Cybersecurity Weekly: Ransomware denial, addressing the gender skills gap, audio deepfakes
A Massachusetts city declines a $5.3 million ransomware demand, opting to restore from backup instead. An Irish staffing company works to close the cybersecurity skills gap for migrant women. The first known case of successful financial scamming via audio deepfakes. All this, and more, in this week’s edition of Cybersecurity Weekly.
See Infosec IQ in action
1. $5.3 million ransomware demand: Massachusetts city says no thanks
After a ransomware attack slapped a hefty payout demand of $5.3 million on New Bedford, Massachusetts, the city announced that it is instead opting to restore from backups. As a result of “a combination of luck, skill and the architecture of the system,” only about 4% of its computers were affected by the attack.
Read more »
2. SMBs embracing cloud, but security remains a concern
A growing majority of SMBs are turning to cloud computing for their IT infrastructure, but at the same time, IT and security professionals struggle to understand the nuances of cloud security. Cloud infrastructure is becoming more complex, especially when managing a hybrid environment of private and public clouds.
Read more »
3. Careers in cybersecurity aren’t just a man’s game
As we travel further into the digital age, our systems continue to become more complex and more vulnerable and, in turn, there is a greater need for professionals who specialize in cybersecurity. Techfindr, an Irish IT staffing company, invests in the skills of migrant women to combat this challenge.
Read more »
4. What does good cyber resilience look like in 2019?
Some of the best cyber resilience planning in 2019 comes from simplicity, beginning with the NIST’s Cybersecurity Framework. After taking that first step, cybersecurity education is the next piece of the puzzle. If your organization is not receiving regular training, it’s time to sound the alarm.
Read more »
5. 8 ways to spot an insider threat
The good news and the bad news with insider threats? The good news is that most insider threats derive from negligence, not malicious intent. The bad news is that the frequency of negligence is already ahead of where it was in 2018. Compounding the problem is the fact there are more networks, devices and data to monitor and secure.
Read more »
6. CEO “deepfake” swindles company out of $243,000
In the first known case of successful financial scamming via audio deepfakes, cybercrooks were able to create a near-perfect impersonation of a chief executive’s voice – and then used the audio to fool his company into transferring $243,000 to their bank account. Security experts say that the incident sets a dangerous precedent.
Read more »
7. Google fined $170 million for violating kids' privacy on YouTube
Google agreed to pay a $170 million fine to settle allegations by the FTC and the New York attorney general that its YouTube service earned millions by illegally harvesting personal information from children without their parents' consent. The settlement requires Google to pay $136 million to the FTC and a $34 million fine to New York State.
Read more »
8. Leaky server exposes 419 million phone numbers of Facebook users
Phone numbers linked to the accounts of hundreds of millions of Facebook users have been found online on an insecure server in the latest privacy slip-up for the social media giant. The server, which lacked password protection, contained more than 419 million records over several databases and multiple countries.
Read more »
9. Over $37 million lost by Toyota boshoku subsidiary in BEC scam
Toyota Boshoku Corporation, a car components manufacturer member of the Toyota Group, announced today that one of its European subsidiaries lost more than $37 million following a business email compromise attack. Overall, BEC victims lost over $1.2 billion in 2018, according to an Internet Crime report issued in April 2019.
Read more »
Phishing simulations & training
10. Android flaws decline in 2019 as iOS malware rises
The number of security bugs affecting Android devices fell sharply in the first half of this year, although the proportion of these which are deemed “critical” increased. Meanwhile, Apple's iOS saw a 25% rise in detected vulnerabilities compared to 2018. 155 were found in the first six months of the year — almost double the amount found in the Android OS.
Read more »
In this Series
- Cybersecurity Weekly: Ransomware denial, addressing the gender skills gap, audio deepfakes
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
