web, for a cool $3.1 billion. That acquisition is a major reason that Google is such a dominant force in online advertising today.
Maersk Reinstalled 45,000 PCs and 4,000 Servers to Recover From NotPetya Attack
The world’s largest container shipping company —A.P. Møller-Maersk— said it recovered from the NotPetya ransomware incident by reinstalling over 4,000 servers, 45,000 PCs, and 2500 applications over the course of ten days in late June and early July 2017.
Fraud, cyber, & security risks at all-time high as cyber attacks displace theft of physical assets ‘for first time,’ says new Kroll report
According to an annual report on global fraud and risk carried out by Kroll, a US-based corporate investigations and risk management consultancy, which noted that “information theft, loss, or attack was the most prevalent type of fraud experienced” for the first time…
Take Time To Understand The Cyber Threat Landscape
Cybercrime is on the rise. The number of data breaches in 2017 was staggering and things are likely to get worse. More than 5 million data records are lost or stolen every day, according to the Breach Level Index. Cybercrime is predicted to cost the world $6 trillion annually by 2021, up from $3 trillion in 2015, according to Cybersecurity Ventures.
ISTP Magazine, 01.22.2018
Ransomware Outlook: 542 Crypto-Lockers and Counting. A clear and present threat to businesses and consumers
“From a business standpoint, the biggest threat, especially at the end of last year, was ransomware,” says Adam Kujawa, director of malware intelligence at security firm Malwarebytes.
Security flaw found in Electron, a major application development toolcyber
A flaw in a very popular software-building framework may affect a large number of popular desktop apps from Microsoft (Skype, Visual Studio Code), Brave (browser), GitHub (Atom Editor), Signal, Slack, Basecamp, WordPress.com, Twitch, Ghost, and others.
Dell Advising All Customers To Not Install Spectre BIOS Updates
The Spectre & Meltdown mess continues with Dell now recommending their customers do not install the BIOS updates that resolve the Spectre (Variant 2) vulnerabilities. These updates have been causing numerous problems for users including performance issues, boot issues, reboot issues, and general system instability.
Spectre and Meltdown patches causing trouble as realistic attacks get closer
Applications, operating systems, and firmware all need to be updated to defeat Meltdown and protect against Spectre, two attacks that exploit features of high-performance processors to leak information and undermine system security. The computing industry has been scrambling to respond after news of the problem broke early a few days into the new year.
ars technica, 01.15.2018
KNOW THE ENEMY
IoT Botnets the Work of a ‘Vast Minority’
In December 2017, the U.S. Department of Justice announced indictments and guilty pleas by three men in the United States responsible for creating and using Mirai, a malware strain that enslaves poorly-secured “Internet of Things” or IoT devices like security cameras and digital video recorders for use in large-scale cyberattacks.
ars technica, 01.25.2018