• City of Laredo office recovering from ransomware virus
    By Julia Wallace, LMTonline.com / Laredo Morning Times Updated 10:11 am CDT, Friday, May 24, 2019 The City of Laredo is nearly back on its feet after a ransomware virus encrypted a document management system used by the City Secretary’s Office at around 1:30 a.m. Wednesday. Co-Interim City Manager Rosario Cabello said Thursday afternoon that most of their departments’ systems were up and running again. But all city employees’ computers had to be shut off for much of Wednesday to contain the virus. The information technology staff for the city, fire and police departments were checking each computer one by one before turning them back on, Cabello said. He noted that if the city hadn’t had this insurance, they wouldn’t have been able to get their information back. The City of Laredo backs up their system every night, so they will be able to restore all their history, IT Director Homero Vazquez said.Read More
  • Australian tech unicorn Canva suffers security breach
    Data for roughly 139 million users has been taken during the breach, according to the hacker, who tipped off ZDNet. For other users, the stolen information included Google tokens, which users had used to sign up for the site without setting a password. Of the total 139 million users, 78 million users had a Gmail address associated with their Canva account. - Round 1 + Round 2 [620 million + 127 million user records] - Round 3 [93 million user records] - Round 4 [26.5 million user records]Read More
  • Hackers are scanning for MySQL servers to deploy GandCrab ransomware
    At least one Chinese hacking crew is currently scanning the internet for Windows servers that are running MySQL databases so they can infect these systems with the GandCrab ransomware. These attacks are somewhat unique, as cyber-security firms have not seen any threat actor until now that has attacked MySQL servers running on Windows systems to infect them with ransomware. Brandt said hackers would scan for internet-accessible MySQL databases that would accept SQL commands, check if the underlying server would run on Windows, and then use malicious SQL commands to plant a file on the exposed servers, which they'd later execute, infecting the host with the GandCrab ransomware. The Sophos researcher tracked these attacks back to a remote server, which had an open directory running server software called HFS, which exposed download stats for the attacker's malicious payloads. "The server appears to indicate more than 500 downloads of the sample I saw the MySQL honeypot download (3306-1.exe).Read More
  • Assange indicted on 17 counts under Espionage Act
    Home > Security News > APTs/cyberespionage WikiLeaks founder Julian Assange was indicted Tuesday on 17 counts of violating the rarely invoked Espionage Act for the 2010 procurement and publication of classified documents nicked by former Army Private and intelligence officer Chelsea Manning. They accuse Assange of soliciting classified and sensitive information, egging on Manning, who used her top secret clearance to obtain documents that showed U.S. actions during the Afghanistan and Iraq wars as well as the treatment of detainees at Guantanamo. Assange also spurred Manning to continue to steal documents and helped her “crack a password hash to a military computer,” the indictment said. By the time Assange entered into a password-cracking agreement with Manning, he “knew, understood, and fully anticipated that Manning was taking and illegally providing WikiLeaks with classified records containing national defense information of the United States that she was obtaining from classified databases.” Manning eventually pleaded guilty to 10 of 22 charges against her and served seven years in prison before President Obama commuted her sentence.Read More
  • US officials say foreign election hacking is inevitable
    Special counsel Robert Mueller has documented a sweeping effort by Moscow to meddle in the 2016 election in Donald Trump's favor by hacking Democrats and spreading disinformation online, and FBI Director Chris Wray said in April that the government regarded last November's midterm election was "as just kind of a dress rehearsal for the big show in 2020." Adam Hickey, a deputy assistant attorney general in the Justice Department's national security division, told a House Oversight and Reform subcommittee that hacking was "inevitable." "Systems that are connected to the Internet, if they're targeted by a determined adversary with enough time and resources, they will be breached," Hickey said. "So, we need to be focusing on resilience." "We need to take a breath. "If we undermine ourselves, the confidence in our system, we will be doing our adversaries' work for them." Chris Krebs, head of DHS' cyber efforts, echoed the message, saying, "100 percent security is not the objective.Read More
  • How Hackers Access Direct Deposit Paycheck — And What to Do About It
    Hackers Do a Payroll Diversion Through Phishing A direct deposit paycheck hack involves getting the necessary details from the victim through a phishing scheme. According to a statement about from the FBI’s Internet Crime Complaint Center (IC3), cybercriminals orchestrate the phishing attempt — which the FBI calls a “payroll diversion” — to get the details for a person’s online payroll account. Once successful, the hacker changes the account details for the direct deposit payments to an account they control. Typically, the hackers set up accounts with free email services and create accounts containing a real employee’s name. Trustwave covered BEC payroll hacks in a blog post and mentioned that cybercriminals often make the phishing emails seem to originate from a company’s CEO and go to a human resources or accounting manager, or someone else with the ability to alter an employee’s direct deposit account information. Do the same if someone from payroll emails you asking for your direct deposit details to “update their records.” Another thing you can do is check the structure of the email.Read More
  • The Pentagon is Trying to Secure Its Networks Against Quantum Codebreakers
    Advances in quantum computing could render the government’s strongest encryption systems obsolete, and the Defense Department is trying to get ahead of the curve. The Defense Information Systems Agency is asking security researchers to share ideas for protecting the Pentagon’s IT infrastructure against quantum computers. Though today’s quantum systems are still in their infancy, military officials worry their more powerful successors will be able to easily crack the codes used to secure military networks today. “However, [the Defense Department] must begin now to prepare its information security systems to be able to resist attacks from large-scale quantum computers.” But quantum computers, which will be exponentially more powerful than the fastest supercomputers on Earth today, would make short work of traditional cryptography, DISA officials said. Per the solicitation, DISA is looking for white papers that outline novel encryption algorithms that could withstand attacks from quantum and classical computers.Read More
  • First American Financial Leaked 800-plus Million Sensitive Mortgage Documents
    ImageFirst American Financial Corporation was notified by a well-known cybersecurity blogger that its website had a flaw that exposed hundreds of millions of financial records.CreditCreditKristoffer Tripplaar/Sipa, via Associated Press ImagesBy Nicole Perlroth and Stacy CowleySAN FRANCISCO — First American Financial Corporation, a provider of title insurance, said Friday that it had fixed a vulnerability in its website that exposed 885 million records related to mortgage deals going back 16 years.The vulnerability would have allowed anyone to gain access to Social Security numbers, bank account details, drivers license and mortgage and tax records.The security failure was first reported by Brian Krebs, the cybersecurity writer who last year reported a flaw in the way Facebook was storing hundreds of millions of user passwords.First American, based in Santa Ana, Calif., said in a statement Friday afternoon that it addressed the security gap after it was notified by Mr. Krebs.Read More
  • Medical industry struggles with PACS data leaks
    Posted: May 24, 2019 by Vasilios Hioureas In the medical world, sharing patient data between organizations and specialists has always been an issue. What we see today is individual practices hosting patient medical data on private and often in-house systems called PACS servers. It’s in the setup While there are hundreds of examples of exploitable medical devices/ services which have been publicly exposed so far, I will focus in detail on one specific case that deals with a PACS server framework, a system that has great prevalence in the industry and deserves attention because it has the potential to expose private patient data if not set up correctly. “This data does not contain a credit card and sometimes not even a social security number.” We have seen that on the black market, medical data is much more valuable to criminals than a credit card, or even a social security number alone. As I have described in this article, medical records are stored in silos, and it is not possible for one medical professional to cross check patient data with any kind of central database.Read More
  • German Minister Wants Secure Messengers To Decrypt Chats
    Seehofer is also known for his "zero tolerance" policy toward criminals and for calling for "video surveillance at every hot spot in the country" according to Deutsche Welle. The proposal also says that the freedom to use messaging encryption has to be "reconciled with the unavoidable needs of security agencies" to have access to communications when mandated by a court. According to the German Ministry of the Interior, Building and Community proposal, messaging apps can use encrypted communication by default but they would also have to ensure "state-of-the-art access to the contents of communication as a legally regulated exemption for their users".Read More