Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know.
Global ransomware attack causes turmoil
Companies across the globe are reporting that they have been struck by a major ransomware cyber-attack. Read more…
Anthem to pay record $115 million to settle U.S. lawsuits over data breach
Anthem Inc., the largest U.S. health insurance company, has agreed to settle litigation over hacking in 2015 that compromised about 79 million people's personal information for $115 million, which lawyers said would be the largest settlement ever for a data breach. Read more…
Kaspersky Lab Faces More U.S. Scrutiny Over Potential Russian Govt. Influence
Moscow-based Kaspersky Lab this week found itself the subject of escalating concerns about the company's possible connections with the Russian government. The immediate worries this time were prompted by news that FBI agents had questioned several of the security vendor's US-based employees. Read more…
8tracks breach yields data on 18M accounts
Hackers accessed 8tracks's user database and pilfered information, including email addresses and encrypted passwords, from at least 18 million accounts signed up for the Internet radio service using email. Read more…
Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know.
Honda Shut Down Plant Impacted by WannaCry
Honda, one of the largest automobile manufacturers in the world, announced that it was forced to shut down production at one of its Japanese plants after it was hit by the WannaCry ransomware. Read more…
Skype outage causing connectivity issues, company says it’s a “global incident”
Microsoft’s recently updated communications app Skype has been suffering connectivity issues which began on Monday, June 19th. After hours of downtime on Monday, the company confirmed the issue via a blog post and tweet, which stated that an incident was causing users to either lose connectivity to the application or lose their ability to send and receive messages. Read more…
Data of nearly all registered US voters left unsecured for weeks in RNC trove
Personal data, including names, addresses, voter registration details and social media posts, made vulnerable because of improper security settings. The 198 million individuals captured in the data represent virtually the entire registered voter population. Read more…
New York Supreme Court Justice fell for $1M phishing attack
New York State Supreme Court Justice Lori Sattler was duped out of more than $1 million while trying to sell her Upper East Side apartment and purchase another. Justice Sattler was fooled by a phishing email she thought was from her estate lawyer into wiring nearly $1.1 million to the Commerce Bank of China. Read more…
As the dust settles from the initial shock of the WannaCry ransomware and the lasting implications of the attack continue to reveal themselves, it is important to look back and see what we can learn from it.
BOHH Labs CTO Ken Hawkins reflects below on what can be said about this latest ransomware/malware and the lessons we can learn it.
This latest attack was put together quickly and seems on the surface to be the work of persons or entities that either are just dabbling in the arena for the first time or it is a brazen attack leaving an easily seen breadcrumb like a trail to the source. Even though it did cause a global issue for a lot of persons, it appears that still today, the oldest tricks are the best in this arena of ransomware.
How it generally happens? Target older end of life OS’s with known issues that have not been patched, phish until you find an entry (clicking a link in email, opening an attachment, etc.) onto a single machine, infect (encrypt), demand a ransom from the user and broadcast to the next unsuspecting victim. Of course, it is a little more involved than that from a technology standpoint; however, for the layman in all of us, this is how it happens. In this case, it was primarily spread through Windows XP machines, which support ended for the OS in 2014 after users were notified as far back as 2008. Think about this, Microsoft notified users a full 6 years before it officially ended support for XP and yet still many corporations kept the OS in place. The reasons of course can vary from a smaller company with no budget to fortune 500 or greater companies who have had some machines still in service.
One needs not go into the deep dark corners of hackerdom arenas to know how this spread and works, nor does a person need to buy the latest and greatest operating system and stay in that endless upgrade cycle. Ransomware like this latest gain a foothold and proliferate in the same manner as the Target security breach of 2013 and others. Someone was duped into clicking a link in an email without knowing where it was going or what was going to happen. Once clicked, the end user probably will not know immediately what has happened. Remember this when you click the clink you are unaware of, you cannot react faster than the computer can change its state. Once you click that risky link of the day your entire computer can be locked down or overtaken in a matter of seconds if not milliseconds!
The lesson we should once again learn here is trust. In today’s information / computer age, trust is still the key to a safe journey ended on the Internet. This trust comes from the individual and not a company. There is no better way to protect yourself from infection than knowing where you are going on the Internet. You can draw a similar parallel of following a GPS while driving. Think about how many times the GPS has given you wrong or longer driving routes, and the frustration you might feel knowing in hindsight that there was a better way. If it takes you longer to get somewhere or you must backtrack, that is time lost at best. Not knowing where you are going on the Internet can cost you your identity, compromise your companies’ network and a possible loss data, which can never be retrieved.
You can say metaphorical statements like “If it looks too good to be true don’t believe it” and others but until we stop being complacent in our Internet travels, these kinds of attacks will continue to affect us all to some degree. I say it like this, know your hyperlinks! If the link looks risky, right click on it, copy and paste it somewhere (notepad, etc.) and look at it before you go. Did it originate from the entity it states the email is from? Watch out for a link that points to a different generic top level domain (.com vs .net)? If you’re unsure and want to make sure, call the entity who sent the email. A little bit of vigilance will go a long way to protecting you and your personal details from the more nefarious entities who unfortunately do lurk the Internet.
Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know.
Cybersecurity Faces 1.8 Million Worker Shortfall By 2022
Over the next five years, the number of unfilled cybersecurity jobs will rise to a whopping 1.8 million, a 20% increase from 2015 estimates, according to a new (ISC)2 survey released today. Read more…
Consumers Trust Banks Over Tech Companies For Digital Payments
Payments still belong to banks, according to consumers—even when those payments are being made through a smartphone or an IoT device. The majority of “connected” consumers, nearly 80%, cited their bank as the “most trusted” provider for a digital payment solution, a study by PYMNTs on behalf of Visa found. Read more…
Inside Job: NSA Fails to Stop Another Leaker
For at least the third time in four years, the U.S. National Security Agency has failed to stop a leak of classified material from its network. Read more…
Recap: News agency hack blamed for diplomatic meltdown in Qatar
The diplomatic break between four of the Gulf Cooperation Council (GCC) states is being partially blamed on a security incident at Qatar News Agency (QNA). The alleged hack resulted in a fake news article that inflamed leaders in the region. Read more…
