Micaela McMurrough, Ashden Fein, and Matthew Harden of Covington and Burling write: On February 4, 2022, the National Institute of Standards and Technology (“NIST”) published its Recommended Criteria for Cybersecurity Labeling for Consumer Internet of Things (IoT) Products (“IoT Criteria”). The IoT Criteria make recommendations for cybersecurity labeling for consumer IoT products, in other words, for IoT…
Category: Commentaries and Analyses
Microsoft plans to kill malware delivery via Office macros
If you use Word and always feel concerned when you “enable macros” because of the risk of malware, here’s some good news. Sergiu Gatlan reports: Microsoft announced today that it will make it difficult to enable VBA macros downloaded from the Internet in several Microsoft Office apps starting in early April, effectively killing a popular…
Indicators of Compromise Associated with LockBit 2.0 Ransomware and Additional Mitigations
On February 4, the FBI issued a Flash Alert: Indicators of Compromise Associated with LockBit 2.0 Ransomware Today, HHS’s Cybersecurity Program issued its companion HC3 alert. It says, in part: Impact to HPH Sector Although the LockBit 2.0 cybercrime gang claims to not attack healthcare organizations, all ransomware continues to act as a major cyber…
Ethical hackers face tough sanction under Jamaican law
From the threats-to-ethical-hacking-and-a-free-press department, Edmond Campbell reports: Ethical hackers who find vulnerabilities on government or private websites in Jamaica could face a $3-million fine and three-year prison sentence if a provision in the Cybercrimes Act, 2015, remains and receives the nod from Parliament. That threat could penalise actors such as Zack Whittaker, the security editor at…
More than half of Canadian ransomware victims paid the ransom demands in 2021 – study
TORONTO, Febr. 7, 2022 /CNW/ – Canadian IT company, NOVIPRO, today unveiled its sixth annual IT Portrait of Canadian Businesses in collaboration with Leger, which revealed the deep vulnerability of Canadian companies to computer attacks. The study reveals that more than half (56%) of organizations targeted by malware have paid the amounts requested by cybercriminals. Of these,…
A look at the new Sugar ransomware demanding low ransoms
Lawrence Abrams reports: A new Sugar Ransomware operation actively targets individual computers, rather than corporate networks, with low ransom demands. First discovered by the Walmart Security Team, ‘Sugar’ is a new Ransomware-as-a-Service (RaaS) operation that launched in November 2021 but has slowly been picking up speed. The name of the ransomware is based on the…