The UN did not publicly disclose a major hacking attack into its IT systems in Europe – a decision that potentially put staff, other organisations, and individuals at risk, according to data protection advocates. Dozens of UN servers were compromised and some administrator accounts breached, according to a confidential UN report obtained by The New Humanitarian.
Tel Aviv-based Otorio, a cybersecurity firm which specializes in industrial control systems (ICS), said that the ransomware called “Snake,” like others of its kind, encrypts programs and documents on infected machines. Snake, which was recently discovered, searches for hundreds of specific programs tied to industral systems.
(TNS) Hundreds of Social Security numbers could be contained in unredacted documents housed on the Allegheny County Civil Courts public website. The Tribune-Review located federal tax lien documents filed each year from 1997 to 2010 that display unredacted tax identification numbers. In many cases, they are an individual’s ssn.
Intel on Monday issued a processor data leakage advisory, INTEL-SA-00329, describing two chip architecture flaws, one of which it tried to fix twice before. The memo covers two security vulnerabilities: CVE-2020-0548, dubbed Vector Register Sampling and rated 2.8 Low severity, and CVE-2020-0549, described as L1D Eviction Sampling (L1Des) Leakage and rated 6.5 Medium severity.
A large-scale spam campaign bent on spreading info-stealing malware is applying advanced obfuscation techniques to get around security scanning and maximize infection rates. According to Lastline researchers, a large botnet is distributing malicious rich text format (RTF) documents that act as downloaders for well-known info-stealers, such as Agent Tesla or LokiBot.
A high-severity vulnerability exists in a popular WordPress plugin, potentially opening up 200,000 websites to takeover. The WordPress plugin in question in Code Snippets, which allows users to run small chunks of PHP code on their websites. This can be used to extend the functionality of the website (essentially used as a mini-plugin).
A county in the Pacific Northwestern state of Oregon is yet to fully recover from a ransomware attack that happened over a week ago. Cyber-criminals hit Tillamook County in a targeted attack last Wednesday, January 22. As a result, all internal computer systems under the county government, which 250 county employees rely on, went down.
This new battlefield is filled with obfuscated identities and anonymous adversaries that have weaponized data breaches of government sites and combined this data with publicly available data to create powerful new sources of intelligence. Civil unrest, voter polarization, and international politics has increased demand for this data and as a result, we have seen increased circulation of voter information available in the underground community.
For years one of the most prominent pieces of legislation on this topic, the Botnet Prevention Act, which was first introduced in 2016, languished in Congress. Just last December, however, a version of the bill quietly passed through the Senate Judiciary Committee as part of a larger legislative package focused on countering the Russian government.
The National Institute of Standards and Technology (NIST) published draft guidelines Monday providing businesses with ways to defend against debilitating ransomware attacks. The two draft practice guidelines help firms create strategies to protect data in the event of an cyberattack.
New York State may soon ban municipalities from paying ransomware demands in the event of a cyberattack. State Senators Phil Boyle, George M. Borrello and Sue Serino introduced Senate Bill S7246 earlier this month, in response to the rising tide of cyberattacks targeting government agencies and municipal entities across the country.
Researchers have observed the cybercrime group back in action, now using a new tactic for distributing malware. Cybercrime group Evil Corp (a.k.a. TA505 or Dudear) is back in action after a short hiatus, with a technique in its arsenal not previously used by the group to distribute malware. Microsoft on Thursday said that it observed emails from the cybercriminal gang utilizing HTML redirectors.
