Clarissa Hawes reports: Total Quality Logistics (TQL) says it will continue to work with an expert cybersecurity firm to find out how external hackers breached its IT systems and gained access to some carriers’ sensitive business information. Tom Millikin, corporate communications manager of TQL, told FreightWaves the data breach was not a malware or ransomware…
Month: February 2020
Nemty Ransomware Actively Distributed via ‘Love Letter’ Spam
Sergiu Gatlan reports: Security researchers have spotted an ongoing malspam campaign using emails disguised as messages from secret lovers to deliver Nemty Ransomware payloads on the computers of potential victims. The spam campaign was identified by both Malwarebytes and X-Force IRIS researchers and has started distributing malicious messages yesterday via a persistent stream of emails. Read…
How a Hacker’s Mom Broke Into a Prison—and the Warden’s Computer
Lily Hay Newman reports: John Strand breaks into things for a living. As a penetration tester, he gets hired by organizations to attack their defenses, helping reveal weaknesses before actual bad guys find them. Normally, Strand embarks on these missions himself, or deploys one of his experienced colleagues at Black Hills Information Security. But in…
Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT
Daniel Kapellmann Zafra, Keith Lunden, Nathan Brubaker, and Jeremy Kennelly of FireEye write: Since at least 2017, there has been a significant increase in public disclosures of ransomware incidents impacting industrial production and critical infrastructure organizations. Well-known ransomware families like WannaCry, LockerGoga, MegaCortex, Ryuk, Maze, and now SNAKEHOSE (a.k.a. Snake / Ekans), have cost victims…
New York State Expected to Increase Enforcement of Cybersecurity Practices
Peter Marta, Jasmeet Ahuja, and Asmaa Awad-Farid of Hogan Lovells write: Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the effective date of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act…
UK: Rotherwood Healthcare AWS bucket security fail left elderly patients’ DNR choices freely readable online
Gareth Corfield reports: A leak of 10,000 records at a Leicestershire care home provider exposed elderly patients’ wishes not to be resuscitated, detailed care plans and precisely how much councils paid for individual patients’ care. Not only did Rotherwood Care Group, trading as Rotherwood Healthcare, leave an Amazon Web Services S3 bucket accessible to everyone…