Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

Russian Hackers: Desperate for U.S. Information

The latest report regarding Russia stealing U.S. cyber secrets is yet again centered around the National Security Agency (NSA), using Contractors to gain access, in some cases, to classified data. It has been reported that a NSA Contractor (fired back in 2015) put highly classified U.S. cyber secrets on his home computer, which included information … Continue Reading

CFPB Stops Collecting Personal Information in Light of Cybersecurity Concerns

The Consumer Financial Protection Bureau, one of the watchdogs of the financial services industry, has announced through Acting Director Mick Mulvaney, that it will no longer collect personal information of consumers due to cybersecurity concerns and in an effort to improve the CFPB’s cybersecurity program. According to Mulvaney, the Inspector General’s report this year about … Continue Reading

Compliance With New York’s Cybersecurity Regulation 23 NYCRR Part 500

On March 1, 2017, New York’s Cybersecurity Regulation (23 NYCRR Part 500)[1] became effective.  The regulation is the first of its kind in the nation and requires certain companies, including banks, insurance companies and other financial services institutions regulated by the Department of Financial Services (“Covered Entities”), to have: a cybersecurity program designed to protect … Continue Reading

Intel Bug Affects Millions of Devices

Intel has confirmed that a bug in its remote server management tool, known as Management Engine, which allows administrators of IT systems to remote access devices to apply updates or troubleshoot problems for users, allows unverified code to be run on Intel chipsets, so the intruder to gain control of devices. The Management Engine bug … Continue Reading

Connecticut Cyber Task Force Announced

The U.S. Attorney’s Office of the District of Connecticut has announced the creation of a Connecticut Cyber Task Force (“CCTF”) in partnership with the FBI, DEA, Secret Service, Homeland Security, IRS, Connecticut State Police, and 11 local police departments from throughout Connecticut as well as other federal authorities. The CCTF’s initial focus will be twofold: … Continue Reading

Pentagon Web Monitoring Data Exposed

Security researcher Chris Vickery has confirmed that web-monitoring data from the Department of Defense (DOD) was exposed through Amazon Web Services by the way the DOD configured access by authorized users. According to Vickery, anyone with a free AWS account had access to the DOD information, which included 1.8 billion internet posts that had been … Continue Reading

Locky Ransomware Variant Difficult to Detect

We previously warned readers about the Locky ransomware, which is potent and designed to use phishing emails to lure users to click on links and attachments, including pdfs. Now, researchers at Cylance have discovered that a new Locky variant, known as Diablo6, is a variant of Locky, but much more difficult to detect. According to … Continue Reading

A CIO Budget Playbook for 2018

It’s that time of the year again, budget season. A time when organizations set priorities on how to strategically spend their money in 2018. In the information technology (IT) world this can be a daunting task for any CIO. According to Gartner, artificial intelligence (AI), machine learning and tools such as conversational platforms, digital twins … Continue Reading

Energy and Critical Infrastructure Industries Warned of Increased Attacks by FBI and DHS

The FBI and Department of Homeland Security issued a joint statement on October 20 warning of an increased danger of a malicious “multi-stage intrusion campaign” to critical infrastructure industries, including the energy sector. According to the warning, hackers are targeting company-controlled sites of different agencies to access information on equipment and designs, including “control-system capabilities” that … Continue Reading

FERC Proposes New Cybersecurity Rules for Electric Grid

The Federal Energy Regulatory Commission (FERC) has proposed new rules to enhance cybersecurity for the electric grid in the U.S., which includes security management controls to specifically respond to risks associated with malware. FERC suggested that the North American Electric Reliability Corporation, the nonprofit that helps regulate the U.S. electric utility industry, implement “mandatory controls … Continue Reading

“KRACK” WiFi Security Vulnerability Discovered

Security researchers this week have found a new vulnerability that affects Wi-Fi Protected Access II, also known as WPA2, which is the security protocol used by many wireless networks. The vulnerability, dubbed “KRACK,” which stands for “Key Reinstallation AttaCK”, allows intruders to breach into WPA2 and steal the data that is being transmitted between a … Continue Reading

Arkansas Surgery Center Hit with Ransomware

Arkansas Oral & Facial Surgery Center (AOFSC) was recently hit with ransomware that shut down access to health information of its patients and rendered some of it imaging files, including X-rays of patient inaccessible. On July 26, 2017, AOFSC became aware that a hacker was able to infiltrate its system and demand a ransom for … Continue Reading

McAfee Report Lists Health Care Sector as Most Targeted Industry for Cyber-Attacks

In its cyber security incident report outlining vulnerabilities for the second quarter of 2017, security firm McAfee lists the health care sector as having suffered the most security incidents, which surpasses the public sector for the first time in six quarters. It confirmed that cyber-attacks against the health care sector continue to increase. Although that … Continue Reading

U.S. Treasury Warns Financial Institutions of Venezuelan Corruption and Money Laundering

The Financial Crimes Enforcement Network (FinCEN) of the U.S. Department of the Treasury issued an advisory on September 20 warning U.S. financial institutions of “money laundering schemes used by corrupt Venezuelan officials.” The advisory was addressed to Private Banking Units, Chief Risk Officers, Chief Compliance Officers, AML/BSA Analysts, Sanctions Analysts and Bank Legal Departments, and identified … Continue Reading

To Be Cyber Secure – May Not Mean You Are Export Secure

Ensuring that technical data is compliant with both export regulations and cybersecurity requires an understanding of what export controlled technical data/technology relate to and how they work together. The two major export control regulations, The International Traffic In Arms Regulations (ITAR) and the Export Administration Regulations (EAR), define controlled technical data/technology differently. Click for the ITAR … Continue Reading

Aviation and Petrochemical Industries Subject to Hacking by Iran

Hackers working on behalf of the Iranian government have been targeting the aviation and petrochemical industries in the United States, Saudi Arabia, and South Korea since 2013, according to a report released by FireEye last week. According to the report, APT33, a hacking group working for the Iranian government, have sent phishing emails to aviation … Continue Reading

SEC Hacked!

The Securities and Exchange Commission (SEC) has admitted that it was the victim of a cyberattack in 2016 that exposed information that may have been used for insider trading. The hack involved the SEC’s filing database, known as EDGAR. The admission was on the heels of a Government and Accountability Office report in July that … Continue Reading

Security Vulnerabilities Identified in Wireless Syringe Infusion Pumps

The U.S. Department of Homeland Security (DHS) recently issued a warning that Smiths Medical Medfusion 4000 wireless syringe infusion pumps contain a security vulnerability that can be exploited by hackers to alter the performance of the medical devices. The devices are used to infuse small doses of medication to patients and are used in acute … Continue Reading

Vevo Hacked through LinkedIn Message

Vevo announced this week that it experienced an intrusion into its servers by the hacking collective OurMine, self-described as a white hat organization that informs individuals and organizations of potential security vulnerabilities. When OurMine reached out to Vevo to inform it of a vulnerability, a Vevo employee dismissed the claim and told OurMine that they … Continue Reading

Offshore Cybersecurity Guidelines Issued

DNV GL recently issued a new globally applicable recommended practice (DNLVGL-RP-G108) to assist oil and gas operators, system integrators and managers, and vendors in the offshore industry to manage increasing cybersecurity threats. The guidance is designed to help the oil and gas industry improved the security of their operational technology. A Ponemon Institute study found … Continue Reading
LexBlog