Security News > 2020

The source code for ransomware-as-a-service strain Dharma could now be in the hands of more cybercriminals, as hackers have reportedly put it up for sale for just $2,000. Dharma evolved from the CrySIS RaaS variant after an anonymous source posted the CrySIS decryption keys online in 2016, and again several times through 2017.

The purpose is to discuss the role of CISO, and what it takes to be a successful CISO. Today we talk to Chandra McMahon and Bill O'Hern from the communications sector. "I don't know that the CISO needs to be on the board," said O'Hern, "But at a very minimum the CISO needs to participate with the board. I think it is important that today, the board of directors understands the cyber risks that face the company and is well-versed in the programs, the posture, and how it gets executed within the business. I believe that in today's environment the CISO role has really evolved to be a true member of the C-suite, someone who sits at the table with the board of directors at least on a routine basis to continually update them on the posture of the organization."

A federal court has ruled that violating a website's terms of service is not "Hacking" under the Computer Fraud and Abuse Act. Leading job sites have terms of service prohibiting users from supplying fake information, and the researchers worried that their research could expose them to criminal liability under the CFAA, which makes it a crime to "Access a computer without authorization or exceed authorized access."

Researchers demonstrated recently that hackers could launch a Stuxnet-style attack against Schneider Electric's Modicon programmable logic controllers, but it's believed that products from other vendors could also be vulnerable to the same type of attack. Researchers at Airbus CyberSecurity have analyzed Schneider Electric's Modicon M340 PLC to determine if it's vulnerable to similar attacks.

The data set was first spotted by Under the Breach, a data breach monitoring and prevention service. The CEC denied it yesterday, saying that it doesn't capture some of the data included in the dump - including that of dead people.

A half-decade ago, with much fanfare, cyber ranges were touted as a revolutionary pivot for cybersecurity professionals' training. Are all obvious advantages to building and running cyber ranges within the public cloud.

Earlier this month, articles on Mashable, EFF, Forbes, and Consumer Reports, among others, heavily criticized Zoom for not ensuring that users' privacy is well protected, which encouraged web veteran Doc Searls to have a look into the matter as well. EFF too pointed out that Zoom hosts could monitor attendees' activity while screen-sharing, could see whether a participant has the Zoom window in focus or not, and that administrators can view "How, when, and where users are using Zoom," and can access the contents of recorded calls, including "Video, audio, transcript, and chat files."

Researchers say yes: Good data can beat bad data in the race to spread. In a paper published on Friday, researchers from North Carolina State University and the Army Research Office have demonstrated a new model of how competing pieces of information spread in online social networks and the Internet of Things. Ultimately, our work can be used to determine the best places to inject new data into a network so that the old data can be eliminated faster.

The Kwampirs attack group continues to target global healthcare entities in this time of crisis, the FBI has warned. "The FBI assesses Kwampirs actors gained access to a large number of global hospitals through vendor software supply chain and hardware products. Infected software supply chain vendors included products used to manage industrial control system assets in hospitals."

One in four respondents to a Threatpost reader poll said they were okay with sacrificing a portion of their personal privacy in exchange for some form of cellphone tracking that could - in theory - reduce coronavirus infection rates and save lives. When asked, "For coronavirus tracking, do you think public-health benefits outweigh privacy risks?" approximately 27 percent voted "Yes - Privacy and data-protection laws should not get in the way of saving lives." Sixty-nine percent said, "No - A pandemic doesn't give authorities the right to strip citizens of their privacy rights."