Steve Zurier reports: Aqua Security on Tuesday reported that at least 60% of the Kubernetes clusters they researched were breached and had an active campaign with deployed malware and backdoors. In a release Aug. 8, Aqua Nautilus researchers explained that the exposures were caused by two misconfigurations, which emphasized how known and unknown misconfigurations are…
Category: Commentaries and Analyses
HC3: Sector Alert: Rhysida Ransomware
August 4, 2023 TLP:CLEAR Report: 202308041500 Executive Summary Rhysida is a new ransomware-as-a-service (RaaS) group that has emerged since May 2023. The group drops an eponymous ransomware via phishing attacks and Cobalt Strike to breach targets’ networks and deploy their payloads. The group threatens to publicly distribute the exfiltrated data if the ransom is not…
Biden Administration Launches Effort To Defend Schools From Hackers
Eric Geller reports: The Biden administration will host a gathering on Monday to shine a spotlight on a community that urgently needs cybersecurity aid: America’s K-12 schools. School leaders, federal officials and technology executives will convene at the White House to discuss the importance of improving schools’ digital security to prevent hackers from shutting down…
New acoustic attack steals data from keystrokes with 95% accuracy
You’re on a call with someone and they can hear you keyboarding. Can they wind up figuring out what you typed or stealing any passwords you typed in while on the call? Bill Toulas reports: A team of researchers from British universities has trained a deep learning model that can steal data from keyboard keystrokes…
Parents, students are baffled by letters confirming Crown Point school network breach months ago
Megan Hickey reports that there is finally a notification letter, of sorts, to parents about a network breach in November. In April, Indiana media had been reporting that the parents and community still had not been told what had happened. After a massive network breach temporarily closed schools in Crown Point, Indiana last fall, we are finally…
Proposed Second Amendment to NYDFS Cybersecurity Regulations: Comments Due August 14
Micaela McMurrough and Caleb Skeath of Covington & Burling write: Following up on the recent release by the New York Department of Financial Services (“NYDFS”) of an updated proposed second amendment to its “first-in-the-nation” Cybersecurity Regulation, 23 NYCRR Part 500 (proposed second amendment released June 28, 2023), it is not too late for companies to submit comments…