Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know. Global ransomware attack causes turmoil Companies across the globe are reporting that they have been struck by a major ransomware cyber-attack. Read more… Anthem to pay record $115 million to settle U.S. lawsuits over data breach Anthem Inc., the largest U.S. health insurance company, has agreed to settle litigation over hacking in 2015 that compromised about 79 million people's personal information for $115 million, which lawyers said would be the largest settlement ever for a data breach. Read more… Kaspersky Lab Faces More U.S. Scrutiny Over Potential Russian Govt. Influence Moscow-based Kaspersky Lab this week found itself the subject of escalating concerns about the company's possible connections with the Russian government. The immediate worries this time were prompted by news that FBI agents had questioned several of the security vendor's US-based employees. Read more…
8tracks breach yields data on 18M accounts Hackers accessed 8tracks's user database and pilfered information, including email addresses and encrypted passwords, from at least 18 million accounts signed up for the Internet radio service using email. Read more…
Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know. Honda Shut Down Plant Impacted by WannaCry Honda, one of the largest automobile manufacturers in the world, announced that it was forced to shut down production at one of its Japanese plants after it was hit by the WannaCry ransomware. Read more… Skype outage causing connectivity issues, company says it’s a “global incident” Microsoft’s recently updated communications app Skype has been suffering connectivity issues which began on Monday, June 19th. After hours of downtime on Monday, the company confirmed the issue via a blog post and tweet, which stated that an incident was causing users to either lose connectivity to the application or lose their ability to send and receive messages. Read more… Data of nearly all registered US voters left unsecured for weeks in RNC trove Personal data, including names, addresses, voter registration details and social media posts, made vulnerable because of improper security settings. The 198 million individuals captured in the data represent virtually the entire registered voter population. Read more… New York Supreme Court Justice fell for $1M phishing attack New York State Supreme Court Justice Lori Sattler was duped out of more than $1 million while trying to sell her Upper East Side apartment and purchase another. Justice Sattler was fooled by a phishing email she thought was from her estate lawyer into wiring nearly $1.1 million to the Commerce Bank of China. Read more…
As the dust settles from the initial shock of the WannaCry ransomware and the lasting implications of the attack continue to reveal themselves, it is important to look back and see what we can learn from it. BOHH Labs CTO Ken Hawkins reflects below on what can be said about this latest ransomware/malware and the lessons we can learn it. This latest attack was put together quickly and seems on the surface to be the work of persons or entities that either are just dabbling in the arena for the first time or it is a brazen attack leaving an easily seen breadcrumb like a trail to the source. Even though it did cause a global issue for a lot of persons, it appears that still today, the oldest tricks are the best in this arena of ransomware. How it generally happens? Target older end of life OS’s with known issues that have not been patched, phish until you find an entry (clicking a link in email, opening an attachment, etc.) onto a single machine, infect (encrypt), demand a ransom from the user and broadcast to the next unsuspecting victim. Of course, it is a little more involved than that from a technology standpoint; however, for the layman in all of us, this is how it happens. In this case, it was primarily spread through Windows XP machines, which support ended for the OS in 2014 after users were notified as far back as 2008. Think about this, Microsoft notified users a full 6 years before it officially ended support for XP and yet still many corporations kept the OS in place. The reasons of course can vary from a smaller company with no budget to fortune 500 or greater companies who have had some machines still in service. One needs not go into the deep dark corners of hackerdom arenas to know how this spread and works, nor does a person need to buy the latest and greatest operating system and stay in that endless upgrade cycle. Ransomware like this latest gain a foothold and proliferate in the same manner as the Target security breach of 2013 and others. Someone was duped into clicking a link in an email without knowing where it was going or what was going to happen. Once clicked, the end user probably will not know immediately what has happened. Remember this when you click the clink you are unaware of, you cannot react faster than the computer can change its state. Once you click that risky link of the day your entire computer can be locked down or overtaken in a matter of seconds if not milliseconds! The lesson we should once again learn here is trust. In today’s information / computer age, trust is still the key to a safe journey ended on the Internet. This trust comes from the individual and not a company. There is no better way to protect yourself from infection than knowing where you are going on the Internet. You can draw a similar parallel of following a GPS while driving. Think about how many times the GPS has given you wrong or longer driving routes, and the frustration you might feel knowing in hindsight that there was a better way. If it takes you longer to get somewhere or you must backtrack, that is time lost at best. Not knowing where you are going on the Internet can cost you your identity, compromise your companies’ network and a possible loss data, which can never be retrieved.
You can say metaphorical statements like “If it looks too good to be true don’t believe it” and others but until we stop being complacent in our Internet travels, these kinds of attacks will continue to affect us all to some degree. I say it like this, know your hyperlinks! If the link looks risky, right click on it, copy and paste it somewhere (notepad, etc.) and look at it before you go. Did it originate from the entity it states the email is from? Watch out for a link that points to a different generic top level domain (.com vs .net)? If you’re unsure and want to make sure, call the entity who sent the email. A little bit of vigilance will go a long way to protecting you and your personal details from the more nefarious entities who unfortunately do lurk the Internet.
Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know. Verizon closes Yahoo deal for $4.48 billion after long, bumpy road Verizon has finally closed its acquisition of Yahoo for US$4.48 billion, as well as closing the book on Yahoo's CEO, Marissa Mayer, who has resigned. The finalization of the deal comes after a long and fraught process during which it was revealed that Yahoo was subject to one of the largest breaches in history. Read more… Russian Cyber Hacks on U.S. Electoral System Far Wider Than Previously Known Russia’s cyberattack on the U.S. electoral system before Donald Trump’s election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported. Read more… Former CIA Director calls on public to demand cybersecurity legislation Former CIA Director John Brennan is urging Americans to encourage federal lawmakers to push forward cybersecurity-focused legislation, regulations and other rules so that the U.S. is better prepared in cyberspace. Read more... It's time to update XP, Windows Server 2003 despite Microsoft's emergency patch Windows XP and Windows Server 2003 are supposed to be dead, but Microsoft's emergency update to address serious vulnerabilities gives organizations another excuse to hang on to these legacy operating systems a little longer. Read more…
Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know. Cybersecurity Faces 1.8 Million Worker Shortfall By 2022 Over the next five years, the number of unfilled cybersecurity jobs will rise to a whopping 1.8 million, a 20% increase from 2015 estimates, according to a new (ISC)2 survey released today. Read more… Consumers Trust Banks Over Tech Companies For Digital Payments Payments still belong to banks, according to consumers—even when those payments are being made through a smartphone or an IoT device. The majority of “connected” consumers, nearly 80%, cited their bank as the “most trusted” provider for a digital payment solution, a study by PYMNTs on behalf of Visa found. Read more…
Recap: News agency hack blamed for diplomatic meltdown in Qatar The diplomatic break between four of the Gulf Cooperation Council (GCC) states is being partially blamed on a security incident at Qatar News Agency (QNA). The alleged hack resulted in a fake news article that inflamed leaders in the region. Read more…
Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know. Cybercrime Costs to Reach $8 Trillion by 2022 Cybercrime costs are expected to saddle businesses with a whopping $8 trillion price tag over the next five years, as connectivity to the Internet rises but security system upgrades don't keep pace. Read more…
Kmart Confirms Breach at Unspecified Number of Stores Kmart has suffered a data breach affecting an unspecified number of its 735 U.S. locations. They have warned customers that "some, not all" of its stores' point-of-sale systems had been infected by malware that exposed their payment card data to attackers. Read more… Tainted Leaks: Researchers Unravel Cyber-Espionage Attacks A "single cyber espionage campaign" apparently linked to Russia has targeted more than 200 people in 39 countries with phishing attacks. Read more…
