Security News > 2020

Ransomware costs more than doubled in the fourth quarter of 2019, with the average ransom payment skyrocketing to $84,116, a 104 percent surge up from $41,198 in the third quarter. "In Q4, ransomware actors also began exfiltrating data from victims and threatening its release if the ransom was not paid. In addition to remediation and containment costs, this new complication brings forth the potential costs of 3rd party claims as a result of the data breach," said researchers with Coveware in an analysis published this week, which aggregated anonymized ransomware cases handled by Coveware's incident response team.

Federal regulators are warning healthcare providers about six vulnerabilities in some of GE Healthcare's medical device systems that could allow attackers to remotely take control of the gear. The GE Healthcare product vulnerabilities are the latest example of the medical device cybersecurity challenges the healthcare sector faces.

UPDATE. Cisco Systems has fixed a high-severity vulnerability in its popular Webex video conferencing platform, which could let strangers barge in on password-protected meetings - no authentication necessary. "The vulnerability is due to unintended meeting information exposure in a specific meeting join flow for mobile applications," Cisco said.

Cybersecurity experts said Thursday there were still many unanswered questions from an investigation commissioned by Jeff Bezos that concluded the billionaire's cellphone was hacked, apparently after receiving a video file with malicious spyware from the WhatsApp account of Saudi Arabia's crown prince. The report further pointed to messages later sent from the prince's WhatsApp account to Bezos that showed "Apparent awareness" of private information.

U.K. officials are considering a proposal to allow China's Huawei to play a limited role in providing certain equipment for the country's 5G rollout, which would defy calls from the U.S. for a complete ban of telecom gear from the company, Reuters reports. Britain's National Security Council, which is chaired by Prime Minister Boris Johnson, is scheduled to meet in the coming days to decide whether to deploy Huawei equipment within the country's 5G networks, according to Reuters, which cited unnamed U.K. government sources.

Security researchers with Cisco's Talos Security Intelligence and Research Group discovered a new type of malware, which is able to attack a victim's devices through malicious Microsoft Office documents. "We don't know why specifically these countries, the attackers simply hardcoded these countries in the malware. The attackers had complete control of the compromised systems. The purpose of the campaigns were cyber espionage," Rascagneres said.

A newly-introduced bill is proposing sweeping privacy reforms to a controversial government surveillance program, which has been previously used by the National Security Agency to vacuum up the call records of millions of Americans. The bill closes loopholes in vague language used by Section 215 for justifying mass surveillance sans warrant.

The Royal Yachting Association has told members that "An unauthorised party" may have pilfered a database containing personal information from 2015. Stolen information included names, email addresses and "Hashed passwords", including a "Majority held with the salted hash function." No payment or financial information was said to have gone walkies.

The Greek government said Friday that the official state websites of the prime minister, the national police and fire service and several important ministries were briefly disabled by a cyberattack but have been restored. Government spokesman Stelios Petsas said early Friday that the distributed denial-of-service or DDoS attack "Led to the malfunction of certain websites." He said "Countermeasures" had been successfully implemented, but gave no further details.

The major differences now are that technology and scale play a greater part in the success of today's attacks. In a few of my recent articles, I warned about the growth potential for attacks in the coming year and explored some of the methods being adopted by attackers that use technology to ensure greater success.