Security News > 2020 > March
A malicious campaign is targeting organizations from a broad range of industries with a piece of malware known as Kwampirs, the Federal Bureau of Investigation warns. Initially detailed in 2018, the malware is a custom backdoor associated with a threat actor tracked as Orangeworm, which has been active since at least 2015, mainly targeting organizations in the healthcare sector, but also launching attacks on industries somewhat related to healthcare, including IT, manufacturing, and logistics.
For the second time in two years, the Marriott hotel empire has suffered a major data breach. The stolen bounty includes everything cybercrooks would need to mount convincing spear-phishing campaigns: Full contact details; other personal data like company, gender and birthdays; Marriott's "Bonvoy" loyalty program account numbers and points balances; linked airline loyalty programs and numbers; and Marriott preferences such as stay/room preferences and language preferences.
According to Cisco, a primary cause for too many solutions is the tendency to rely on technology to solve the problems of increased security complexity. "As organizations increasingly embrace digital transformation, CISOs are placing higher priority in adopting new security technologies to reduce exposure against malicious actors and threats," comments Steve Martino, SVP and CISO at Cisco.
Marriott on Tuesday disclosed a new data breach that could impact up to 5.2 million of its guests. Marriott says it has invalidated the compromised credentials, but the attackers may have obtained information on as many as 5.2 million individuals.
A researcher has stumbled on a big security flaw affecting OpenWrt, an open source operating system used by millions of home and small business routers and embedded devices. OpenWrt has become a popular Linux alternative to the stock software that vendors ship with home routers.
The source code for ransomware-as-a-service strain Dharma could now be in the hands of more cybercriminals, as hackers have reportedly put it up for sale for just $2,000. Dharma evolved from the CrySIS RaaS variant after an anonymous source posted the CrySIS decryption keys online in 2016, and again several times through 2017.
The purpose is to discuss the role of CISO, and what it takes to be a successful CISO. Today we talk to Chandra McMahon and Bill O'Hern from the communications sector. "I don't know that the CISO needs to be on the board," said O'Hern, "But at a very minimum the CISO needs to participate with the board. I think it is important that today, the board of directors understands the cyber risks that face the company and is well-versed in the programs, the posture, and how it gets executed within the business. I believe that in today's environment the CISO role has really evolved to be a true member of the C-suite, someone who sits at the table with the board of directors at least on a routine basis to continually update them on the posture of the organization."
A federal court has ruled that violating a website's terms of service is not "Hacking" under the Computer Fraud and Abuse Act. Leading job sites have terms of service prohibiting users from supplying fake information, and the researchers worried that their research could expose them to criminal liability under the CFAA, which makes it a crime to "Access a computer without authorization or exceed authorized access."
Researchers demonstrated recently that hackers could launch a Stuxnet-style attack against Schneider Electric's Modicon programmable logic controllers, but it's believed that products from other vendors could also be vulnerable to the same type of attack. Researchers at Airbus CyberSecurity have analyzed Schneider Electric's Modicon M340 PLC to determine if it's vulnerable to similar attacks.
The data set was first spotted by Under the Breach, a data breach monitoring and prevention service. The CEC denied it yesterday, saying that it doesn't capture some of the data included in the dump - including that of dead people.