Larry Jaffee SC Media

Larry Jaffee

Most recent articles by Larry Jaffee

TaiwanUSB

USB a prevalent industrial vector vulnerability for OT systems

While the ubiquitous USB remains an integral tool to facilitate transferable computing, such removable media is the second most prevalent industrial vector vulnerability for operational technology (OT) systems, according to a Honeywell report. The company first studied the market in 2018, and since then the number of threats capable of disrupting OT rose from 26…

Credit card skimmer preyed on old ASP.NET-powered websites with shopping carts

A credit card-skimming scheme tracked since April and targeting at least a dozen websites – all hosted on Microsoft IIS servers running the ASP.NET web application framework – counts among its victims sports organizations, health and community associations, and a credit union. What they have also in common is that a malicious code was injected…

Mounting IIoT cyber risks must be addressed now to prevent catastrophe: report

Critical infrastructure globally across sectors are at a particularly vulnerable state due to the continued heightened pace of cyberattacks on the Industrial Internet of Things (IIoT), according to a report from Lloyd’s Register Foundation, the U.K.-based global safety charity. Lloyd’s suggests a series of measures to meet the increasing IIoT risks to energy, transport, built…

money

Frequency, size of fines for failing to secure data will grow by 2025, report

A little over two years since GDPR took effect and a few days after California began to enforce the CCPA, a study found more than one-third – 37 percent – of U.K. cybersecurity professionals expect the number and monetary amount of fines their employers face for not adequately safeguarding data will increase by 2025 even…

Personal home router

Home routers largely unpatched, raising risk during Covid-19 WFH

Employers who have suddenly shifted a large percentage of their workforce to remote due to Covid-19 no doubt will shudder by the findings of a new Fraunhofer Institute for Communication, Information Processing and Ergonomics study that concluded no home router was without security vulnerabilities. The German tech think tank analyzed 127 home routers from seven…

Even during pandemic, healthcare orgs successfully fending off attacks

Despite an increased toll on their computer systems amid Covid-19, healthcare organizations throughout the world generally are doing a good job of mitigating inbound attack attempts, according to a Vectra analysis of the first five months of 2020. The report cites a doubling of data exfiltration behaviors to external destinations in Europe, Middle East and…

Geopolitical targets figuring in latest StrongPity attacks

StrongPity, aka Promethium, a potentially state-sponsored APT group active since 2012, isn’t letting exposed campaigns in recent years stop it from trying to install malware around the world, particularly in warzones such as Syria. Two separate reports this week from Cisco Talos and Bitdefender suggest the attackers are getting more aggressive in their geo-targeted malicious…

Eight cities using Click2Gov targeted in Magecart skimming attacks

Since April 10, eight cities in three states using the Click2Gov web-based platform to collect payments for services have been hit with Magecart card-skimming attacks that still appear active. Credit card information including card number, expiration date and CVV, as well as personal information such as name and contact address, were being exfiltrated from the…

Event invitation phishing scheme usurps efficacy of Microsoft, Google and Wells Fargo

A phishing campaign in multiple enterprise email environments purportedly protected by Proofpoint and Microsoft entices users with false event invitations in the form of .ics calendar invite attachments, Cofense Phishing Defense Center (PDC) reported. The convoluted scheme dupes recipients into thinking their bank accounts have been compromised, even though the ruse’s initial focus is stuffing…

Next post in Security News