Security professionals responsible for protecting critical infrastructure strive to isolate and segregate their most mission-critical systems, but there are still too many operational technology (OT) assets that are accessible to attackers over the internet, according to a new government alert. When searchable and accessible via the internet, OT systems – just like conventional IT systems…
Edicts by Wells Fargo, India and the U.S. military forbidding use of popular Chinese video-sharing app TikTok, may portend a national ban and raise questions if such a prohibition would be practical and enforceable, and what the greater implications would be. Owned by Beijing-based internet technology company ByteDance, TikTok has been downloaded more than 2…
As the newly appointed CISO of Joe Biden’s presidential campaign, Chris DeRusha, former chief security officer with the State of Michigan, has fewer than four months to implement his cybersecurity vision before Election Day arrives — all in the midst of a pandemic that has altered the traditional way that campaigns traditionally operate. DeRusha will…
Another Texas-based government institution may have fallen victim to ransomware actors. According to a reliable source, the cybercriminals behind the malicious encryptor NetWalker have published online evidence of an attack on Trinity Metro, a transit agency that operates bus and commuter rail transportation services in Fort Worth and its nearby Tarrant County suburbs. Trinity Metro…
The crowded ransomware market is now home to three newly discovered players that recently gained the attention of security researchers and malware analysts — including one that targets Mac users and another blamed for a recent attack on the Texas Department of Transportation. Dubbed OSX.EvilQuest, the Mac ransomware was observed being distributed on a Russian…
Companies trying to stave off business disruption caused by the global Covid-19 pandemic may be ripe for compromise as they introduce new risks in the scramble to maintain business continuity, warned a retired senior CIA executive in a keynote presentation Wednesday at the InfoSec World 2020 digital conference. In essence, the coronavirus has created ideal…
Australian Prime Minister Scott Morrison warned late last week that a sophisticated, state-sponsored cyber actor has been attacking the country’s government and corporate institutions, as well as critical infrastructure operators, with increasing regularity. Morrison did not name-and-shame the specific country that is responsible for the alleged attacks. But inside sources told Reuters that China is…
An Amnesty International study of 11 Covid-19 contact tracing apps from Europe, the Middle East and North Africa found identified apps from Bahrain, Kuwait and Norway as the most dangerous to users’ privacy. In a news release published on Tuesday, the human rights organization’s Security Lab said Bahrain’s ‘BeAware Bahrain’, Kuwait’s ‘Shlonik’ and Norway’s ‘Smittestopp’…
A new report issued by the U.S. Office of Management and Budget (OMB) says federal agencies reported eight percent fewer cybersecurity incidents in fiscal year 2019, compared to 2018 — an improvement it attributes to the recent “maturation of agencies’ information security programs.” High-value IT assets (HVAs) remain a work in progress, however: In FY…
The U.S. National Security Agency on Thursday issued an advisory alleging that hackers from Russia’s Main Intelligence Directorate (GRU) have been actively exploiting a remote code execution vulnerability in Exim Mail Transfer Agent (MTA) software, found in Unix-based systems. Researchers and analysts reacting to the agency’s warning say the announcement is an important reminder that…
