Microsoft on Tuesday released updates to fix roughly four dozen security issues with its Windows operating systems and related software. All things considered, this first Patch Tuesday of 2019 is fairly mild, bereft as it is of any new Adobe Flash updates or zero-day exploits. But there are a few spicy bits to keep in mind. Read on for the gory details.
The personal information of more than a billion people was compromised in 2018 as companies holding the data failed to keep it safe.
DOVER — Delaware State Police issued an advisory Monday in response to a recent phone scam involving a 'spoofed phone number.' Authorities were made aware of two incidents in which individuals received a phone call from a female claiming to be an agent from Dover. The caller identified herself as agent Lisa Smith and provided a badge number #K4L14799, police said.
Gift cards are a notoriously popular item to give during the holidays, and scammers know this. Scammers use multiple tactics to steal money off of gift cards without the card holder even knowing.
The company has determined that hackers had unauthorized access on Starwood’s guest database dating back to 2014. Hackers copied and encrypted guest information, then “took steps towards removing it,” the company said. Marriott acquired Starwood in 2016.
Effective November 2, 2018, Ohio's Data Protection Act (DPA) has been supplemented with an incentive-based mechanism to strengthen cybersecurity business practices.
Malicious actors could cause serious damage to organizations in the energy and water sectors by targeting their human-machine interfaces (HMIs), according to a report released by Trend Micro on Tuesday.
A proposed agreement that would settle a class action suit against Yahoo over record-breaking data breaches could see the company pay as much as $85 million.
A tale of two different ransomware victims' responses: One town in Connecticut says it was left with little choice but to pay a ransom after attackers crypto-locked its systems. But a water utility in North Carolina, which was hit by a similar attack, says it will rebuild its systems rather than give attackers any money.
It’s been a busy few weeks for cybersecurity researchers and reporters. There was the Facebook hack, the Google Plus data breach, and allegations that the Chinese government implanted spying chips in hardware components.
DOVER, Del. — The Delaware Department of Technology and Information (DTI) is pleased to announce that Chief Information Officer James Collins has been elected to serve as the National Association for State Chief Information Officers (NASCIO) Executive Committee President for the 2018-19 program year. The organization made the announcement Sunday during its annual conference in San Diego. CIO Collins previously served as vice president and succeeds Bo Reese, Chief Information Officer for the State of Oklahoma as president.
Clearwater, FL, October 17, 2018 – (ISC) – the world’s largest nonprofit association of certified cybersecurity professionals – today announced the findings of the 2018 (ISC) Cybersecurity Workforce Study. The research shows a widening of the global cybersecurity workforce gap to nearly three million across North America, Latin America, Asia-Pacific (APAC), and Europe, the Middle East and Africa (EMEA).
CYBERCRIMINALS UTILIZE SOCIAL ENGINEERING TECHNIQUES TO OBTAIN EMPLOYEE CREDENTIALS TO CONDUCT PAYROLL DIVERSION
The IC3 has received complaints reporting cybercriminals are targeting the online payroll accounts of employees in a variety of industries. Institutions most affected are education, healthcare, and commercial airway transportation.
Several days after the Port of San Diego was hit by a crypto-locking ransomware attack, information security experts are continuing to respond to the incident and many port systems remain offline.
There’s an email scam underway in which criminals are trying to get your information to steal your paycheck, the FBI has warned. The FBI’s Internet Crime Complaint Center said cybercriminals are using “phishing emails” to try and get Americans to give them pertinent information used to take paychecks.
Credit bureau Equifax has been hit with the maximum possible fine under U.K. law for "multiple failures" that contributed to its massive 2017 data breach, including its failure to act on a critical vulnerability alert issued by the U.S. Department of Homeland Security.
Criminals operating online continue to target cryptocurrencies, leverage phishing and other social engineering attacks, as well as tweak age-old scams - including Nigerian prince emails - for the modern age. Those are just a handful of takeaways from the Internet Organized Crime Threat Assessment for 2018 from Europol, the EU's law enforcement intelligence agency.
BRETT JOHNSON IS AN IMPOSING and charismatic ex-con whom the U.S. Secret Service once dubbed the “Original Internet Godfather.” His criminal masterstroke? Creating “Shadowcrew,” one of the first online forums where bad guys could safely buy guns, stolen credit cards, Social Security numbers and every drug imaginable. But Shadowcrew was shut down by federal agents in 2004, and for the next decade Brett was in and out of prison. At one point he went on a four-month run from the law, funded by roughly $500,000 he stole from ATMs. That landed him on the Secret Service’s “Most Wanted” list.
He’s the good guy of our story.
Your car is a computer that stores a lot of information about you — just like your smartphone or home computer. When you sell or donate your car, that personal data might be accessible to the next owner if you don’t take steps to remove it.
At its most basic level, a SIM swap is when someone convinces your carrier to switch your phone number over to a SIM card they own.
Three Members of Notorious International Cybercrime Group “Fin7” In Custody for Role in Attacking Over 100 U.S. companies
Three high-ranking members of a sophisticated international cybercrime group operating out of Eastern Europe have been arrested and are currently in custody facing charges filed in U.S. District Court in Seattle, announced Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division, U.S. Attorney Annette L. Hayes for the Western District of Washington and Special Agent in Charge Jay S. Tabb Jr. of the FBI Seattle Field Office.
On Monday, the FBI announced the arrest of 74 people across the world — including 29 people in Nigeria and 41 in the United States — who authorities say were part of complex international networks that combed filings by the Securities and Exchange Commission, spoofed CEO emails and successfully targeted even hardened employees whose jobs are to safeguard their companies from financial mismanagement.
Facebook has data-sharing partnerships with at least four Chinese electronics companies, including a manufacturing giant that has a close relationship with China’s government, the social media company said on Tuesday.
A New York Times investigation published late Sunday revealed the scope of data-sharing deals Facebook (FB) struck over the years with companies like Apple (AAPL), Samsung (SSNLF) and Microsoft (MSFT). The partnerships give some device makers access to Facebook users' education history, relationship status, work, religion, political leaning and upcoming events, the Times reported.
The more than 200 attendees were from all across the state, from Northern Wilmington to Delmar, and all different educational backgrounds, from 31 different public, private, charter, and home schools . They spent a full school day at the University of Wilmington-Dover campus.
For the first time in the ten year history of the contest there was a complete sweep of winners from the same school. Art teacher Kelly Walzl’s fourth grade students Aubrie Rodriguez, Clayton Starkey, and Catalina Syto placed first, second and third, respectively. These students’ posters were judged to be the best among 1,400 submissions.
A Facebook notification on Gary Bernhardt’s phone woke him up one night last November with incredible news: a message from Mark Zuckerberg himself, saying that he had won $750,000 in the Facebook lottery.
"Serving as the White House's cybersecurity coordinator for the last 14-months has been a tremendous opportunity to work on some of our nation's most important cyber challenges," Joyce said in a statement, according to The Washington Post. "I look forward to continuing to serve our nation at the agency I've called home for the last 27 years."
What would happen if an unfriendly nation tried to take down the power grid, or the air traffic control system, or blow up a chemical plant with a cyberattack? How would government agencies respond to such a threat?
The five-time Cybersecurity State Champs showed up big time during a 24-hour "sleepover hackathon" that earned one Padua team the No. 1 rank in Delaware.
The Delaware State Police are working to inform the public about the dangers of credit card skimming devices. The devices, which fit simply and inconspicuously over top of credit card readers, have been found throughout the state, primarily at ATMs and gas stations. Police are working with both businesses and banks to get the situation under control.
DHS and FBI characterize this activity as a multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks. After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS).
State police say the devices, which can steal your banking information, have been found at businesses up and down the First State. The Delaware State Police are currently investigating several places where skimming devices have been reported. These devices have been primarily placed at ATM’s and gas stations.
Hackers have crashed the Winter Olympics, apparently by using destructive malware. On Friday, shortly before the opening ceremonies of the Olympic Winter Games in South Korea, the official Pyeongchang 2018 site stopped working, leaving attendees unable to print tickets. In addition, the WiFi in Pyeonchang Olympic stadium stopped working, as did televisions and internet access in the main press center, the Guardian first reported. It said the website wasn't restored until 12 hours later, on Saturday morning.
The Multi-State Information Sharing and Analysis Center (MS-ISAC) started a mentoring program in 2012, and this nationwide career-enhancing strategy for security leaders has grown to become stronger than ever. Here are the details on how the mentoring program works and interviews on the benefits with government mentors and mentees. Most important, why you should care and how to get involved.
In a call center, somewhere on Earth, a telephone rang. John picked up. On the other end of the line was a man who spoke in a preposterously fake Russian accent and introduced himself as “Vicktor Viktoor,” which was not his real name.
Listen up, girls. Delaware needs your help this month defending the state's internet grid against a gang of cybercriminals and hackers. Our online safety and security rest in your hands. Report to Cyber Protection Agency headquarters and get to work immediately!
Ransomware attacks on business increased by 90% in 2017, while attacks on consumers leapt by 93%, according to the latest annual state of malware report by security firm Malwarebytes.
Delaware leaders are offering a free training opportunity for high school girls interested in a career in cybersecurity. The partnership between the state and the SANS Institute offers cybersecurity training for high school girls in Delaware to find out if they have talent or interest in the field through a free online game called, "Girls Go CyberStart".
Delaware is continuing its efforts to find the next generation of cybersecurity professionals. The First State has signed on to participate in the new GirlsGoCyberStart initiative this February.
LAS VEGAS — Before unleashing a futuristic spectacle during his CES keynote here Monday night, Intel CEO Brian Krzanich addressed the recent security flaws in processors made by it and other chip makers.
According to developer Alex Ionescu, Apple introduced a fix in macOS 10.13.2, with additional tweaks set to be introduced in macOS 10.13.3, currently in beta testing. AppleInsider also says that it has heard from "multiple sources within Apple" that updates made in macOS 10.13.2 have mitigated "most" security concerns associated with the KPTI vulnerability.
Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.
Researchers have finally disclosed complete technical details of two kernel side-channel attacks, Meltdown and Spectre—which affect not only Intel but also systems and devices running AMD, ARM processors—allowing attackers to steal sensitive data from the system memory.
Delaware’s economy is based on innovation, and technology takes center stage. To be prepared to meet future demands, our state must focus on building a pipeline of talented security professionals.
WASHINGTON — The Federal Communications Commission voted on Thursday to dismantle rules regulating the businesses that connect consumers to the internet, granting broadband companies the power to potentially reshape Americans’ online experiences.
Internships for veterans, cyber classes for high school and college students and mentoring programs — aimed especially at middle-school girls — are among the ways states are trying to beef up their cybersecurity ranks. Cybersecurity is the most pressing issue for state information technology officials, as hackers and cybercriminals increasingly take aim at government networks, which contain information such as Social Security, bank account and credit card numbers of millions of people and businesses.
Government agencies that deal with cybersecurity, like the National Security Agency, have two competing interests. On the one hand, they want to protect America's online infrastructure and economy from cyberattacks. On the other hand, government agencies want to harness tools to attack opponents in cyberspace.
Why wait for Black Friday — or Cyber Monday — to shop? After all, holiday shopping deals are all over the place already. But if you think you're too smart to get caught by a scammer, well, think again. Two in five U.S. consumers have fallen victim to an online phishing attack, according to a 2017 Cyber Monday Phishing Survey by DomainTools.
While Macs offer strong security protections, they are far from immune to malware, according to new data from security firm Avast. Since January 2017, Avast has blocked more than 250 million malware threats aimed at their Mac customers.
The Internet of Things (IoT) is causing serious security concerns for enterprises worldwide with few companies capable of securing them as they are unable to identify devices properly, according to new research.
A sneaky app maker pretended to be the actual WhatsApp service with an app called Update WhatsApp Messenger. But it copped the developer title "WhatsApp Inc."—the same title the actual Facebook-owned chat messenger uses on Google Play.
It doesn't take long for security research into IoT vulnerabilities to swerve into creepy territory. As more internet-capable home appliances with built-in cameras, microphones and sensors replace legacy appliances, the potential for exploitable security flaws that might be used for incredibly invasive privacy violations dramatically increases.
While you're out there living your life, cybercriminals are at work trying to get something that isn't theirs - all day, every night, on weekends and holidays, 24/7. You can see the constant combat on a map of the world - hundreds of thousands of real-time attacks - on security websites such as FireEye, whose CEO, David DeWalt, earned his degree in computer science at the University of Delaware.
Russia, Ukraine and Turkey are among the nations that have fallen victim to Bad Rabbit, which appears to be related to Petya.
CNBC's Eamon Javers reports government officials are warning of possible hacks on energy and industrial firms.
"Cybercrime is one of the greatest threats to our nation and we live in a world where we increasingly rely on electronic information storage and communication that must be protected,” said Governor Carney. “The importance of cyber security cannot be overstated, and Delaware’s innovation economy needs a talented pipeline of cyber security professionals."
OpenBracket goes into its second year with more than $100,000 in prizes. The figure doubled from the previous year.
If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.
Credit monitor Equifax said Thursday that hackers have gained access to personal information belonging to 143 million U.S. consumers after exploiting a vulnerability on the company's website. Now the unwitting victims have to worry about the threat of having their identities stolen.
The Food and Drug Administration on Tuesday issued an alert about the first recall of a network-connected implantable device due to cybersecurity vulnerabilities.
NEWARK, Del. – Governor John Carney on Thursday signed into law House Substitute 1 for House Bill 180, legislation that requires additional protections for Delawareans whose personal information may be compromised in a computer breach, including additional notifications and free credit monitoring services.
A group of Delaware Technical Community College students asserted their place as top cybersecurity talents after winning a national Capture-the-Flag competition on July 21.
The Best States for Data Innovation, released on Monday, July 31 by the Washington, D.C.-based Center for Data Innovation, ranked Massachusetts, Washington and Maryland as the No. 1, 2 and 3 states overall. Delaware followed fourth-ranked California in rounding out the top five, while Utah placed sixth; Virginia got spot No. 7; Oregon placed eighth; transportation innovator Colorado ran ninth; and New York was 10th.
In a two-pronged approach to cultivate tech talent and create jobs, Delaware has launched a $650,000 cybersecurity training and scholarship program for high school and college students.
Skimming devices that crooks install inside fuel station gas pumps frequently rely on an embedded Bluetooth component allowing thieves to collect stolen credit card data from the pumps wirelessly with any mobile device. The downside of this approach is that Bluetooth-based skimmers can be detected by anyone else with a mobile device. Now, investigators in the New York say they are starting to see pump skimmers that use cannibalized cell phone components to send stolen card data via text message.
The FBI encourages consumers to consider cyber security prior to introducing smart, interactive, internet-connected toys into their homes or trusted environments. Smart toys and entertainment devices for children are increasingly incorporating technologies that learn and tailor their behaviors based on user interactions. These toys typically contain sensors, microphones, cameras, data storage components, and other multimedia capabilities – including speech recognition and GPS options. These features could put the privacy and safety of children at risk due to the large amount of personal information that may be unwittingly disclosed.
Governor Carney, Chief Information Officer Announce Innovative Cybersecurity Partnership for Students
Governor John Carney announced on Friday a new, innovative cybersecurity training partnership between the SANS Institute and the State of Delaware that provides Delaware high school juniors and seniors at least 16 years old, and college students interested in a cybersecurity career, the opportunity to learn basic cybersecurity skills and test their aptitude through a no-cost online game of discovery called CyberStart.
On July 6, 2017, the Federal Trade Commission (FTC) issued an alert on scammers posing as FTC officials who contact individuals and claim they have won prizes from a charity contest. The scammers ask for money to cover taxes or insurance costs associated with the prize. While this is a new malicious campaign, scammers use these basic tactics time and time again with slightly different wording to take advantage of unsuspecting individuals.
Two women helping to lead Delaware's future economic growth in the fields of science and technology will headline this year's Inspiring Women in STEM Conference. The annual conference is designed to provide professional development, skill building and networking for women in all fields of science and technology.
Computer systems from Ukraine to the United States were struck on Tuesday in an international cyberattack that was similar to a recent assault that crippled tens of thousands of machines worldwide.
A ransomware attack hit computers across the world on Tuesday, taking out servers at Russia's biggest oil company, disrupting operations at Ukrainian banks, and shutting down computers at multinational shipping and advertising firms.
A Delaware hacker, connected to high-profile, multimillion-dollar cyber thefts during the past decade, is a target of the FBI — evidenced by federal agents' recent seizure of a new BMW coupe and nearly $40,000 in cash from his Wilmington-area home.
Mr. Ben-Oni has been sounding alarm bells, calling anyone who will listen at the White House, the Federal Bureau of Investigation, the New Jersey attorney general’s office and the top cybersecurity companies in the country to warn them about an attack that may still be invisibly striking victims undetected around the world.
To inspire a familiarity and interest in cybersecurity among girls, the Girl Scouts of the USA partnered with Palo Alto Networks to create 18 new cybersecurity badges.
The ISMG Security Report leads with testimony from the CEO of the company that crippled WannaCry's ransomware component who explains to Congress how the worm continues to attack unpatched systems at increasing rates.
WSC to Partner with SANS Women’s Immersion Academy to Increase Participation of Women in the Information Security Workforce Collaboration to provide high-potential students with tuition-free, scholarship-based cybersecurity training. Review the Press Release.
The effects of WannaCry, the ransomware dominating international headlines, continue to be felt by organizations and individuals alike. If you or anyone you know has had a device infected, (ISC)2 has advice for stopping and remediating the attack.
AN ACT TO AMEND TITLE 6 OF THE DELAWARE CODE RELATING TO BREACHES OF SECURITY INVOLVING PERSONAL INFORMATION.
This Act amends Chapter 12B of Title 6 to update Delaware's law regarding computer security breaches. This Act makes technical corrections to conform to the standards of the Delaware Legislative Drafting Manual, including the use of the term "person" to mean both an individual and an artificial entity.
SAN FRANCISCO — Intelligence officials and private security experts say that new digital clues point to North Korean-linked hackers as likely suspects in the sweeping ransomware attacks that have crippled computer systems around the world.
A massive cyberattack has been spreading across the globe since Friday, May 12, 2017, hitting hundred of thousands of computers and crippling major government and corporate operations. The malware is known as WannaCry, and here's what you need to know.
The latest version of this ransomware variant, known as WannaCry, WCry, or Wanna Decryptor, was discovered the morning of May 12, 2017, by an independent security researcher and has spread rapidly over several hours, with initial reports beginning around 4:00 AM EDT, May 12, 2017. Open-source reporting indicates a requested ransom of .1781 bitcoins, roughly $300 U.S.
“Find your passion and figure out how to turn it into a career. Then work won’t seem like work,” State Cyber Security Officer Elayne Starkey encouraged the nearly 300 teen girls who attended DigiGirlz Day Tuesday.
Alleged ‘Orange Is the New Black’ Episodes Posted After Hackers Demand Ransom. Fans of the Netflix prison drama "Orange Is the New Black" face a dilemma after hackers claimed to have leaked most of the new season's 13 episodes this weekend — wait more than a month for the official release date or give in and download the pirated shows.
In 2015, the average profit for a cyber thief through ransomware was $294. Symantec found in its Internet Security Threat Report that demands have more than tripled, jumping up 266 percent to an average $1,077 per victim. Depending on how important the files are, it might be cheaper to just buy a new computer.
People are being warned about an old phishing technique capable of duping even the most clued-up internet users. The attack exploits the fact that lots of different characters look identical.
An attack set off all the emergency sirens in Dallas, Texas, for a spell of around 90 minutes on Friday night. As reported by Reuters, the attack successfully triggered 156 sirens, normally used to warn of dangerous weather conditions such as tornadoes, at 11.42 p.m. CDT. It took engineers until 1:17 a.m. on Saturday to manually shut down the sirens’ radio system and repeaters.
The tax deadline this year is April 18, but thieves looking to steal tax returns likely started as early as January, sending about 300 to 1,000 scams a week. If they don't file a fraudulent tax return before the real person does, the thief simply moves on to the next victim.
Cybersecurity has a gender problem: Only 11% of the world's information security workforce are women, according to the Women's Society of Cyberjutsu (WSC) -- a 501(c)3 non-profit passionate about helping and empowering women to succeed in the Cybersecurity field.
Families applying for federal student aid are facing extra hurdles this year after a potential data breach led federal officials to remove an online tool that smoothed the process. The Education Department and the Internal Revenue Service said Thursday that an online service known as the Data Retrieval Tool will stay offline for the rest of this application season. In the past, families could use the tool to import their tax information automatically to the Free Application for Federal Student Aid, a complex form needed to get federal aid.
KrebsOnSecurity recently featured the story of a Brazilian man who was peppered with phishing attacks trying to steal his Apple iCloud username and password after his wife’s phone was stolen in a brazen daylight mugging. Today, we’ll take an insider’s look at an Apple iCloud phishing gang that appears to work quite closely with organized crime rings — within the United States and beyond — to remotely unlock and erase stolen Apple devices.
On Tuesday, WikiLeaks released a huge cache of documents that detail how the C.I.A. has collected various types of cyberweapons, including so-called zero-day vulnerabilities that would expose iPhones, Android phones, Windows and Linux computers, internet-connected televisions and maybe even high-tech cars to hackers.
U.S. Department of Health and Human Services, as required by section 13402(e)(4) of the HITECH Act, the Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals. These breaches are now posted in a new, more accessible format that allows users to search and sort the posted breaches. Additionally, this new format includes brief summaries of the breach cases that OCR has investigated and closed, as well as the names of private practice providers who have reported breaches of unsecured protected health information to the Secretary.
MODERN homes today are getting internet-connected light bulbs, thermostats, TVs and speakers. So with a simple voice command or the touch of a button on our smartphones, we can set the temperature, turn on a light or prepare the TV to record a program. What could go wrong?
Refunds for more than 40 million low-income families could be delayed by the IRS this year, as the tax agency looks to leverage the extra time to combat identity theft and fraud.
Two subcontractors of Highmark Blue Cross Blue Shield of Delaware were breached in an incident that has compromised 16 of the insurer's self-insured customers and about 19,000 of their members.