Andy Greenberg reports: The security sector is waking up to the insidious threat posed by software supply chain attacks, where hackers don’t attack individual devices or networks directly, but rather the companies that distribute the code used by their targets. Now researchers at security firms Kaspersky and ESET have uncovered evidence that the same hackers…
Month: April 2019
Embassies targeted by hackers with bogus State Dept. spreadsheet: Report
Andrew Blake reports: Embassies in Europe have wound up on the receiving end of an ongoing hacking campaign with roots in Russia, a multinational cybersecurity firm warned Monday. Researchers at Check Point reported becoming aware of a weaponized spreadsheet being emailed to targets described as “government finance authorities and representatives in several embassies in Europe.”…
Google Moves Developers to OAuth to Help Prevent Phishing Attacks
Dennis Fisher reports: In an effort to cut off an avenue used in some phishing attacks, Google is planning to block authentication attempts from some apps that use embedded browser frameworks in the near future. The change is part of a broader initiative by the company to get a better handle on when and how…
In: Files feared stolen from GST Intel records room
Wow. As far as a physical security FAIL goes, this is a contender. The Ahmedabad Mirror reports: Officials of the Directorate General of GST Intelligence (DGGI) in Gujarat on Sunday lodged a complaint of theft of record files from their storage unit in Ahmedabad. The DGGI storage unit is housed in an old and decrepit…
FL: Stuart’s city hall ransomware attack “more than likely” caused by phishing email scam
Melissa E. Holsman reports: The city is still recovering from an April 13 ransomware virus attack that most likely came from a phishing email scam on an employee’s desktop computer, the city manager said Monday. A computer virus dubbed Ryuk attacked the city’s servers in a ransomware demand that City Manager David Dyess said forced…
So how’s April so far?
Quick note: I haven’t been posting all the health data breaches or incidents I have already found this month, as in some cases, I’m waiting for responses from entities to my questions. But I am compiling the incidents in my worksheet that I provide to Protenus, Inc. for their analyses and freely available reports. Yesterday,…