IT Security Newsletter - 09/17/2020
German Hospital Hacked, Patient Taken to Another City Dies
German authorities said Thursday that what appears to have been a misdirected hacker attack caused the failure of IT systems at a major hospital in Duesseldorf, and a woman who needed urgent admission died after she had to be taken to another city for treatment. The Duesseldorf University Clinic's systems have been disrupted since last Thursday. The hospital said investigators have found that the source of the problem was a hacker attack on a weak spot in "widely used commercial add-on software." READ MORE...
Computer Attack Disables California School District's System
A ransomware virus took down a California school district's computer system, forcing a shutdown of distance learning for about 6,000 elementary school students, an official said. The attack disabled the computer server and email service for the Newhall School District in Valencia, The Los Angeles Times reports. The attack affected all online learning in the district's 10 elementary schools. The Los Angeles County Office of Education defines a ransomware attack as "malware" targeting human and technical weaknesses. READ MORE...
Hackers pumped and dumped GAS cryptocurrency for $16.8 million, alleges US DOJ
US authorities have charged two Russian men with allegedly defrauding cryptocurrency exchanges and their customers out of at least $16.8 million. The men - Danil "Cronuswar" Potekhin, 25, and 35-year-old Dmitrii Karasavidi, of Voronezh and Moscow respectively - are said to be responsible for a phishing campaign that targeted customers of cryptocurrency exchanges between July 2017 until at least October 2018. Potekhin is accused of creating spoof websites that mimicked legitimate cryptocurrency exchange websites. READ MORE...
Hammer drops on hackers accused of targeting game and software makers
For more than a decade, hackers working on behalf of the Chinese government have brazenly pursued advanced cyber intrusions on technology companies, with a particular focus on those that market software, such as CCleaner, role-playing games, and other types of games. On Wednesday, US authorities fired back, charging seven men allegedly backed by the Chinese government for carrying out a string of financially motivated hacks on more than 100 US and overseas organizations. READ MORE...
Two Russians Charged Over $17M Cryptocurrency Fraud Scheme
The United States Department of Justice on Wednesday unsealed an indictment against two Russian nationals allegedly engaged in cryptocurrency fraud schemes. The two, Danil Potekhin (also known as cronuswar) and Dmitrii Karasavidi (also referred to as Dmitriy Karasvidi), allegedly targeted three cryptocurrency exchanges - two in the United States and one abroad - and their customers to defraud them of at least $16.8 million in virtual currency. READ MORE...
Cybersecurity Bounces Back, but Talent Still Absent
Leave it to a global pandemic to disrupt industries many of us have assumed to be stalwart. Companies fortunate enough not to traffic in hard goods are realizing they can survive (and cut significant costs) by moving to work-from-home workforces. This shift, with an estimated 62% of the workforce now working from home, demonstrates the increased need in hiring for cybersecurity personnel required to manage these new business models. At first, this sounds great for the resilience of the cybersecurity sector. READ MORE...
Box Showcases New Offerings for Remote Working Environment
The primary problem caused by the growth in remote working is a new degree of complexity. The threats remain the same, but the solutions must be new. Box on Wednesday announced additions and enhancements to its range of products designed for the growing remote working environment. Box is expanding its capabilities by improving both the operation and security of its cloud-based collaboration service, in announcements at its inaugural BoxWorks Digital event. READ MORE...
This security awareness training email is actually a phishing scam
A creative phishing campaign uses an email template that pretends to be a reminder to complete security awareness training from a well-known security company. As computer users become more aware and educated on standard phishing techniques and templates, threat actors need to continually evolve their methods to develop innovative ways to trick users into providing their login credentials. Such is the case with a new phishing campaign discovered by email security firm Cofense that pretends to be "Security Awareness Training" from KnowBe4. READ MORE...
h2c Smuggling: A New 'Devastating' Kind of HTTP Request
The newly discovered form of HTTP request smuggling could have widespread impact because any proxy can be affected, researchers say. Here's what infosec pros should know. A new type of hack that piggybacks malicious Web requests alongside legitimate ones could be used to create a broad range of havoc in an organization, a report from cybersecurity company Bishop Fox reveals. "Devastating." That's how Bishop Fox lead researcher Jake Miller described this new new form of HTTP request smuggling. READ MORE...
Sports data for ransom - it's not all just fun and games anymore
Throughout the 1990's we saw vastly increased engineering being applied to sports, mostly in the development of shoes, clothing and equipment - everything from ice skates to bikes and even golf balls. But among all the bling of bubbles and pumps in shoes and aerodynamic helmets and balls, another transformation was taking place, the democratization of (sports) performance data. The arrival of increasingly intelligent and low-cost sensors, and both the hardware and software needed to process the data it produced. READ MORE...
Networking firm Sandvine cancels Belarus contract, citing 'custom code' that aided censorship
Sandvine, an internet routing and networking company, said Tuesday it would stop doing business with Belarus after realizing that government was using its products to suppress information during a bloody crackdown on protesters. "Sadly, preliminary results of our investigation indicate that custom code was developed and inserted into Sandvine's products to thwart the free flow of information during the Belarus election," the company said in a statement, which was first reported by Bloomberg News. READ MORE...
- ...in 1787, the United States Constitution is signed in Philadelphia, Pennsylvania.
- ...in 1920, the National Football League is organized in Canton, Ohio.
- ...in 1976, NASA unveils the first space shuttle, Enterprise. It never went to space, but was used for atmospheric test flights.
- ...in 1991, software engineer Linus Torvalds releases the first version of the Linux kernel to the Internet.