The manufacturer of some of Halloween's most popular sweet treats has been hit with a ransomware attack that disrupted production mere weeks before the candy industry's biggest holiday. Chicago-based Ferrara Candy Co. confirmed publicly that a cyber-incident that encrypted some of its systems on Oct. 9, affecting the production of its numerous popular confection brands, including Brach's Candy Corn, which is a confection that divides candy enthusiasts into "love it" and "hate it" groups. READ MORE...
Hardly a week goes by without another major company falling victim to a ransomware attack. Nate Warfield, CTO at Prevailion, discusses the immense challenges in changing that status quo. Yes, security is hard - no one is ever 100 percent safe from the threats lurking out there. But how is it that time and time again, companies - big companies - are continuing to fall for ransomware attacks? Why aren't we getting any better at preventing them? READ MORE...
It's time to steer the conversation away from whether payment bans should be implemented to how and when they should take effect. While the ransomware spikes of 2021 appear to have temporarily subsided, the issue remains a pressing concern among the US cybersecurity community. On Sept. 21, the US Department of the Treasury announced a set of proposed sanctions and regulatory tools focused on disrupting the ransomware model by increasing ransom payment reporting to government agencies, among other actions. READ MORE...
The Commerce Department's Bureau of Industry and Security (BIS) today announced new controls that would ban U.S. companies from exporting and reselling software and hardware tools that could be used to fuel authoritarian practices through malicious hacking activities and human rights abuse. The rule will become effective in 90 days and will effectively ban the export of "cybersecurity items" for National Security (NS) and Anti-terrorism (AT) reasons. READ MORE...
Google has released a new version of its flagship Chrome web browser with patches for a total of 19 vulnerabilities, including 16 reported by external researchers. The most severe of these issues is CVE-2021-37981, a heap buffer overflow in Skia, for which a $20,000 bounty reward was paid, Google said in an advisory. Next in line are CVE-2021-37982 (use-after-free issue in the Incognito component) and CVE-2021-37983 (use-after-free error in Dev Tools). READ MORE...
SpyCloud released an analysis of IT security leaders' perceived threat of ransomware attacks and the maturity of their cybersecurity defenses. The report found that while 81% of those surveyed consider their security to be above average or exceptional, many lack basic cyber hygiene - 41% lack a password complexity requirement, one of the cheapest, easiest forms of protection, and only 55.6% have implemented multi-factor authentication (MFA). READ MORE...