Tyler Technologies, a major provider of software and services for state and local governments in the United States, has confirmed that the recently disclosed cybersecurity incident involved ransomware. Tyler this week shut down its website and started informing customers via email that its internal phone and IT systems were accessed without authorization by an unknown third party. The company said the attack disrupted access to some internal systems, and it decided to shut down points of access to external systems. READ MORE...
Washington state is among those being targeted by a "large-scale, highly sophisticated" nationwide phishing campaign, the office of Gov. Jay Inslee said Thursday. At a press conference Thursday, Inslee said that the state is taking proactive measures to protect state systems, but he said that no ransomware activity has occurred among the agencies targeted, and no state services have been impacted. "We're using every resource at our disposal to prevent these criminals..." . READ MORE...
A Maryland man was sentenced to 12 months and one day in prison for hacking into and damaging the computers of his former employer. From January 5, 2004, through August 6, 2015, the man, Shannon Stafford, 50, of Crofton, Maryland, was employed at an unnamed international company with thousands of offices worldwide, in the IT department. Employed at the company's Washington office, Stafford provided IT technical support to the organization's Washington, McLean, Virginia, and Baltimore offices. READ MORE...
Cybersecurity experts from the U.S. military and the private sector have spent recent weeks working with two American cities to test their ability to respond during a simulated cyberattack layered with several simulated physical disruptions. The virtual exercise, which has feigned malware and ransomware attacks against targets in Charleston, S.C., and Savannah, Ga., over the last several weeks, is aimed at testing participants' ability to defend against digital threats. READ MORE...
For the second time in a week, U.S. national security agencies have publicly reassured voters that election systems are being guarded from hacking and that the integrity of the vote is intact. The FBI and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency "have not identified any threats, to date, capable of preventing Americans from voting or changing vote tallies for the 2020 elections," the agencies said in a statement published Thursday. READ MORE...
A federal agency has suffered a successful espionage-related cyberattack that led to a backdoor and multistage malware being dropped on its network. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on Thursday, not naming the agency but providing technical details of the attack. Hackers, it said, gained initial access by using employees' legitimate Microsoft Office 365 log-in credentials to sign onto an agency computer remotely. READ MORE...
To better understand modern malware detection methods, it's a good idea to look at sandboxes. In cybersecurity, the use of sandboxes has gained a lot of traction over the last decade or so. With the plethora of new malware coming our way every day, security researchers needed something to test new programs without investing too much of their precious time. Sandboxes provide ideal, secluded environments to screen certain malware types without giving that malware a chance to spread. READ MORE...
For the past several months, Taurus Project-a relatively new stealer that appeared in the spring of 2020-has been distributed via malspam campaigns targeting users in the United States. The macro-laced documents spawn a PowerShell script that invokes certutil to run an autoit script ultimately responsible for downloading the Taurus binary. Taurus was originally built as a fork by the developer behind Predator the thief. It boasts many of the same capabilities as Predator the thief. READ MORE...
Scammers mixed together a malicious cocktail of social engineering, SIM-swapping, and remote desktop software to empty the bank accounts of at least three victims. In total, victims lost more than $350,000. They were likely swindled by the same individuals since the modus operandi and some details were the same in all three cases. The scams happened over the summer in Budapest and started with the ruse of a well-located apartment offered for sale below the market value. READ MORE...
Two companies founded on security and privacy are partnering to make online payments quicker and safer. Password manager 1Password and virtual card platform Privacy.com announced an API integration that lets users create virtual cards in their browser quickly and safely when they need to make a payment. The FTC reports that credit card fraud is by far the most common type of identity theft, occurring in 41.8% of all identity theft reports. READ MORE...