Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

U.S. Estimates that Cyber Hacks Cost Up to $109 Billion in 2016

The Council for Economic Advisors (CEA) issued a report this month, entitled “The Cost of Malicious Cyber Activity to the U.S. Economy,” which concludes that “malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016.” The Executive Summary further depressingly concludes: Malicious cyber activity directed at private and public entities … Continue Reading

DOJ Forms Cyber-Digital Task Force

The Department of Justice (DOJ) has announced that it is forming a Cyber-Digital Task Force that will combat global cyber threats. The Task Force will concentrate on gathering the methods that the DOJ uses to fight cyber threats and figure out ways law enforcement can combat the problem, starting with what efforts are being used … Continue Reading

SEC Updates Guidance on Public Companies’ Disclosure of Cyber-Attacks

The U.S. Securities and Exchange Commission (SEC) updated guidance to public companies this week on how and when they are to disclose cybersecurity risks and breaches. The SEC suggests that public companies should disclose potential weaknesses that have not been targeted by hackers. There has always been a tension between the SEC and public companies … Continue Reading

HaoBao Malware Hitting Banks Scans for Bitcoin Activity

Lazarus, the well-known hacking group responsible for the WannaCry ransomware attack from last year, as well as the attack on the Bangladesh Central Bank and Sony, is now targeting global financial firms and Bitcoin adopters with a phishing campaign dubbed “HaoBao.” The phishing campaign was discovered by McAfee Labs in mid-January. The way it works … Continue Reading

New York’s Landmark Cybersecurity Regulation Compliance Deadlines Looming

On February 15, 2018—that is, today—banks, insurance companies and other financial services institutions and licensees regulated by the New York Department of Financial Services (DFS) are required to file their first certification of compliance with DFS’s far reaching cybersecurity regulation (23 NYCRR Part 500) (the “Regulation”). The Regulation, which became effective on March 1, 2017, … Continue Reading

Cisco Warns of VPN Bug

Cisco is warning customers using its Adaptive Security Appliance (ASA) software about a VPN bug that could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code” and “allow an attacker to take full control of the system.” Because the bug, known as DVE-2018-0101 is easy to … Continue Reading

Class Action Suit Filed Against Allscripts for Ransomware Attack

Allscripts Healthcare Solutions Inc. notified its electronic medical record customers last week that a ransomware attack was behind the disruption of service for medical providers. Allscripts became the victim of the ransomware “SamSam” on January 18 which shut down providers’ access to their electronic medical records. Allscripts was able to restore some access, but a … Continue Reading

Cyber-attacks are the Third Greatest Global Risk in 2018

A new report issued by the World Economic Forum (WEF), called “Global Risks Report 2018,” lists the threat of cyber-warfare and cyber-attacks affecting the public as the world’s third greatest threat in 2018, only behind natural disasters and extreme weather. The report notes that because of an increased global reliance on connected devices and the … Continue Reading

NIST Issues Blockchain Technology Report to Help Businesses “Make Good Decisions” About Using Blockchain

On January 24, 2018, the National Institute of Standards and Technology (NIST) issued its “Draft NIST Interagency Report 8202 Blockchain Technology Overview” which it announced as NIST’s “Report on Blockchain Technology Aims to Go Beyond the Hype.” The press release announcing the issuance of the report starts by stating “Beguiling, baffling or both—that’s blockchain. Aiming to … Continue Reading

Google Tracking of Android Users Goes Beyond the Expected

By now most smartphone users are aware of location tracking used by both Apple and Android operating systems.  Basic location tracking is a system which uses GPS data to know the phone user’s location.  However, according to a recent article published by Quartz, Google’s data collection goes far beyond basic location tracking.  Not only does … Continue Reading

Think Tank Says Nuclear Missiles Can be Inadvertently Launched Through Cyber-Attacks

Just before the false alarm last weekend in Hawaii when residents were erroneously warned of an impending missile attack, think tank Chatham House issued a report stating that it had identified vulnerabilities in nuclear weapons systems located throughout the world that made them susceptible to malware and ransomware attacks that could lead to inadvertent missile … Continue Reading

Another Hitch in the Crypto Boom? North Korean Malware Hijacks Computers to Mine Monero Cryptocurrency

Researchers at cybersecurity firm AlienVault have discovered a computer virus of North Korean origin which infects and hijacks computers in order to mine Monero, a private digital currency which styles itself as “secure, private and untraceable.” Cryptocurrency mining is the resource-intensive process by which computers or “miners” running specific software verify cryptocurrency transactions. In exchange … Continue Reading

Health Care Organizations Saw an 89% Increase in Ransomware in 2017

Our experience last year is consistent with the conclusion of a new report issued by Cryptonite in its 2017 Health Care Cyber Research Report—that the number of hacking events targeted at health care entities involving ransomware increased a whopping 89% from 2016. The report analyzed the self-reporting database of the Office for Civil Rights (OCR) … Continue Reading

Spectre And Meltdown Vulnerabilities Affect Processors In Wide Range of Computing Devices

This week, the world learned of widespread and serious vulnerabilities in most central processing units (CPU). CPUs manage the instructions received from the hardware and software running on a computer.  The vulnerabilities, named Meltdown and Spectre, affect virtually every computer existing today, in particular those with Intel, Advanced Micro Devices, Inc. (AMD), Nvidia and Arm … Continue Reading

Federal Trade Commission Approves Settlement with Lenovo Over Ad Software

The Federal Trade Commission (FTC) has approved its proposed settlement with Lenovo, Inc. over the installation of pre-installed advertising software called VisualDiscovery onto Lenovo laptops. According to the FTC, the pre-installed software “interfered with how a user’s browser interacted with websites and created serious security vulnerabilities.” The settlement requires Lenovo to not misrepresent the features … Continue Reading

Protect Yourself From Year-End Charitable Giving Scams

December is traditionally a busy month for charitable giving, as many donors are inspired by the holiday season to give generously to those in need, while others look to make year-end gifts that will qualify for a tax deduction in the current tax year. Unfortunately, because of the increase in charitable giving, there is often … Continue Reading

Beware of New Ransomware—Spider Virus

There is no relief in sight for combating new strains of ransomware. One new ransomware, dubbed the Spider virus, was discovered by researchers at Netskope on December 10, 2017, and continues to attack victims to date. To implement the Spider Virus, attackers send malicious emails containing a Microsoft Office attachment that includes macros to potential … Continue Reading

$64 Million in Bitcoin Stolen from NiceHash

Many are lamenting not purchasing bitcoin now that its value has skyrocketed. Yesterday, Massachusetts Secretary of State William Galvin warned investors to stay away from investing in bitcoin, as he considers it a financial bubble that is a gamble for investors. Galvin stated: “It’s simply a creation of a vehicle which doesn’t exist backed by … Continue Reading

Russian Hackers: Desperate for U.S. Information

The latest report regarding Russia stealing U.S. cyber secrets is yet again centered around the National Security Agency (NSA), using Contractors to gain access, in some cases, to classified data. It has been reported that a NSA Contractor (fired back in 2015) put highly classified U.S. cyber secrets on his home computer, which included information … Continue Reading

CFPB Stops Collecting Personal Information in Light of Cybersecurity Concerns

The Consumer Financial Protection Bureau, one of the watchdogs of the financial services industry, has announced through Acting Director Mick Mulvaney, that it will no longer collect personal information of consumers due to cybersecurity concerns and in an effort to improve the CFPB’s cybersecurity program. According to Mulvaney, the Inspector General’s report this year about … Continue Reading

Compliance With New York’s Cybersecurity Regulation 23 NYCRR Part 500

On March 1, 2017, New York’s Cybersecurity Regulation (23 NYCRR Part 500)[1] became effective.  The regulation is the first of its kind in the nation and requires certain companies, including banks, insurance companies and other financial services institutions regulated by the Department of Financial Services (“Covered Entities”), to have: a cybersecurity program designed to protect … Continue Reading
LexBlog