An ongoing email-based phishing scam is attempting to fool recipients into opening malicious attachments disguised as notifications from the U.S. Department of Homeland Security (DHS), according to the Cybersecurity and Infrastructure Security Agency, in a warning posted on the official US-CERT web site this past Tuesday. “The email campaign uses a spoofed email address to…
Malicious actors are attempting to infect computers running Tiny Core Linux virtual machines with an XMRig-based cryptominer that’s being bundled with pirated copies of Virtual Studio Technology (VST) software applications. Dubbed LoudMiner, the Monero-mining software first appeared in August 2018, and works by abusing virtualization software – QEMU on macOS machines and VirtualBox on Windows devices.…
If you think security breaches like the ones at Toyota or Facebook are bad, just wait. That’s what attackers are doing. Playing the long game. It’s referred to as “sit and wait” or sometimes “spray and pray.” Either way these new forms of attack capitalize on the convergence of several key factors including: nation-state sponsored…
Mozilla released security updates to address a vulnerability in Firefox and Firefox ESR that could allow attackers to take control of an affected system. The vulnerability is rated critical and is actively being exploited in the wild. Mozilla called it “a type confusion vulnerability” that occurs when manipulating JavaScript objects due to issues in Array.pop.…
Personal information belonging to residents and employees of multiple assisted living facilities were potentially exposed in an April 2019 cyberattack that infected third-party software company Tenx Systems, LLC with ransomware. The Minneapolis-based company, which operates under the name ResiDex Software and provides software to assisted-living homes, group facilities and care-giving organizations for seniors and the…
The Samba Team has released security updates to address vulnerabilities in Samba 4.9 and all versions of Samba from 4.10 onward, which, if exploited, could be used to prompt a denial-of-service (DoS) attack. One vulnerability affecting the free software platform is a DoS in DNS management server bug,which could allow an authenticated user to crash…
Maryland Governor Larry Hogan signed an executive order designed to bolster the state’s cyber defenses in light of the devastating ransomware attack that recently struck Baltimore by creating several new cybersecurity departments and positions. The executive order creates the Maryland Cyber Defense Initiative which will manage the state’s ability to handle any consequences of a…
A common theme that runs through successful books and movies is misdirection. Are the good guys really good and the bad guys really bad? Identity is everything. In the real world, you do not want to be the good guy who finds out at the end that your colleague or business partner was actually an…
June 19Karen O’Reilly Smith has been named chief security officer at Rackspace replacing Brian Kelly who retired. Smith previously served as chief information security officer international for Aetna/CVS. June 6Dan Hubbard was named CEO of Lacework after previously having been chief product officer, where he was responsible for driving innovation and expanding the company’s security…
Oregon’s Department of Human Services (DHS) is in the process of mailing notifications to roughly 645,000 of its reportedly 1.6 million clients, following a data breach incident last January that resulted from a phishing scam. When DHS first publicly disclosed the incident last March, it said the number of affected Oregonians exceeded 350,000, but it…
