Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

FBI Warns of Sharp Increase in Ransomware Attacks in Certain Sectors

The Federal Bureau of Investigations Internet Crime Complaint Center (IC3) recently issued a public service announcement warning private companies about the increasing numbers of ransomware attacks affecting private industry. According to the warning, “Although state and local governments have been particularly visible targets for ransomware attacks, ransomware actors have also targeted health care organizations, industrial … Continue Reading

URGENT/11 Cybersecurity Vulnerabilities Could Affect Medical Devices and Hospital Networks

On the heels of an FDA committee report concerning cybersecurity issues with medical devices [view related post] the U.S. Food and Drug Administration (FDA) issued an alert regarding cybersecurity vulnerabilities, referred to as “URGENT/11,” that could introduce risks for some medical devices and hospital networks. According to the FDA’s October 1st notice, the URGENT/11 vulnerabilities … Continue Reading

Ransomware Attacks Double in 2019: Medical Providers Can’t Recover and Shut Down

Consistent with our experience, security firm McAfee has confirmed in a report that ransomware attacks have doubled in 2019. Medical providers have been hit hard this year, and one provider, Wood Ranch Medical, located in California, is permanently closing following a ransomware attack. Wood Ranch was hit with a ransomware attack over the summer, and … Continue Reading

Cybersecurity and the Electric Grid – New GAO Report Identifies Actions Needed to Address Cybersecurity Risks

The United States Government Accounting Office (GAO) recently issued a report on the cybersecurity risks facing the electric grid. The GAO reviewed the cybersecurity of the electric grid to determine the risks and challenges facing the grid, to describe federal efforts to address those risks, to assess the extent to which the Department of Energy … Continue Reading

Click2Gov Portal Compromised in Eight Cities

Many cities in the United States utilize a self-pay portal for residents to pay bills online, known as Click2Gov. Click2Gov was compromised in 2017 and 2018, when hackers were able to access over 300,000 payment cards and reportedly made more than $2 million in the heist. It is being reported this week by security researchers … Continue Reading

Cybersecurity Risks in Medical Devices Discussed at Recent FDA Meeting

The Patient Engagement Advisory Committee (Committee) to the Food and Drug Association (FDA) met recently to discuss cybersecurity in medical devices. Medical devices are increasingly connected to the internet, hospital networks, and other medical devices to provide features designed to improve healthcare and increase providers’ ability to treat patients. However, as medical devices become more … Continue Reading

Almost Entire Ecuadorian Population Affected by Massive Data Breach

The Ecuadorian Ministry of Telecommunications and Information Security has announced an investigation into data analytics company Novaestrat after news broke this week that the company left an Elasticsearch server open without any password protection, allowing open access to the data. According to officials, Novaestrat was not supposed to have the data in the first place. … Continue Reading

Colleges and Universities at Risk for Cyber-Attacks as School Year Starts

It’s a busy time for colleges and universities as the fall semester starts and campuses are bustling with activity. It’s also the perfect time for cyber criminals to create mayhem for institutions of higher education with a cyber-attack. That is exactly what happened to Regis University in Denver, Colorado. The university had to shut down … Continue Reading

Twenty-three Texas Municipalities Crushed by Coordinated Ransomware Attack

We have definitely seen an uptick in the number of ransomware attacks against municipalities around the country. Thus far, the attacks have been against single cities, towns, and court systems, and recently against a Louisiana school system. The pace and coordination of these attacks have magnified, as evidenced by the coordinated and simultaneous ransomware attacks this … Continue Reading

Security Researchers Find Biometric Data on 28 Million Records Is Exposed

It was reported this week by The Guardian and Forbes that security researchers from Vpnmentor have discovered and published a report that Suprema, a company that collects and monitors biometric information such as fingerprints and facial recognition data, has left exposed the biometric information of 28 million records and 23 gigabytes of data insecure. Suprema … Continue Reading

New Threat to Companies: Warshipping

It is so hard to keep up with the latest ways the bad guys try to infiltrate company data. One new technique is called warshipping, and its implementation is pretty simple and a little old school. IBM X-Force Red investigated the technique to give its customers an idea of the newest threats to enterprise systems. … Continue Reading

Louisiana Governor Declares Statewide Emergency After Cyber-Attacks Against School Systems

Louisiana Governor John Bel Edwards, for the first time in history, declared a statewide cybersecurity emergency last week, following cyber-attacks against several school systems in the state. By declaring a cybersecurity emergency, the state is able to garner needed resources, including cybersecurity experts from the Louisiana National Guard, State Police, the Office of Technology Services, … Continue Reading

Federal Reserve White Paper on Synthetic Identity Payments Fraud—A Growing Problem in the U.S. That Affects Consumers, Businesses, Financial Institutions, Government Agencies and the Health Care Industry

In the Federal Reserve’s July 11, 2019 White Paper, “Synthetic Identity Fraud in the U.S. Payment System, A Review of Causes and Contributing Factors,” the authors conclude that synthetic identity fraud is a serious and growing problem for the U.S. payments ecosystem that can only be addressed by a collaborative effort among all payments industry … Continue Reading

U.S. Cyber Command Issues Warning About Microsoft Outlook Vulnerability

Hackers are targeting U.S. government networks, according to U.S. Cyber Command, which says there is a vulnerability of CVE-2017-1174, which is a two year old flaw in Microsoft Outlook that is being used by attackers to install remote access Trojans and other malware. U.S. Cyber Command recommends that the vulnerability be patched to prevent exploitation. … Continue Reading

2018 Cyber Incident & Breach Trends Report “All Bad”

The Internet Society’s Online Trust Alliance just released its “2018 Cyber Incident & Breach Trends Report, which says “2018–Some Better, Some Worse, All Bad.” That’s our experience, too. Here are the highlights from the report, which can be accessed here. Although the number of data breaches and exposed records decreased, and ransomware and DDoS (distributed … Continue Reading

DHS Warns Businesses of Risk of Iranian-Backed Wiper Malware Attacks

The tension with Iran has generally increased, and it has been reported that the U.S. has launched a cyber-attack against Iran. In retaliation, the risk of Iranian-backed wiper malware attacks against U.S. businesses and government agencies has increased, according to the Department of Homeland Security (DHS). DHS recently issued a warning to U.S. businesses to … Continue Reading

Florida Municipalities Getting Hammered with Ransomware

Security researchers have warned municipalities repeatedly about how they are being targeted with ransomware, that they are at high risk, and the need to make data security a high priority. Municipalities are unfortunately only taking heed now that recent ransomware campaigns are in the news and bringing some municipalities to their knees [view related posts … Continue Reading
LexBlog