While the ubiquitous USB remains an integral tool to facilitate transferable computing, such removable media is the second most prevalent industrial vector vulnerability for operational technology (OT) systems, according to a Honeywell report. The company first studied the market in 2018, and since then the number of threats capable of disrupting OT rose from 26…
A credit card-skimming scheme tracked since April and targeting at least a dozen websites – all hosted on Microsoft IIS servers running the ASP.NET web application framework – counts among its victims sports organizations, health and community associations, and a credit union. What they have also in common is that a malicious code was injected…
Critical infrastructure globally across sectors are at a particularly vulnerable state due to the continued heightened pace of cyberattacks on the Industrial Internet of Things (IIoT), according to a report from Lloyd’s Register Foundation, the U.K.-based global safety charity. Lloyd’s suggests a series of measures to meet the increasing IIoT risks to energy, transport, built…
A little over two years since GDPR took effect and a few days after California began to enforce the CCPA, a study found more than one-third – 37 percent – of U.K. cybersecurity professionals expect the number and monetary amount of fines their employers face for not adequately safeguarding data will increase by 2025 even…
Employers who have suddenly shifted a large percentage of their workforce to remote due to Covid-19 no doubt will shudder by the findings of a new Fraunhofer Institute for Communication, Information Processing and Ergonomics study that concluded no home router was without security vulnerabilities. The German tech think tank analyzed 127 home routers from seven…
Despite an increased toll on their computer systems amid Covid-19, healthcare organizations throughout the world generally are doing a good job of mitigating inbound attack attempts, according to a Vectra analysis of the first five months of 2020. The report cites a doubling of data exfiltration behaviors to external destinations in Europe, Middle East and…
StrongPity, aka Promethium, a potentially state-sponsored APT group active since 2012, isn’t letting exposed campaigns in recent years stop it from trying to install malware around the world, particularly in warzones such as Syria. Two separate reports this week from Cisco Talos and Bitdefender suggest the attackers are getting more aggressive in their geo-targeted malicious…
A 21-year-old man has been sentenced to serve 13 months in federal prison for his role in creating the Satori DDoS botnet, which descended from Mirai IoT malware, announced U.S. Attorney Bryan Schroder in Anchorage, Alaska. Kenneth Currin Schuchman, 22, of Vancouver, Wash., was sentenced today by Chief U.S. District Judge Timothy M. Burgess, after…
Since April 10, eight cities in three states using the Click2Gov web-based platform to collect payments for services have been hit with Magecart card-skimming attacks that still appear active. Credit card information including card number, expiration date and CVV, as well as personal information such as name and contact address, were being exfiltrated from the…
A phishing campaign in multiple enterprise email environments purportedly protected by Proofpoint and Microsoft entices users with false event invitations in the form of .ics calendar invite attachments, Cofense Phishing Defense Center (PDC) reported. The convoluted scheme dupes recipients into thinking their bank accounts have been compromised, even though the ruse’s initial focus is stuffing…
