We previously reported that the FBI has warned consumers about a nasty malware, known as VPNFilter and believed to have been launched by a Russian government hacking group is infecting hundreds of thousands of small business and home router [view related post here]. Apparently the malware is much worse than anyone thought and Cisco’s Talo … Continue Reading
Late last week, the Federal Bureau of Investigation (FBI) issued a warning to U.S. consumers that Russian hackers (dubbed Sofacy and a/k/a Fancy Brear and APT28, and believed to be backed by the Russian government) had compromised “hundreds of thousands” of home and office routers through malware known as VPNFilter in order to collect information … Continue Reading
Late last week, a joint statement by the Department of Homeland Security and the Federal Bureau of Investigation confirmed that the Russian government has been behind an ongoing targeted campaign to penetrate U.S. power plants and the electric grid. Of course, this fact has been well known and has been reported on repeatedly in the … Continue Reading
In a recent Public Service Announcement dated February 21, 2018 entitled “Increase in W-2 Phishing Campaigns,” the Federal Bureau of Investigations (FBI) issued another alert about an increase in phishing campaigns since the beginning of 2018. According to the FBI, “IRS’s Online Fraud Detection & Prevention (OFDP), which monitors for suspected IRS-related phishing emails, observed … Continue Reading
It has been predicted that the healthcare industry will continue to be lambasted with ransomware in 2018. It has also been predicted that attackers will move from taking sensitive information hostage to sabotage, service disruption, physical damage and malicious deletion or changes to the integrity of data. Unfortunately, the year has started off true to … Continue Reading
The latest report regarding Russia stealing U.S. cyber secrets is yet again centered around the National Security Agency (NSA), using Contractors to gain access, in some cases, to classified data. It has been reported that a NSA Contractor (fired back in 2015) put highly classified U.S. cyber secrets on his home computer, which included information … Continue Reading
Last Thursday, the United States Supreme Court heard arguments in Carpenter v. United States. At issue was whether the FBI violated the Fourth Amendment when it obtained the cellphone location records of Timothy Carpenter. The FBI used these records to establish Mr. Carpenter’s whereabouts during time periods in which certain armed robberies occurred. The government … Continue Reading
The U.S. Attorney’s Office of the District of Connecticut has announced the creation of a Connecticut Cyber Task Force (“CCTF”) in partnership with the FBI, DEA, Secret Service, Homeland Security, IRS, Connecticut State Police, and 11 local police departments from throughout Connecticut as well as other federal authorities. The CCTF’s initial focus will be twofold: … Continue Reading
The FBI and Department of Homeland Security issued a joint statement on October 20 warning of an increased danger of a malicious “multi-stage intrusion campaign” to critical infrastructure industries, including the energy sector. According to the warning, hackers are targeting company-controlled sites of different agencies to access information on equipment and designs, including “control-system capabilities” that … Continue Reading
The Federal Energy Regulatory Commission (FERC) has proposed new rules to enhance cybersecurity for the electric grid in the U.S., which includes security management controls to specifically respond to risks associated with malware. FERC suggested that the North American Electric Reliability Corporation, the nonprofit that helps regulate the U.S. electric utility industry, implement “mandatory controls … Continue Reading
The Apache Struts vulnerability has been mentioned frequently in the media over the past month, as it is believed to have been involved in one of the largest and most damaging data breaches in history. The vulnerability was first disclosed in March 2017 and is believed to have affected (and is still affecting) hundreds of … Continue Reading
We previously reported about the microphone and video capabilities of Echo technology [view related post]. The FBI is also concerned about this technology being used in toys that are connected to the Internet. The FBI is so concerned that yesterday, it issued a Public Service Announcement that warns consumers that Internet-connected toys “could present privacy … Continue Reading
We hear daily about another payment card breach at a retail store, restaurant chain or hotel line. The response to a payment card breach differs from company to company. I get a lot of questions about payment card breaches and why some companies provide credit monitoring and others don’t, why some companies provide individual notification … Continue Reading
We have read multiple reports on WannaCry and if you are reading this and don’t know what WannaCry is, Google it for the background story. The clear message is this is not the last major attack we will see, and future attacks will only get more sophisticated. It is being estimated that the cost associated … Continue Reading
West Virginia University Medicine University Healthcare (WVUM) has confirmed that it is sending notification letters to over 7,400 of its patients seen at Berkeley Medical Center as a result of an unauthorized access to their information. It further confirmed that 113 of its patients have become the victims of identity theft as a result of … Continue Reading
A recent IBM study shows that ransomware increased 6,000 percent in 2016 over 2015. According to the report, ransomware was present in almost 40 percent of all spam email messages. Ransomware is big business, since according to IBM Research, over 70 percent of business victims of ransomware pay the ransom for the key to get … Continue Reading
Although every year we lament about the significance of data breaches in the past year, 2016 was by far the worst. Data breaches were rampant, victimizing every industry and numbing consumers in the process. It was so bad that consumers began to throw up their hands and say “My personal information is out there anyway. … Continue Reading
2016 has been a banner year for ransomware cybercriminals. We have seen a dramatic rise in the use of ransomware, and businesses continue to become victims to ransomware, primarily through phishing and spear phishing schemes. The cybercriminals are getting so brazen, that when they attack a business with ransomware, they actually provide instructions on how … Continue Reading
We previously reported that 21st Century Oncology suffered a data breach in October 2015 involving an intrusion into its systems which compromised around 2 million patients’ records, including their names, Social Security numbers, physicians’ names, insurance information, treatment information and diagnoses [view related posts here and here]. As a result of the data breach, sixteen … Continue Reading
The Federal Bureau of Investigation (FBI) issued a private industry alert on August 18, 2016, to State Boards of Election to alert them of hackings into Board of Election websites. According to the FBI, it “received information of an additional IP address, 5.149.249.172, which was detected in the July 2016, compromise of a state’s Board of … Continue Reading
Last week, the White House issued a new directive that outlines how the government handles significant cyber incidents, which gives the public information on which agency to call in the event of a cyber incident. We often get asked, “Who do we call—the FBI, Secret Service, DOJ, etc.?” The directive outlines what incidents are considered … Continue Reading
When I train clients’ employees on data privacy and security, I always mention the microphone on smartphones. They are powerful and if you allow apps access to your microphone, they can listen to every one of your conversations [see related privacy tip]. Do you want every one of your conversations to be accessible by someone … Continue Reading
After the terrorist attack in Orlando, Florida, early this month, the Electronic Communications Privacy Act (ECPA) has been discussed quite a bit. The ECPA, a law which took effect in 1986, limits the government’s access to electronic communications and other information. Due to the advancement in technology over the past 30 years, Congress finds itself … Continue Reading
USB drives and phone chargers are expensive. Hackers know that. One way hackers are gaining access to get into computers to steal data is by planting USB drives and phone chargers in public areas, hoping someone will pick it up and take it to work or home. I find that people are unaware of this … Continue Reading
