Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

Federal Agencies Hit with 30,899 Cyberincidents in 2016

The Office of Management and Budget (OMB) released a report this week indicating that federal agencies experience almost 31,000 cyberincidents in 2016. The Federal Deposit Insurance Corporation was responsible for 10 of 16 major incidents. These incidents resulted when personally identifiable information was able to be downloaded onto removable media. Despite the dismal number of … Continue Reading

Experts Warning of New Google Chrome Malware Scam

Cybersecurity experts have been warning users about a Google Chrome scam that targets Windows users in the US, UK, Canada and Australia. The scam, which began in December, uses a pop-up stating “The ‘HoeflerText’ font wasn’t found” and tells users to download an update, which is actually malware. The malware campaign started on December 10, … Continue Reading

Cloudflare Software Bug Causes Data Leak

Cloudflare, Inc., a provider of performance and security solutions for websites, recently disclosed that a software bug caused it to leak customer data that was then cached by search engines. Uber, Fitbit, and OkCupid sites may have been affected. While the leaked data is believed to contain private information, the extent of that information is … Continue Reading

NIST Issues Practice Guide for Electric Utilities

On February 16, 2017, the National Cybersecurity Center of Excellence released its draft practice guide for electric utilities, entitled “Situational Awareness for Electric Utilities.” The guide was developed to provide an example solution that can be used by electric utilities to alert staff to the potential for or an actual cyber-attack directed at the electric … Continue Reading

New York Financial Services Cybersecurity Regulations Go Into Effect on March 1

We have previously reported about the upcoming New York Financial Services Cybersecurity Regulations [view related posts here and here]. On February 16, 2017, Governor Andrew M. Cuomo announced that “the first-in the-nation cybersecurity regulation to protect New York’s financial services industry and consumers from the ever-growing threat of cyber-attacks will take effect on March 1, … Continue Reading

Sony Cyber-Attackers Lurking at Financial Supervisor “Watering Hole” Target Banks and Others

Cybersecurity specialists at BAE Systems and Symantec announced last week new evidence suggesting that the criminals behind the notorious 2014 attack on Sony Corp. are also responsible for recent cyber-attacks involving 104 organizations in 31 countries. Researchers and investigators have long attributed the 2014 Sony attack, which crippled computer systems and revealed internal emails, to … Continue Reading

Cybersecurity Threats for Treasury & Payment Management Systems Report Released

Pactera Technologies N.A., Inc. [www.Pactera.com] has released the report “Cybersecurity Threats for Treasury & Payment Management Systems: Six Things you Should Know to Manage Them.” It is easy to understand and pertinent, particularly this time of year, when we are seeing a drastic increase in phishing and scams aimed at finance departments. According to the report “[t]he … Continue Reading

CFOs Identify Cyber-Attacks as One of their Top Operational Risks

FM Global and CFO Research Services have partnered together and recently issued a study titled “Finance’s Role in Operational Risk Management: CFO Research on Building a Resilient Company.” The study was based on polling 100 senior financial executives from US Fortune 1000 companies. The CFOs’ top operational concerns included equipment failure, data breaches and/or cyber-attacks … Continue Reading

Major League Baseball fines Cardinals and Plucks Draft Picks for Hacking the Astros

It doesn’t always pay to be a hacker. Major League Baseball (MLB) this week made a strong statement about its tolerance for teams hacking other teams. We previously reported on the incident when a Cardinals employee hacked into the Astros database to lift information about scouting and rankings of eligible draft picks. [view related posts … Continue Reading

Global Cybersecurity, Surveillance, and Privacy: The Obama Administration’s Conflicted Legacy

This article courtesy of guest blogger Prof. Peter Margulies of Roger Williams University School of Law. In the wake of Edward Snowden’s disclosures, the United States administration faced a daunting series of challenges on surveillance, cybersecurity, and privacy. Congress was reluctant to enact comprehensive legislation. Moreover, Snowden’s revelations had triggered an international trust deficit. To deal with … Continue Reading

Connecticut Town Struck by Cyber Fraud

On January 17, 2017, officials in Farmington, Connecticut disclosed that the town was recently the victim of a multi-million dollar theft likely perpetrated by sophisticated cybercriminals operating in China. The thieves intercepted a $2 million dollar Automated Clearing House (ACH) transfer that was intended as payment to a local company for work on a large … Continue Reading

NIST Releases Update to Cybersecurity Framework

The National Institute of Standards and Technology (NIST) has issued an update to its Framework for Improving Critical Infrastructure Cybersecurity, which includes information relating to managing supply chain risks, measuring methodology and reducing cybersecurity risks to organizations. The new guidance includes feedback that NIST has received following the release of the Framework in 2012, as … Continue Reading

Outgoing Homeland Security Chief: Cyber Security Has Improved But More Work Remains to Be Done

Following an election season characterized by missing emails, private servers and personal laptops, and amidst pervasive allegations of Russian cybercrimes, outgoing Secretary of Homeland Security Jeh C. Johnson issued an exit memo outlining the cybersecurity strides made by the Department of Homeland Security (DHS) during the Obama administration.  Despite acknowledging “tangible progress,” Johnson warned that … Continue Reading

Los Angeles Community College Pays Ransomware to Retrieve Data

On December 30, 2016, the Los Angeles Community College computer network was kidnapped by cyber criminals requesting a ransom for its return. The ransomware encrypted the college’s entire network system, including email and voice mail systems. Rather than attempt to restore all of the data days before classes were to resume, on January 4, 2017, … Continue Reading

Governor Cuomo Unveils Cybersecurity Proposals Including Cyber Incident Response Team

New York Governor Andrew Cuomo announced a series of cybersecurity proposals that are designed to protect consumers and government entities from cybercrime and identity theft. One of the proposals includes the creation of a Cyber Incident Response Team that would support state and local government bodies, critical infrastructure and schools. It will be led by … Continue Reading

Studies Show Ransomware up 6,000% and Reaps Billions and Phishing Emails are Used in 91% of all Cyber-Attacks

A recent IBM study shows that ransomware increased 6,000 percent in 2016 over 2015. According to the report, ransomware was present in almost 40 percent of all spam email messages. Ransomware is big business, since according to IBM Research, over 70 percent of business victims of ransomware pay the ransom for the key to get … Continue Reading

Three Chinese Citizens Charged with Hacking New York Law Firms

Preet Bharara, the U.S. Attorney for the Southern District of New York, announced that three Chinese citizens have been charged for attempting to hack into seven law firms involved in mergers and acquisitions to pilfer information to use for insider trading. The suspected hackers were successful in hacking into the information systems of two unidentified … Continue Reading

KillDisk a Threat for Industrial Control Systems

A new variant of the KillDisk malware is reportedly able to encrypt files and hold them for ransom instead of deleting them. Although KillDisk has been used in attacks aimed at industrial control systems (ICS), experts are now concerned that threat actors may be introducing ransomware into the industrial domain. Previous versions of KillDisk wiped … Continue Reading

The State of Cybersecurity in 2016 and the (potential) Great Cyber Fire

Cybersecurity hit the news hard in 2016. The number of high profile, and troubling, cyber incidents increased significantly. The Democratic National Committee and one of Clinton’s top advisor’s being hacked, with leaked emails by Russia, according to intelligence reports, may have influenced the U.S. election. Theft of document from the Mossack Fonseca law firm in … Continue Reading
LexBlog