Subscribe: - News
Added By: Feedage Forager Feedage Grade B rated
Language: English
article full  article  attack  click  full click  full  group  information  ransomware  read article  read  samsam  security 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: - News

CSO Online News

Published: Sat, 21 Apr 2018 16:57:33 -0700

Last Build Date: Sat, 21 Apr 2018 16:57:33 -0700


Security executives on the move and in the news

Fri, 20 Apr 2018 05:02:00 -0700

The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the first time to support a deeper commitment to information security.

CSO’s Movers & Shakers is where you can keep up with new appointments to senior-level security roles and perhaps gain a little insight into hiring trends. If you have an announcement of your own that you would like us to include here, contact Michael Nadeau, senior editor.

April 18, 2018: Dr. Sam Small named CSO at ZeroFOX

Dr. Small will work with social media security provider ZeroFOX’s enterprise customer portfolio to develop, execute and maintain strategies that address the security threats intertwined with social media platforms. As one of the country’s foremost experts on intellectual property (IP), Dr. Small will continue to invest, build upon and protect ZeroFOX’s proprietary platform and continued growth.

To read this article in full, please click here

Media Files:

Honeypots and the evolution of botnets | Salted Hash Ep 23

Fri, 20 Apr 2018 03:30:00 -0700

Host Steve Ragan reports from the show floor at RSA 2018, talking with guest Israel Barak, CISO at Cybereason, about his firm's recent honeypot research, which gathered information showing how the bot landscape is evolving.

Two incident response phases most organizations get wrong

Thu, 19 Apr 2018 03:00:00 -0700

Media Files:

Cryptomining, not ransomware, the top malware threat so far this year

Wed, 18 Apr 2018 07:09:00 -0700

Cryptominer-based attacks, not ransomware-based attacks, have been the top threat so far this year, according to Comodo Cybersecurity Threat Research Labs’ Q1 Global Malware Report.

In the first three months of 2018, Comodo said it “detected 28.9 million cryptominer incidents out of a total of 300 million malware incidents, amounting to a 10 percent share. The number of unique cryptominer variants grew from 93,750 in January to 127,000 in March. At the same time, the data shows this criminal attention came at the expense of ransomware activity, with new variants falling from 124,320 in January to 71,540 in March, a 42 percent decrease.”

To read this article in full, please click here

Media Files:

SamSam explained: Everything you need to know about this opportunistic group of threat actors

Wed, 18 Apr 2018 03:00:00 -0700

What is SamSam?

The first version of the SamSam (a.k.a. Samas or SamsamCrypt) ransomware was developed and released in late 2015 by a group of threat actors believed to reside in Eastern Europe.

The group itself is mostly a mystery, but the code it developed and the resulting pain from its usage isn't. SamSam is a serious threat to organizations of all sizes, and we've seen a spike in SamSam-related attacks this year.

Here's a breakdown of the malware and the group using it.

SamSam vs. other ransomware families

Most turnkey ransomware crews or authors don't really know who they're targeting. They spread their payloads (Locky, Cerber, Dharma, Spora) via drive-by downloads, direct downloads, or malicious emails, and if there's a successful infection, they'll ask for a fee to decrypt files, say $500-$1,000 in Bitcoin (BTC).

To read this article in full, please click here

Media Files:

Is it time to kill the pen test? | Salted Hash Ep 22

Tue, 17 Apr 2018 21:00:00 -0700

Host Steve Ragan reports from the show floor at RSA 2018, talking with guest Adrian Sanabria, director of research at Savage Security, about de-emphasizing network penetration tests to put more focus on attack simulations and helping companies improve their defenses.

Russia is hacking routers in global cyber attacks, US and UK warn

Tue, 17 Apr 2018 07:10:00 -0700

The U.S. and U.K. teamed up on Monday to issue an unprecedented joint warning about state-sponsored Russian hackers targeting critical network infrastructure devices. Working on behalf of the Russian government, the hackers are exploiting vulnerabilities and pwning routers worldwide.

A joint statement by the U.S. Department of Homeland Security, the FBI, and Britain’s National Cyber Security Center warned of Russian state-sponsored cyber actors exploiting routers, switches, firewalls, and network intrusion detection systems belonging to government and private-sector organizations, as well critical infrastructure providers, ISPs, and even small home offices.

To read this article in full, please click here

Media Files:

Hottest cybersecurity products at RSA 2018

Tue, 17 Apr 2018 03:43:00 -0700

RSA Conference kicks off

Image by Peter Sayer/IDG

Visitors to RSA, the world's largest security conference held in San Francisco in April, can hear about the latest strategies for fighting cyberattacks. They can also check out the exhibition areas, where they can see the latest hardware and software to protect their valuable corporate assets. Here's a quick run-down of some of the new products announced at the conference or shown there for the first time.

To read this article in full, please click here

Media Files:

Customers describe the impact of the Allscripts ransomware attack

Tue, 17 Apr 2018 03:00:00 -0700

A ransomware attack against a SaaS provider hurts customers, but when it's a healthcare company that’s hit, patients suffer. Such was the case with January's attack against Allscripts, one of the largest electronic health record and practice management technology vendors.

By all accounts, Allscripts did a lot right. They had an incident response plan in place. They got outside help. They recovered their systems. They communicated with customers.

(image) Getty Images

Register now to download the PDF of this series.

To read this article in full, please click here

Media Files:

Busted! Cops use fingerprint pulled from a WhatsApp photo to ID drug dealer

Mon, 16 Apr 2018 07:39:00 -0700

Let’s say you are holding something in your hand and snap a picture with your phone. Although the object you’re holding doesn’t quite fill your entire palm, you might not think part of your pinky finger showing could get you busted. Well, think again, as a “groundbreaking” technique of matching fingerprints found in photos “is the future” of how cops will catch criminals. It’s changing how law enforcement looks at social media images for potential evidence.

Media Files:

Ransomware, healthcare and incident response: Lessons from the Allscripts attack

Mon, 16 Apr 2018 03:00:00 -0700

On January 18, 2018, at around 2:00 a.m. EST, the security operations center (SOC) at electronic health record (EHR) and practice management software provider Allscripts detected abnormal activity.

Four hours later, at 6:00 a.m. EST, the SOC started their investigation and determined the abnormal activity was in fact a full-blown ransomware incident due to SamSam, a family of ransomware that is known to target healthcare organizations. A short time later, teams from Microsoft, Mandiant and Cisco were called in to help.

(image) Getty Images

Register now to download the PDF of this series.

To read this article in full, please click here

Media Files:

Microsoft network engineer faces charges linked to Reveton ransomware

Sun, 15 Apr 2018 09:15:00 -0700

A Microsoft network engineer faces federal money laundering and conspiracy charges connected to Reveton ransomware.

What is Reveton ransomware?

After a computer was infected with Reveton ransomware, the screen would lock and a fake message purportedly from the FBI or other law enforcement agency would claim the user had violated federal law; viewing and/or distributing porn was often cited as the law which was violated. The user was informed that a fine had to be paid to unlock their PC.

The FBI regarded Reveton ransomware as “new” back in August 2012. The use of the FBI logo was so popular with this ransomware that some people referred to it as FBI ransomware.

To read this article in full, please click here

Media Files:

Allscripts: Ransomware, recovery, and frustrated customers

Sun, 15 Apr 2018 03:00:00 -0700

(image) Getty Images

Register now to download a PDF of the complete series!

The actors behind SamSam launched an attack against Allscripts in January 2018, leaving the company’s customers without access to the services needed to run their medical practices — some for more than a week.

To read this article in full, please click here

(Insider Story)

Media Files:

SirenJack: Hackers can hijack emergency alert sirens with a $35 radio and laptop

Wed, 11 Apr 2018 07:06:00 -0700

Thanks to a flaw in popular emergency alert systems, hackers with knowledge of radio frequencies could remotely hijack the system with as little as a laptop and a $35 two-way radio and activate the sirens, trigger false alarms, or even broadcast any audio of their choosing.

The vulnerability, dubbed SirenJack, is in emergency alert systems manufactured by Acoustic Technology Inc., aka ATI Systems. It was discovered by Balint Seeber, a researcher at security firm Bastille, after he determined that the RF signals used in San Francisco’s emergency alert system were not encrypted; the activation commands were sent “in the clear.”

To read this article in full, please click here

Media Files:

Ransomware incidents double, threatening companies of all sizes

Tue, 10 Apr 2018 06:19:00 -0700

Verizon’s 2018 Data Breach Investigations Report (DBIR) is out, and companies of all sizes and industries need to take note of the results.

In a summary of its findings, Verizon noted that 73 percent of the breaches were perpetrated by outsiders, 50 percent were conducted by organized criminal groups, 28 percent involved insiders, 12 percent involved nation-state or state affiliated actors, 2 percent involved partners, and another 2 percent involved multiple partners.

Yet human error was responsible for one in five breaches. Examples included misconfiguring web servers, sending email to the wrong person and failing to shred confidential information. Humans are the weak link, and companies are about three times more likely to be breached by humans falling for social attacks than by security vulnerabilities.

To read this article in full, please click here

Media Files:

Social engineering: It's time to patch the human

Mon, 09 Apr 2018 07:00:00 -0700

Jayson Street, the DEF CON Groups Global Ambassador, and VP of InfoSec for SphereNY, has likely forgotten more about social engineering than some of us have learned over the years working in security.

That's not fluff, he really does live for this stuff.

Our conversation with Street started passively, a simple question asking him about his conference plans this year.

Media Files:

Facebook secretly tried to get hospitals to share patient data

Mon, 09 Apr 2018 05:55:00 -0700

Today, 87 million Facebook users will find out if their data may have been shared with Cambridge Analytica. All 2.2 billion Facebook users will receive a “Protecting Your Information” notice, which is linked to apps they used and the information shared with those apps.

The move comes one day before Facebook CEO Mark Zuckerberg testifies at a U.S. Senate hearing and two days before Zuckerberg testifies at a U.S. House of Representatives hearing in wake of the Cambridge Analytica scandal.

Media Files:

Hackers abused Cisco flaw to warn Iran and Russia: 'Don't mess with our elections'

Sun, 08 Apr 2018 08:35:00 -0700

The message “Don’t mess with our elections” followed by a U.S. flag appeared on Iranian and Russian screens after a hacker group exploited Cisco Smart Install Client on vulnerable machines. The hackers claim to have targeted only the computer infrastructure in Iran and Russia during the attack on Friday night.

Reuters reported that Iran’s Communication and Information Technology Ministry said, “The attack apparently affected 200,000 router switches across the world in a widespread attack, including 3,500 switches in our country.”

To read this article in full, please click here

Media Files:

DHS detects stingrays in DC, but can't find the surveillance devices

Wed, 04 Apr 2018 08:15:00 -0700

For the first time, the Department of Homeland Security (DHS) formally admitted that rogue stingrays, or unauthorized cell-site simulators, have been used in Washington, D.C., but the agency has no way to find them.

The Associated Press got its hands on a letter sent to Sen. Ron Wyden (D-Ore.) in which DHS official Christopher Krebs said “anomalous activity” that appears to be consistent with International Mobile Subscriber Identity (IMSI) catchers had been detected in National Capital Region.

To read this article in full, please click here

Media Files:

What is a supply chain attack? Why you should be wary of third-party providers

Wed, 04 Apr 2018 08:15:00 -0700

A supply chain attack, also called a value-chain or third-party attack, occurs when someone infiltrates your system through an outside partner or provider with access to your systems and data. This has dramatically changes the attack surface of the typical enterprise in the past few years, with more suppliers and service providers touching sensitive data than ever before.

Media Files:

Panera Bread blew off breach report for 8 months, leaked millions of customer records

Tue, 03 Apr 2018 07:15:00 -0700

Panera Bread’s website leaked millions of customer records in plain text for at least eight months, which is how long the company blew off the issues reported by security researcher Dylan Houlihan. Houlihan finally turned to Brian Krebs who ran with the story. From there, it turned into a real cluster flub.

Houlihan shared copies of email exchanges with Panera Bread CIO John Meister – who at first accused Houlihan of trying to run a scam when he first reported the security vulnerability back in August 2017.

To read this article in full, please click here

Media Files:

Saks, Lord & Taylor hacked; 5 million payment cards compromised

Mon, 02 Apr 2018 08:00:00 -0700

Hackers made off with a whopping 5 million credit and debit card numbers from Saks Fifth Avenue, Saks Off 5th, and Lord & Taylor, placing it “among the most significant credit card heists in modern history.”

Parent company Canada-based Hudson’s Bay Company announced the breach affecting the North American stores on Sunday, saying, “HBC has identified the issue, and has taken steps to contain it.”

HBC disclosed the hack after cybersecurity firm Gemini Advisory revealed that the JokerStash hacking group, aka Fin7, claimed to have 5 million stolen payment card numbers the group intends to sell on the dark web. The group responsible for this hack was also reportedly responsible for hacking “Whole Foods, Chipotle, Omni Hotels & Resorts, Trump Hotels and many more.”

To read this article in full, please click here

Media Files:

US wants 5 years' worth of social media history from visa applicants

Sun, 01 Apr 2018 08:50:00 -0700

Want to visit the United States? If the State Department has its way, then visa applicants should be ready to hand over a five-year history of their social media accounts, email addresses, and phone numbers. What I’d like to say after that is "April Fools!" Sadly, however, it’s not a joke.

The latest proposed extreme vetting details were published on the Federal Register on Friday. The proposal seeks to add questions to immigrant and nonimmigrant visa applications. For example:

To read this article in full, please click here

Media Files:

Don’t rush to deploy 5G if you want IoT security, agency warns

Fri, 30 Mar 2018 13:56:00 -0700

Security flaws in existing mobile networks could find their way into 5G networks too, the European Union Agency for Network and Information Security, ENISA, has warned.
That’s potentially bad news for the internet of things (IoT), where millions of insecure devices are being connected to mobile networks without adequate thought being given to the authentication and encryption of communications.

The danger is that known flaws in SS7 and Diameter, the signaling protocols used in 2G, 3G and 4G mobile could be built into 5G too, allowing traffic to be eavesdropped or spoofed, and location information to be intercepted, ENISA said in a report published Thursday.

To read this article in full, please click here

Media Files:

Baltimore's 911 dispatch hacked, CAD system down for 17 hours

Wed, 28 Mar 2018 07:20:00 -0700

Baltimore’s 911 dispatch system was hacked over the weekend.

The Baltimore Sun reported that the attack affected the Computer Aided Dispatch (CAD) system, and 911 and 311 calls “were temporarily transitioned to manual mode.”

What that means, according to Frank Johnson, CIO in the Mayor’s Office of Information Technology, is that “instead of details of incoming callers seeking emergency support being relayed to dispatchers electronically, they were relayed by call center support staff manually.”

The CAD system is used to automatically map the location of 911 callers and then route the closest emergency responders to the callers.

To read this article in full, please click here

Media Files:

GoScanSSH malware targets Linux systems but avoids government servers

Tue, 27 Mar 2018 07:45:00 -0700

GoScanSSH, a new strain of malware written in Golang (Go), has been targeting Linux-based SSH servers exposed to the internet — as long as those systems do not belong to the government or military.

In a new report, Cisco’s Talos Intelligence Group explained several other “interesting characteristics” of GoScanSSH, such as the fact that attackers create unique malware binaries for each host that is infected with the malware.

Media Files:

SamSam group deletes Atlanta's contact portal after the address goes public

Tue, 27 Mar 2018 05:00:00 -0700

An image shared with local media during the early stages of a SamSam ransomware infection in Atlanta exposed the contact portal assigned to the city by the group responsible. In addition, the image exposed wallet used by the attackers to collect ransom payments.

When questioned about their actions via the exposed portal, the SamSam group first demanded payment in exchange for answers, and later deleted the contact form entirely, calling the questions and other comments spam.

Media Files:

Microsoft to ban 'offensive language' from Skype, Xbox, Office and other services

Mon, 26 Mar 2018 07:18:00 -0700

Better watch out if you are playing Xbox, get ticked, and cuss. Microsoft might ban you for the “offensive language.” If they do, then say bye-bye to your Xbox Gold Membership and any Microsoft account balances.

Or if you and a significant other are getting hot and heavy via Skype, you better watch your language and any nudity because that, too, can get you banned. The ban hammer could also fall if Cortana is listening at the wrong moment or if documents and files hosted on Microsoft services violate Microsoft’s amended terms.

The changes are part of the new Microsoft Terms of Services agreement that go into effect on May 1 and cover a plethora of Microsoft services.

To read this article in full, please click here

Media Files:

Atlanta officials still 'working around the clock' to resolve ransomware attack

Sun, 25 Mar 2018 09:17:00 -0700

As of Saturday, Atlanta officials and federal partners were still “working around the clock” to resolve the ransomware attack on city computers that occurred around 5 a.m. on Thursday, March 22, and encrypted some financial and person data.

On Thursday, the official investigation included “the FBI, U.S. Department of Homeland Security, Cisco cybersecurity officials and Microsoft to determine what information has been accessed and how to resolve the situation.”

To read this article in full, please click here

Media Files:

SamSam ransomware attacks have earned nearly $850,000

Fri, 23 Mar 2018 15:01:00 -0700

First emerging in late 2015, the group believed to be responsible for the SamSam ransomware family has targeted small and large businesses, healthcare, governments and education.

Over time, the ransom prices set by this group have changed some, but they've remained consistent when it comes to general affordability, which is why many victims have paid. To date, the group has made nearly $850,000 USD.

Media Files:

Symantec: Diverse threats remain a consistent problem online

Wed, 21 Mar 2018 21:01:00 -0700

Media Files:

Orbitz: Hackers likely stole credit card details of nearly 900K Orbitz users

Wed, 21 Mar 2018 07:45:00 -0700

Orbitz, which is owned by Expedia, said its legacy platform may have been hacked and the personal information of customers who made purchases online between Jan 1, 2016 and Dec 22, 2017 may have been exposed. Hackers likely gained access to 880,000 payment cards as well as accessed the following personal information: full name, payment card information, date of birth, phone number, email address, physical and/or billing address, and gender.

Media Files: