Report: Missouri Governor's Office Responsible for Teacher Data Leak
Missouri Governor Mike Parson made headlines last year when he vowed to criminally prosecute a journalist for reporting a security flaw in a state website that exposed personal information of more than 100,000 teachers. But Missouri prosecutors now say they will not pursue charges following revelations that the data had been exposed since 2011 - two years after responsibility for securing the state's IT systems was centralized within Parson's own Office of Administration. READ MORE...
Cyberattack Hits Global Operations of Logistics Giant Expeditors International
Seattle, Washington-based logistics giant Expeditors International on Sunday announced the disruption of its global systems as a result of a cyberattack. The Fortune 500 company said it had shut down most of its operating systems, and in an update shared on Monday informed customers that its operations had still been impacted. The company described it as a "targeted cyberattack," but shared no other details. Based on its brief description of the incident, it may have been a ransomware attack. READ MORE...
Cybercriminals Seek to Profit From Russia-Ukraine Conflict
Dark web threat actors are looking to take advantage of the tensions between Russia and Ukraine, offering network access and databases that could be relevant to those involved in the conflict, according to a new report from Accenture. Since mid-January, cybercriminals have started to advertise compromised assets relevant to the Russia-Ukraine conflict, and they are expected to increase their offering of databases and network access, with potentially crippling effects for the targeted organizations. READ MORE...
Entropy ransomware linked to Dridex malware downloader
Analysis of the recently-emerged Entropy ransomware reveals code-level similarities with the general purpose Dridex malware that started as a banking trojan. Two Entropy ransomware attacks against different organizations allowed researchers to connect the dots and establish a connection between the two pieces of malware. In a report today, Sophos principal researcher Andrew Brandt says that deeper inspection of the Entropy malware was prompted by a detection signature that had been created for catching Dridex. READ MORE...
Asustor NAS owners hit by DeadBolt ransomware attack
Owners of Asustor NAS drives have woken up to discover that data they believed was safe and sound on their network storage devices has instead been encrypted by ransomware, and that cybercriminals are demanding a ransom. Affected Asustor users have been posting on Asustor's support forum about how they discovered their NAS drives have been hit by the DeadBolt ransomware. READ MORE...
Gaming, Banking Trojans Dominate Mobile Malware Scene
The number of cyberattacks launched against mobile users was down last year, researchers have found - but don't pop the champagne just yet. The decline was offset by jacked-up, more sophisticated, more nimble mobile nastiness. In a Monday report, Kaspersky said that its researchers have observed a downward trend in the number of attacks on mobile users, as shown in the chart below. However, attacks are becoming more sophisticated in terms of both malware functionality and vectors. READ MORE...
CISA Warns of Attacks Exploiting Recent Vulnerabilities in Zabbix Monitoring Tool
The United States Cybersecurity and Infrastructure Security Agency (CISA) this week expanded its Known Exploited Vulnerabilities Catalog with two critical flaws in the Zabbix enterprise monitoring solution. Tracked as CVE-2022-23131 and CVE-2022-23134, the two vulnerabilities could be exploited to bypass authentication and gain administrator privileges, which could then allow an attacker to execute arbitrary commands. READ MORE...
Vulnerable Microsoft SQL Servers targeted with Cobalt Strike
Threat analysts have observed a new wave of attacks installing Cobalt Strike beacons on vulnerable Microsoft SQL Servers, leading to deeper infiltration and subsequent malware infections. MS-SQL Server is a popular database management system powering large internet applications to small single-system applets. However, many of these deployments aren't adequately secured as they are publicly exposed to the Internet with weak passwords. READ MORE...
Samsung shipped '100 million' phones with flawed encryption
Academics at Tel Aviv University in Israel have found that recent Android-based Samsung phones shipped with design flaws that allow the extraction of secret cryptographic keys. The researchers - Alon Shakevsky, Eyal Ronen, and Avishai Wool - describe their work in a paper titled, "Trust Dies in Darkness: Shedding Light on Samsung's TrustZone Keymaster Design," which is scheduled for presentation at Real World Crypto and USENIX Security, 2022. READ MORE...
- ...in 1861, President-elect Abraham Lincoln arrives in Washington amid secrecy and tight security, following a thwarted assassination attempt in Baltimore.
- ...in 1893, Rudolf Diesel receives a German patent for his compression-ignition engine, known today as the diesel engine.
- ...in 1945, AP photographer Joe Rosenthal takes a Pulitzer-winning shot of six US Marines raising the US flag atop Mt. Suribachi in the Battle of Iwo Jima.
- ...in 1954, a group of children in Pittsburgh, PA are the first to receive the new polio vaccine, developed by Dr. Jonas Salk of the University of Cincinnati.
