Thomas Brewster reports: The FBI has been tipped off about a novel cybercriminal operation in which a hacker managed not only to breach as many as 130,000 Asus routers, but is also scoring them as to how useful they might be for fraudsters. This hacker’s selling access to those individual Asus devices—most of them based…
Category: Commentaries and Analyses
Nemty Ransomware Actively Distributed via ‘Love Letter’ Spam
Sergiu Gatlan reports: Security researchers have spotted an ongoing malspam campaign using emails disguised as messages from secret lovers to deliver Nemty Ransomware payloads on the computers of potential victims. The spam campaign was identified by both Malwarebytes and X-Force IRIS researchers and has started distributing malicious messages yesterday via a persistent stream of emails. Read…
How a Hacker’s Mom Broke Into a Prison—and the Warden’s Computer
Lily Hay Newman reports: John Strand breaks into things for a living. As a penetration tester, he gets hired by organizations to attack their defenses, helping reveal weaknesses before actual bad guys find them. Normally, Strand embarks on these missions himself, or deploys one of his experienced colleagues at Black Hills Information Security. But in…
Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT
Daniel Kapellmann Zafra, Keith Lunden, Nathan Brubaker, and Jeremy Kennelly of FireEye write: Since at least 2017, there has been a significant increase in public disclosures of ransomware incidents impacting industrial production and critical infrastructure organizations. Well-known ransomware families like WannaCry, LockerGoga, MegaCortex, Ryuk, Maze, and now SNAKEHOSE (a.k.a. Snake / Ekans), have cost victims…
New York State Expected to Increase Enforcement of Cybersecurity Practices
Peter Marta, Jasmeet Ahuja, and Asmaa Awad-Farid of Hogan Lovells write: Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the effective date of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act…
Ex-Mossad chief says Likud app leaks as dangerous to Israel as coronavirus
The Times of Israel reports: A former head of the Mossad spy agency sounded the alarm Wednesday about an app operated by Prime Minister Benjamin Netanyahu’s Likud party ahead of next week’s elections, warning that using it was “a real security threat” and likening the level of danger it poses to that of the deadly…