CNN reports that a potential compromise of the Department of Homeland Security's sensitive physical security details is being looked into by the department's senior officials following a ransomware attack against contractor and major building automation systems manufacturer Johnson Controls International.
"Until further notice, we should assume that [the contractor] stores DHS floor plans and security information tied to contracts on their servers," said the DHS in an internal memo, which also emphasized the importance of immediately identifying potentially impacted DHS offices amid a looming government shutdown.
In a filing with the Securities and Exchange Commission, Johnson Controls disclosed that while some of its operations will continue to be impacted by the attack against its internal IT systems last week, it has already sought third-party cybersecurity experts to facilitate recovery efforts.
However, no further information regarding DHS data stored by the conglomerate that may have been compromised was provided by Johnson Controls spokesperson Trent Perrotto.
Vulnerabilities impacting cloud analytics and business intelligence software Qlik Sense have been exploited to facilitate the deployment of CACTUS ransomware in a new campaign, The Hacker News reports.
Staples cyberattack disrupts online orders BleepingComputer reports that outages at American office supply retail chain that disrupted online orders were confirmed to have been caused by a cyberattack.
Cyber Resilience in the Ransomware and Wiper Era New Strategies for CISOs to Protect
The changing face of ransomware, and how to respond
Unveiling the Hidden Threat: Hybrid Attackers Leveraging Identities to Execute Ransomware
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news