Phil Muncaster reports: Security experts have warned victims of sophisticated cyber-attacks not to think of intrusions as a one-off event, as a majority of organizations end up getting hit again within the year. CrowdStrike compiled an analysis of its own incident response and managed services engagements in 2020, to produce the CrowdStrike Services Cyber Front Lines Report….
Category: Of Note
NEW CISA Alert: Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data
Alert (AA20-345A) SUMMARY: This Joint Cybersecurity Advisory was coauthored by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC). The FBI, CISA, and MS-ISAC assess malicious cyber actors are targeting kindergarten through twelfth grade (K-12) educational institutions, leading to ransomware attacks, the…
Hackers are selling more than 85,000 SQL databases on a dark web portal
Update: To read the original research report on the threat actors and sale/auction on the dark web, see this report by Guardicore. Catalin Cimpanu reports: More than 85,000 SQL databases are currently on sale on a dark web portal for a price of only $550/database. The portal, brought to ZDNet‘s attention earlier today by a security…
KR: Telecom LG U+ fined as a third party downloads and sells customer data
Korea JoongAng Daily reports: LG U+ was hit with 21.6 million won ($20,000) in government fines for a failure to secure customer data, which led to a massive breach and unauthorized sharing of sensitive information. The Personal Information Protection Commission (PIPC) announced Wednesday that it imposed a total of 75 million won in fines on…
FireEye, a Top Cybersecurity Firm, Says It Was Hacked by a Nation-State
David E. Sanger and Nicole Perlroth report: For years, the cybersecurity firm FireEye has been the first call for government agencies and companies around the world who have been hacked by the most sophisticated attackers, or fear they might be. Now it looks like the hackers — in this case, evidence points to Russia’s intelligence agencies —…
GE puts default password in radiology devices, leaving healthcare networks exposed
Dan Goodin reports: Dozens of radiology products from GE Healthcare contain a critical vulnerability that threatens the networks of hospitals and other health providers that use the devices, officials from the US government and a private security firm said on Tuesday. The devices—used for CT scans, MRIs, X-Rays, mammograms, ultrasounds, and positron emission tomography—use a…