The University of Utah has paid a $457,000 ransomware to prevent threat actors from releasing files stolen during a ransomware attack. In a 'data security incident' notification posted today, the University of Utah disclosed that they were attacked by ransomware on Sunday, July 19, 2020. "On Sunday, July 19, 2020, the university's College of Social and Behavioral Science (CSBS) was notified by the university's Information Security Office (ISO) of a ransomware attack on CSBS computing servers. READ MORE...
Marriott International is the subject of a lawsuit in the United Kingdom brought by millions of former guests seeking compensation for the exposure of their data in a massive breach. The class action-style lawsuit, filed by U.K. resident Martin Bryant, comes in response to a security incident in which hackers accessed information about more than 300 million people between July 2014 and September 2018. The breach, first revealed in 2018, included data such as email addresses, phone numbers and credit card data. READ MORE...
For three weeks, a 290-bed medical facility in upstate New York has been grappling with a cybersecurity incident that prevented doctors from accessing patients' electronic medical records (EMRs). The EMRs and payroll and accounting systems are now back online, the Samaritan Medical Center said in a statement Wednesday, but restoring the entire computer network will still take time. The not-for-profit Watertown, New York, institution - which says it generates $395 million annually in economic activity. READ MORE...
There are ways to protect privacy in contact-tracing apps... and then there's Albion's. In an attempt to mitigate the potential spread of COVID-19, one Michigan college is requiring all students to install an app that will track their live locations at all times. Unfortunately, researchers have already found two major vulnerabilities in the app that can expose students' personal and health data. Albion College informed students two weeks before the start of the fall term. READ MORE...
Google released a patch for an email spoofing vulnerability affecting Gmail and G Suite seven hours after it was publicly disclosed, but the tech giant knew about the flaw since April. The vulnerability was disclosed on Wednesday by researcher Allison Husain, who described her findings in a blog post and shared proof-of-concept (PoC) code. The issue, related to missing verifications when configuring mail routes, could have been exploited by an attacker to send an email as another Gmail or G Suite user. READ MORE...
Where there's money, there's also an opportunity for fraudulent actors to leverage security flaws and weak entry-points to access sensitive, personal consumer information. This has caused a sizeable percentage of consumers to avoid adopting mobile banking completely and has become an issue for financial institutions who must figure out how to provide a full range of financial services through the mobile channel in a safe and secure way. However, with indisputable demand for a mobile-first experience. READ MORE...
A computer scientist at the National University of Singapore claims to have demonstrated how recording the sound of a lock turning can be sufficient to make working replica keys. In March 2020, Soundarya Ramesh, a third-year PhD candidate at the National University of Singapore, published a paper [PDF] co-authored by security researcher Harini Ramprasad and Professor Jun Han on the topic of "acoustics-based physical key inference". READ MORE...
ATM manufacturers Diebold Nixdorf and NCR have fixed a number of software vulnerabilities that allowed attackers to execute arbitrary code with or without SYSTEM privileges, and to make illegal cash withdrawals by committing deposit forgery and issueing valid commands to dispense currency. About the vulnerabilities "Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the cash and check deposit module. READ MORE...
Trends in BEC and email security during Q2 2020 included a peaking and plateauing of COVID-19-themed email attacks, an increase in BEC attack volume and acceleration of payment and invoice fraud, according to an Abnormal Security report. The report also reveals that Zoom supplanted American Express as the most impersonated brand in email attacks. There have been surges in COVID-19-themed email security attacks, which continued in Q2, with weekly campaign volume increasing 389% between Q1 and Q2. READ MORE...