IT Security Newsletter - 10/19/2021
"Killware": Is it just as bad as it sounds?
On October 12, after interviewing US Secretary of Homeland Security Alejandro Mayorkas, USA TODAY's editorial board warned its readers about a dangerous new form of cyberattack under this eye-catching headline: "The next big cyberthreat isn't ransomware. It's killware. And it's just as bad as it sounds." While "killware" sounds scary, the term itself is unhelpful when describing the many types of cyberattacks that, "can literally end lives," and that's because nearly any type of hack can result in death. READ MORE...
Free BlackByte decryptor released, after researchers say they found flaw in ransomware code
With so much bad news about ransomware in the headlines every day, it's good to share some good news. Security experts at Trustwave have released a free decryption tool that can be used by BlackByte ransomware victims to decrypt and recover their files. That's right - you don't need to pay the ransom. In a series of posts on their SpiderLabs blog, Trustwave's Rodel Mendrez and Lloyd Macrohon explained that they uncovered an "odd" design decision in the BlackByte ransomware's ncryption algorithm. READ MORE...
Suspected Chinese hackers behind attacks on ten Israeli hospitals
A joint announcement from the Ministry of Health and the National Cyber Directorate in Israel describes a spike in ransomware attacks over the weekend that targeted the systems of nine health institutes in the country. In the joint announcement, the Israeli government states that the attempts resulted in no damage to the hospitals and the medical organizations, thanks to national-level coordination and the quick and decisive response of the local IT teams. READ MORE...
Microsoft fixes Surface Pro 3 TPM bypass with public exploit code
Microsoft has patched a security feature bypass vulnerability impacting Surface Pro 3 tablets, enabling threat actors to introduce malicious devices within enterprise environments. The security flaw, dubbed TPM Carte Blanche by Google security researchers who discovered it, is tracked as CVE-2021-42299 and can be exploited in high complexity attacks by attackers with access to the owner's credentials or physical access to the device. READ MORE...
Loss Prevention Teams Up With Cybersecurity to Address Retail Fraud
As retailers roll out more "buy online, pickup in-store" options, loss prevention professionals are increasingly shifting their attention from in-store theft to e-commerce fraud. Prior to the Covid-19 pandemic, most retailers treated omnichannel options as add-ons to their brick-and-mortar storefronts. Then the coronavirus-and the subsequent anxiety around shopping in stores-made home delivery, buy online, pick up in-store, and curbside pickup options a necessity. READ MORE...
- ...in 1789, John Jay is sworn in as the first Chief Justice of the United States.
- ...in 1945, actor John Lithgow ("Terms of Endearment", "3rd Rock from the Sun") is born in Rochester, NY.
- ...in 1962, professional boxer Evander Holyfield is born in Atmore, AL.
- ...in 1987, stock markets around the world crashed in what became known as "Black Monday."