• Afghan diplomats in Pakistan targeted by 'state-backed hackers'
    Afghan embassy sources told the BBC two staff members and a generic account received alerts from Google this month. After the Google warning alerts were sent out, another Afghan diplomat's email account was hacked and made to send out emails, without his knowledge, containing suspicious attachments. A source in the Afghan embassy told the BBC he was concerned that recipients of the emails sent out from the diplomat's account could believe the Afghan embassy was linked to the movement. One of the Afghan embassy staff members befriended by "Sana Halimi" told colleagues "she" had engaged him in conversation pretending to be an Afghan woman from the city of Herat. Image copyright Diep Saeeda Image caption The pictures of "Sana Halimi" were stolen from the account of a 21-year-old chef in Lahore The BBC has learnt that the pictures of "Sana Halimi" were in fact stolen from the social media accounts of a 21-year-old chef in Lahore called Salwa Gardezi with no connection to Afghanistan.Read More
  • Cyberattack shuts down Pasquotank website, files
    Pasquotank County was the victim of a cyberattack earlier this month that shut down its website and left the county without some “crucial files,” according to County Manager Sparty Hammett.No county files or citizens' data were stolen in the attack, Hammett said in an interview Friday. He also said the county has restored three of the five county servers targeted, and has retained a consultant, Soundside Group, of Plymouth, to help the county recover from the attack and prevent future ones.Hammett provided the following details of the attack:In the early hours of May 16, the county's IT director, Colin Flatness, discovered a problem with the county's email system and searched for viruses and malware.Read More
  • Was A Massive Cyberattack Just Prevented?
    The Federal Bureau of Investigation (FBI) is dismantling a “large network of hacked routers and storage devices” that could have enabled a “massive cyberattack,” according to a report in The Wall Street Journal. The FBI move came after Cisco Systems Inc. and authorities from the United States and the Ukraine warned about the prospect of the gear facilitating an attack that could “knock hundreds of thousands of internet users offline,” according to the report. An expert quoted by the Wall Street Journal — Craig Williams, a security researcher with Cisco — said the danger comes from software called VPNFilter, which has infected devices in 54 countries. The FBI’s response to the potential attack came after Cisco, on Wednesday (May 23), said the “hacking campaign … targeted devices from Linksys, MikroTik, NETGEAR, TP-Link and QNAP,” according to a report from Reuters. “Ukraine’s SBU state security service responded to the report by saying it showed Russia was readying a large-scale cyberattack ahead of the Champions League soccer final, due to be held in Kiev on Saturday,” the report added.Read More
  • Most Expensive Data Breaches Start with Third Parties: Report
    Data breach costs increased 24% for enterprise victims and 36% for SMBs from 2017 to 2018, researchers found. The top five affecting enterprises include targeted attacks ($1.11 million), incidents affecting IT infrastructure hosted by a third party ($1.09 millon) incidents involving non-computing connected devices ($993,000) and third-party cloud services ($942,000), and data leaks from internal systems ($909,000). For SMBs, the priciest recoveries come from incidents affecting IT infrastructure hosted by a third party ($118,000), followed by those involving non-computing connected devices ($98k), those affecting third-party cloud services ($89,000), targeted attacks ($87,000), and incidents affecting suppliers sharing data with the victim ($83,000). The growth has sparked new security issues and now, as a result, more companies are shifting their security spend over to the cloud. Security budgets have grown overall: enterprises spend an average of $8.9 million on security while SMB spending has grown from $201,000 to $246,000 year over year. Poghozin says companies are spending the money on infrastructure security, internal expertise, and security operations.Read More
  • Investigators Slam NASA for Numerous IT and Cybersecurity Shortcomings
    Recent reports from the Government Accountability Office and NASA Inspector General detail a number of “longstanding IT management weaknesses” the agency made modest progress in addressing but failed to fully resolve over the last decade. “NASA continues to pursue efforts to improve IT strategic planning, workforce planning, IT governance, and cybersecurity, but consistently lacks the documented processes needed to ensure that policies and leading practices are fully addressed,” GAO said in a report published Tuesday. In 2015, GAO made eight recommendations for ways NASA could better manage and delegate its IT workforce, including developing a workforce planning process, assessing staffing needs for various components and developing ways to quickly fill skill gaps. NASA’s CIO told GAO the agency will soon begin rolling out a strategy based on the National Institute of Standards and Technology’s cybersecurity framework, but didn’t give any timelines for the initiative. The NASA Inspector General also highlighted numerous shortcomings in the Security Operations Center, which was founded in 2007 with the intent of becoming the agency’s “cybersecurity nerve center.”Read More
  • Pet Trackers Open to MITM Attacks, Interception
    After examining several well-reviewed models, including Kippy Vita, the Nuzzle Pet Activity and GPS Tracker and the Whistle 3 GPS Pet Tracker & Activity Monitor, testers at Kaspersky Lab found several issues that should be of concern for Rover’s owners.Related Posts Bluetooth Blues One common problem found in some of the trackers examined comes down to the use of Bluetooth Low Energy (BLE), which is custom-made for low-power IoT sensor applications. For instance, the Nuzzle device uses a SIM card to transmit the pet’s GPS coordinates, directly connecting to a smartphone via BLE – without any authorization or access control. That means that any smartphone can connect to the tracker to control it access the pet’s location, along with device status information like temperature and battery charge (CVE-2018-7043). While it monitors the pet’s location via GPS and transfers coordinates via a built-in SIM card to a phone directly via BLE, it makes use of a user ID to verify the rights of the mobile app to interface with the tracker.Read More
  • Banks adopt military-style tactics to fight cybercrime
    Photo: Whitney Curtis / New York Times Image 1 of / 5 Caption Close Image 1 of 5 At Mastercard’s fusion center in O’Fallon, Mo., company experts in fraud detection, network engineering and forensic analysis work alongside employees from the legal and customer service departments. Financial institutions are using military tools and techniques, like fusion centers and combat drills, to battle cybercrime. Financial institutions are using military tools and techniques, like fusion centers and combat drills, to battle cybercrime. Financial institutions are using military tools and techniques to battle cybercrime. Financial institutions are using military tools and techniques to battle cybercrime. Bank of America’s Brian Moynihan said his cybersecurity team is “the only place in the company that doesn’t have a budget constraint.” (The bank’s chief operations and technology officer said it is spending about $600 million this year.)Read More
  • Coca-Cola Suffers Breach at the Hands of Former Employee
    The Coca-Cola company announced a data breach incident this week after a former employee was found in possession of worker data on a personal hard drive. Incident impacts 8,000 Coca-Cola workers Coca-Cola says it worked with law enforcement in the past months to investigate the data's origin and validity, and determined that some documents contained the personal information of some of its workers. "We are issuing data breach notices to about 8,000 individuals whose personal information was included in computer files that a former employee took with him when he left the company," a Coca-Cola spokesperson told Bleeping Computer today. "We do not have any information to suggest that the information was used to commit identify theft." Coca-Cola is offering free identity monitoring for one year to affected employees through a third-party provider. Announcement delayed at the request of law enforcement The company also added it waited until now to report the breach to employees at the request of law enforcement, who were still investigating the incident. Coca-Cola is not the first major company to have its data exposed by former employees.Read More
  • Florida Elections Officials Fret about Cyberattack Possibilities
    If it's like the last few, it will be close, as the nation's biggest swing state elects a governor, U.S. senator and scores of federal, state and local officials and decides 13 changes to the state constitution. Memories are still fresh of the Russian phishing expedition that used email attachments to try to penetrate at least five county election systems before the 2016 election. "We are under a microscope more than ever in this election cycle," said Secretary of State Ken Detzner, the state's top elections officer, at a packed conference of Florida election supervisors this week in Fort Lauderdale. The main conference attraction was a team of specialists from the U.S. Department of Homeland Security, who praised Florida as a state on the leading edge of election security but an obvious target of cyberattacks. Florida's 67 election supervisors, all but one of them elected, have to face voters too. Alan Hays, a former state senator who was elected supervisor of elections in Lake County in 2016, had the county's IT experts explain the security of the county's voting system.Read More
  • Ease Server Security and Capacity Woes
    Don’t let server capacity limits or security threats hold your business back. Discover how HPE ProLiant DL380 Gen10 servers, powered by Intel® Xeon® Scalable processors, secure data and expand capacity for traditional and cloud-based workloads. BONUS: Explore the CPU performance boost of a server upgrade. Email a friend To Use commas to separate multiple email addresses From Privacy Policy Thank you Your message has been sent. Sorry There was an error emailing this page.Read More