Brian Krebs writes: Every time there is another data breach, we are asked to change our password at the breached entity. But the reality is that in most cases by the time the victim organization discloses an incident publicly the information has already been harvested many times over by profit-seeking cybercriminals. Here’s a closer look…
Category: Commentaries and Analyses
McAfee: Babuk ransomware decryptor causes encryption ‘beyond repair’
Jonathan Greig reports that a new report from McAfee Advanced Threat Research gives horrible reviews to Babuk’s cross-platform binary — so horrible that not only should victims not pay them, but affiliates should avoid them. “It seems that Babuk has adopted live beta testing on its victims when it comes to its Golang binary and…
Biden Directs Agencies to Develop Cybersecurity Standards for Critical Infrastructure
Dustin Volz reports: WASHINGTON—President Biden on Wednesday issued a new directive instructing federal agencies to develop voluntary cybersecurity goals for companies that operate U.S. critical infrastructure, a move that came as senior officials said the administration was exploring the possibility of pursuing mandatory standards. Read more on WSJ. Related: Biden Moves to Reinforce Critical Infrastructure…
Feds list the top 30 most exploited vulnerabilities. Many are years old
Dan Goodin reports: Government officials in the US, UK, and Australia are urging public- and private-sector organizations to secure their networks by ensuring firewalls, VPNs, and other network-perimeter devices are patched against the most widespread exploits. In a joint advisory published Wednesday, the US FBI and CISA (Cybersecurity and Infrastructure Security Agency), the Australian Cyber Security Center,…
Understanding the increase in Supply Chain Security Attacks
The European Union Agency for Cybersecurity mapping on emerging supply chain attacks finds 66% of attacks focus on the supplier’s code. Supply chain attacks have been a concern for cybersecurity experts for many years because the chain reaction triggered by one attack on a single supplier can compromise a network of providers. Malware is the attack…
Student private information breached in Fairfax County Public Schools
Remember last year and earlier this year when we covered a ransomware attack on Fairfax County Public Schools by Maze that impacted more than 170,000 people? Well, there’s no need to hack when it’s leaking due to human error or failure to adhere to federal law protecting students’ education records. Rick Horner reports: Fairfax County…