Security News
The Center for Internet Security, a non-profit dedicated to securing IT systems and data, has announced the launch of free ransomware protection for US private hospitals through the Malicious Domain Blocking and Reporting service. "This capability can block the vast majority of ransomware infections just by preventing the initial outreach to a ransomware delivery domain," as CIS explains.
Insider breaches likely occur because most security solutions aren't equipped to defend a porous and scattered network. Cybercriminals are acutely aware of all the biases described above, so it becomes much more important to study how users interact with the network and design security strategies around it.
A ransomware attack against the widely used payment processor ATFS has sparked data breach notifications from numerous cities and agencies within California and Washington. Due to the large amount of potential data allegedly stolen by the Cuba Ransomware operation, cities utilizing AFTS as their payment processor or address verification service have begun disclosing potential data breaches.
The US Department of Justice has just unsealed a lengthy list of cybercrime charges against three North Koreans. The DOJ explicitly named the three accused men as Jon Chang Hyok, Kim Il, and Park Jin Hyok, alleging them to be part of a North Korean hacking group that you may have heard referred to over the years as APT38 or the Lazarus Group.
The FBI, CISA, and US Department of Treasury shared detailed info on malicious and fake crypto-trading applications used by North Korean-backed state hackers to steal cryptocurrency from individuals and companies worldwide in a joint advisory published on Wednesday. "It is likely that these actors view modified cryptocurrency trading applications as a means to circumvent international sanctions on North Korea-the applications enable them to gain entry into companies that conduct cryptocurrency transactions and steal cryptocurrency from victim accounts."
U.S. authorities are still working to unravel the full scope of the likely Russian hack that gave the "Sophisticated" actor behind the breach complete access to files and email from at least nine government agencies and about 100 private companies, the top White House cybersecurity official said Wednesday. Anne Neuberger, the newly appointed deputy national security adviser for cyber and emerging technology, also warned that the danger has not passed because the hackers breached networks of technology companies whose products could be used to launch additional intrusions.
The U.S. Department of Justice has charged three North Koreans for stealing $1.3 billion in money and cryptocurrency in attacks on banks, the entertainment industry, cryptocurrency companies, and more. The defendants are state-sponsored North Korean hackers and members of Reconnaissance General Bureau units, a North Korean military intelligence agency that has engaged in criminal hacking operations.
Kia Motors USA is experiencing a nationwide outage affecting IT servers, self-payment phone services, dealer platforms, and phone support. The outage started Saturday when the Kia Owners Portal went offline and began displaying an error message stating that Kia was "Experiencing an IT service outage that has impacted some internal networks."
The US Cyber Command has released a series of ten Valentine’s Day “Cryptography Challenge Puzzles.” Slashdot thread. Reddit thread. (And here’s the archived link, in case Cyber Command takes the...
Senators are now demanding more information about the attacker's infiltration of the US court system, which has already been forced to make changes in how documents are filed as a result of the attack. "Highly sensitive documents should be stored in a secure paper filing system or a secure standalone computer system that is not connected to any network, particularly the internet. The AO will provide courts with model language for a standing or general order as well as advice and guidance on how to establish and securely maintain a standalone computer system if a court chooses that option."