An alert from the U.S. Federal Bureau of Investigation about Mamba ransomware reveals a weak spot in the encryption process that could help targeted organizations recover from the attack without paying the ransom. The FBI warns that Mamba ransomware attacks have been directed at entities in the public and private sector, including local governments, transportation agencies, legal services, technology services, industrial, commercial, manufacturing, and construction businesses. READ MORE...
Insurance giant CNA has suffered a ransomware attack using a new variant called Phoenix CryptoLocker that is possibly linked to the Evil Corp hacking group. This week, BleepingComputer reported that CNA had suffered a cyberattack impacting their online services and business operations. Soon after we reported on the attack, CNA issued a statement confirming that they had suffered a cyber attack last weekend. READ MORE...
The idea of a security platform is not new. Neither are the issues related to security and vendor sprawl inside an organization. The original idea behind the Next-Gen Firewall was to blend several products into a single platform to reduce IT overhead and simplify wiring closets that had been overrun with security devices. And it worked. NGFW solutions quickly became the cornerstone for security implementations in virtually every organization in the world. READ MORE...
In a change from its recent bombastic blather, the British government has published a new Defence Industrial Strategy that looks like it wants to put the infosec industry on a gold-plated pedestal. "Government also needs to provide complementary support to industry and ensure that the public sector can access the right skills to remain an intelligent customer," said the Defence and Security Industrial Strategy whitepaper published this week. READ MORE...
A cybersecurity researcher who specializes in industrial control systems (ICS) has identified three types of critical vulnerabilities in products made by human-machine interface (HMI) manufacturer Weintek. The Taiwan-based vendor's products are used worldwide. The company has posted a technical advisory instructing customers to install available patches and take steps to mitigate risks. It noted that the risk of exploitation is more significant if the devices are connected to an open network. READ MORE...
Web-facing applications continue to be one of the highest security risks present for organizations, with more than 40 percent of them actively leaking data in a way that can have a ripple affect across businesses and their partners, research has found. Moreover, manufacturing is particularly vulnerable to attacks through these apps, with 70 percent of applications having at least one serious vulnerability open over the previous 12 months, researchers found. READ MORE...
A bug-bounty program launched for the Teams desktop videoconferencing and collaboration application has big payouts for finding security holes. Microsoft wants to send the message the company is serious about the security of its popular Teams desktop application and it's willing to put some cash behind the talk. A new bug-bounty program offers up to $30,000 for security vulnerabilities, with top payouts going to those with the most potential to expose Teams user data. READ MORE...
Two high-severity vulnerabilities in the OpenSSL software library were disclosed on Thursday alongside the release of a patched version of the software, OpenSSL 1.1.1k. OpenSSL is widely used to implement the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, which support encrypted network connections. Alternatives include BoringSSL and LibreSSL, among others. READ MORE...
Fuel clips made from the plastic are cheaper, lighter, and more resistant. Slowly but surely, car companies are beginning to make themselves more sustainable. We most often hear about this in the context of using clean energy to power the production lines and assembly plants that put together new electric vehicles, but it shows up in smaller examples, too. Take Ford, for example. Working with HP, it has come up with a use for plastic waste left over from 3D printing. READ MORE...