Bank regulators dropped the hammer on Capital One, with the Office of the Comptroller of the Currency (OCC) levying an $80 million fine and the Federal Reserve filing a cease and desist order that specified what the steps the bank needed to take to redeem itself after a massive data breach in 2019 that compromised…
Prosecutors dropped felony criminal charges against a pair of ethical pen testers arrested while assessing the security of an Iowa courthouse. But the the two men are not ready move on just yet. Coalfire employees Gary DeMercurio, managing senior, and Justin Wynn, senior security consultant, lobbied Wednesday at the virtual Black Hat conference for a…
The hack of a U.K. trade minister’s email account – the result of a spear phishing campaign likely engineered by Russian operatives – led to the leak of U.S.-U.K. trade documents and perpetuated a disinformation campaign credited with influencing the 2019 U.K. election. Hackers were able to successfully access the email of Trade Minister Liam…
Wielding a new remote access trojan (RAT) dubbed Taidoor, Chinese government-supported hackers are behind a series of cyberespionage campaigns. Although it offered no details on the possible targets, CISA warned of the malware variants, noting that “the FBI has high confidence that Chinese government actors are using [them] in conjunction with proxy servers to maintain…
A phishing lure disguised as a legitimate inquiry by a recruiter for a new job opportunity inserts a malicious template into an attached Word document, which then gathers intelligence on the target, usually a highly-skilled technology worker in the aerospace and defense industries. The attack, dubbed Operation North Star, was discovered by researchers in McAfee’s…
Recognizing that the electric utility industry needs an industry-specific response to its cybersecurity challenges, the New York Power Authority (NYPA) and Siemens Energy plan to develop a Cybersecurity Center of Excellence that will focus on building practical security tools for small- and mid-sized utilities. Kenneth Carnes, vice president and CISO at NYPA, said many of…
Security professionals responsible for protecting critical infrastructure strive to isolate and segregate their most mission-critical systems, but there are still too many operational technology (OT) assets that are accessible to attackers over the internet, according to a new government alert. When searchable and accessible via the internet, OT systems – just like conventional IT systems…
The greater business community should be on higher alert for cyberattacks by nation-state actors after the report last week that President Trump signed a “presidential finding” around cyberwarfare that gives the CIA broader powers to launch cyberattacks against U.S. adversaries. After all, following the Stuxnet attack by the U.S. in 2009 the Iranians responded not…
An Android application that controls a drone manufactured by China-based Da Jiang Innovations (DJI) contains a self-update feature that bypasses the Google Play Store, thus creating the ability for the app to transmit sensitive personal information to DJI’s servers or possibly the Chinese government. The DJI GO 4 Android app has been designed for use…
The hackers who ran a cryptocurrency scam using high-profile, verified Twitter accounts, including those belonging to Joe Biden, Apple, Bill Gates, Uber and Barack Obama, accessed the direct messages (DMs) of 36 accounts and downloaded account data from eight accounts via “Your Twitter Data.” There is no indication that the DMs of any former or…
