ERR News reports: A hacker was able to obtain over 280,000 personal identity photos following an attack on [Estonia’s] state information system last Friday. The suspect is reportedly a resident of Tallinn. The culprit had already obtained personal names and ID codes and was able to obtain a third component, the photos, by making individual…
McAfee: Babuk ransomware decryptor causes encryption ‘beyond repair’
Jonathan Greig reports that a new report from McAfee Advanced Threat Research gives horrible reviews to Babuk’s cross-platform binary — so horrible that not only should victims not pay them, but affiliates should avoid them. “It seems that Babuk has adopted live beta testing on its victims when it comes to its Golang binary and…
Biden Directs Agencies to Develop Cybersecurity Standards for Critical Infrastructure
Dustin Volz reports: WASHINGTON—President Biden on Wednesday issued a new directive instructing federal agencies to develop voluntary cybersecurity goals for companies that operate U.S. critical infrastructure, a move that came as senior officials said the administration was exploring the possibility of pursuing mandatory standards. Read more on WSJ. Related: Biden Moves to Reinforce Critical Infrastructure…
Feds list the top 30 most exploited vulnerabilities. Many are years old
Dan Goodin reports: Government officials in the US, UK, and Australia are urging public- and private-sector organizations to secure their networks by ensuring firewalls, VPNs, and other network-perimeter devices are patched against the most widespread exploits. In a joint advisory published Wednesday, the US FBI and CISA (Cybersecurity and Infrastructure Security Agency), the Australian Cyber Security Center,…
Understanding the increase in Supply Chain Security Attacks
The European Union Agency for Cybersecurity mapping on emerging supply chain attacks finds 66% of attacks focus on the supplier’s code. Supply chain attacks have been a concern for cybersecurity experts for many years because the chain reaction triggered by one attack on a single supplier can compromise a network of providers. Malware is the attack…
Calgary’s parking authority exposed drivers’ personal data and tickets
Zack Whittaker reports: If you parked your car in one of the thousands of parking spots across Calgary, there’s a good chance you paid the Calgary Parking Authority for the privilege. But soon you might be hearing from the authority after a recent security lapse exposed the personal information of vehicle owners. The exposed server…