Britain's National Trust has warned volunteers of a data breach linked to a cyber-attack on US cloud computing and software provider Blackbaud in May.

The charity and membership organization for heritage conservation in England, Wales, and Northern Ireland has been contacting volunteers by email to notify them of the breach.

National Trust data exposed as a result of the ransomware attack on Blackbaud belongs to past and present volunteers and applicants for the trust's volunteer program. 

Compromised information includes name, date of birth, gender, address, and contact details. The Trust assured its volunteers that while some sensitive information pertaining to equality monitoring was affected, no financial data was exposed. 

In an August 7 email to users of its volunteer program, the National Trust's CIO, Jon Townsend, wrote: "Our membership systems and data were not affected."

Townsend said Blackbaud reached out to the Trust in July to inform them about the cyber-attack. The company said that all the data stolen in the attack related to Blackbaud's systems only and has since been destroyed. 

The National Trust has reported the incident to the Information Commissioner’s Office, the UK’s regulator for data protection. The organization has set up an email address that any concerned volunteers can contact for more information about the data breach.

In the August 7 breach notification email, Townsend wrote: "On 16 July 2020 we were contacted by Blackbaud, the company that holds some of our volunteering data, to tell us that they’d been the victim of a cyber-attack."

Townsend told Trust volunteers that no action was required from them and apologized for any concern that may have been caused by the breach.

"We take data protection extremely seriously at the National Trust," wrote Townsend. "We’re looking again at the security of how data is managed and working closely with Blackbaud to discover exactly what happened."

The world’s largest online cybersecurity career development platform has released a second installment of free educational courses. 

Cybrary made a clutch of courses free in July in a bid to support people who are considering a career in cybersecurity and those impacted professionally by the ongoing COVID-19 pandemic. 

A Cybrary spokesperson said: "These free courses aim to encourage continued training and resumé building for current cyber professionals, recent graduates, and those looking to transition into the security and IT industry."

This month, a second wave of free online courses was released that will be available to users until September 1. Courses range in length from one to nine hours and cover topics ranging from cloud architecture foundations to DNSTwist fundamentals. 

Newcomers to cybersecurity are catered to with courses on command-line basics and the fundamentals of cybersecurity architecture, while the more advanced might choose to study physical penetration testing.

"As part of our mission to provide opportunity for personal and professional growth—something that has only become more important in the challenging employment landscape we are currently facing—we hope these free course offerings encourage and empower individuals to expand their cyber and IT skill set," said Cybrary co-founder and CEO Ryan Corey. 

"These additional free courses help address the current skills gap, while also providing the necessary knowledge and resources for those working toward building future careers in the cybersecurity or IT field."

The seven free courses released by Cybrary last month were Cyber Network Security, Intro to Cyber Threat Intel, Advanced Cyber Threat Intel, Web Defense Fundamentals, Kali Linux Fundamentals, CCSK, and Microsoft 365 Fundamentals.

Corey said that by making the courses free to everyone who can access the internet, Cybrary hoped "to help build a more secure digital world by providing learning opportunities available to everyone.”

Since being founded in 2015, Cybrary has attracted a community of nearly 3 million users, including multiple Fortune 100 companies. The American company is headquartered in College Park, Maryland. 

The monthly release of free courses follows the April launch of the Cybrary Scholars Program, which gives participants a free year of Cybrary’s Insider Pro membership, a CompTIA exam voucher, and a year of mentorship with an experienced Cybrary community mentor.

Illegal TV subscription services in the United States have grown into a billion-dollar industry, according to new research jointly released yesterday by Digital Citizens Alliance and NAGRA.

The investigative report Money for Nothing reveals the existence of a sophisticated piracy ecosystem made up of thousands of retailers and wholesalers. This nefarious network steals from creators and circumvents legitimate TV operators to provide illegal subscription services to millions of US households. 

According to the report, the most virulent and fastest-growing illegal streaming enterprise is the pirate subscription Internet Protocol Television (PS IPTV) Service. This type of service typically costs just $10 to $15 a month and mimics the practices of legitimate streaming services.

The report found that an estimated 9 million fixed broadband subscribers in the US use a pirate subscription IPTV service. However, the ecosystem relies on legitimate businesses, including hosting services, payment processors, and social media, to market their stolen content.

Researchers noted that the illegal subscription providers sell their wares via "at least 3,500 US-facing storefront websites, social media pages, and stores within online marketplaces that sell services."

Selling illegal subscriptions is highly lucrative since the providers pay nothing for the programming that makes up their core products. Researchers estimated that providers operate with estimated profit margins that range from 56% for retailers to 85% for wholesalers. 

While piracy subscriptions alone are a billion-dollar industry, researchers found criminals also make money by selling screen time to advertisers and vending stolen streaming devices used to receive the snatched content.

On the surface, consumers of illegal subscription services might think they are getting a great deal. But the report found that pirates generate revenue by partnering with hackers to install malware within free apps that expose consumers to risk of theft of their personal and financial data, cryptocurrency mining, adware, ransomware, and botnets using computers to perform distributed denial-of-service (DoS) attacks.

“When it comes to piracy, the scope of the risk to consumers, small businesses and others is in direct proportion to the size of the industry, which is why we need to stop the reach and depth of this ecosystem before it grows even bigger,” said Digital Citizens Alliance executive director Tom Galvin.

Clothing retailer Monsoon Accessorize has been using VPN servers that have critical vulnerabilities, putting it at risk of hacking or ransomware attack, according to an analysis by VPNpro.

The researchers discovered that Monsoon has been utilizing unpatched Pulse Connect Secure VPN servers, known to contain vulnerabilities that enable cyber-criminals to see active users on the company’s VPN as well as their plaintext passwords.

This information can then be used to access the servers and attack the companies in various ways.

The biggest threat to organizations which have this vulnerability is having their servers locked down with ransomware, according to VPNpro. It is a similar vulnerability to the one that enabled the attack on global currency exchange business Travelex on New Year’s Eve, which forced the company to take its systems offline as a precautionary measure.

VPNpro said that “our researchers were able to gain access to Monsoon’s internal files, including customer information, sensitive business documents, sales and revenue numbers, and much more.”

Among the data accessed included a sample file containing 10,000 customer records including names, email addresses, phone numbers and mailing and billing addresses.

The cybersecurity firm added it has contacted Monsoon “multiple times” to inform it of the vulnerability, but have received no response as of yet and the vulnerability remains.

VPNpro recommends that Monsoon customers should monitor their data to make sure their personal information has not been leaked.

Hugo van der Toorn, manager offensive security at Outpost24, told Infosecurity: “This showcases the importance of truly understanding your network perimeter and your vulnerabilities therein. It is pivotal that organizations try to minimize their exposure to the internet and to understand and secure that what is exposed. As proven in this research, scanning the entire internet for specific vulnerabilities can be done with relative ease and happens every time a new critical vulnerability becomes known to the public. Scan everything and see where an attacker can get in, this works both defensively and offensively.

“The safest thing is to not expose anything directly to the internet, unless it is needed for performing daily business. A good example is a VPN; those are meant to allow employees to connect back to the office network and access internal resources. It is important for every device/service that is exposed to the internet to have clear visibility of this system: What software is in use, what components, which versions of those, what ports are open and on what hardware is it running.”

Javvad Malik, security awareness advocate at KnowBe4 added: "Attackers will try to leverage any way they can into organisations. In recent times, we've seen criminals try to compromise security software as part of their attack strategy. Because security tools are usually the first point of contact, they run higher privilege and have access to lots of data, they become a very rewarding target. It's why organisations should take care of their security tools, ensure they are patched, and follow the vendors recommended guidance for any known issues, or settings that could be leveraged by criminals to gain access."

New guidance has been produced on cyber insurance to help organizations considering investing in cover.

Published by the National Cyber Security Center (NCSC), the guidance highlights seven key cybersecurity questions for businesses to address to help them make more informed decisions around cyber insurance.

The NCSC said, after calls for expert technical advice on the growing cyber insurance market, it made the decision to offer the following questions for senior leaders within organizations:

1. What existing cybersecurity defenses do you already have in place?
2. How do you bring expertise together to assess a policy?
3. Do you fully understand the potential impacts of a cyber-incident?
4. What does the cyber insurance policy cover (or not cover)?
5. What cybersecurity services are included in the policy, and do you need them?
6. Does the policy include support during (or after) a cybersecurity incident?
7. What must be in place to claim against (or renew) your cyber insurance policy?

Sarah Lyons, deputy director for economy and society engagement at the NCSC, said: “Businesses rightly want to be as informed as possible before they invest, but when it comes to cyber insurance, there simply hasn’t been enough information up to now. That’s why it’s so important for the NCSC, as the UK’s leading cyber-authority, to offer its support by providing some clarity on the key issues to consider to ensure cybersecurity.

“Cyber insurance may not be right for everyone and it can never replace basic good security practice, but I would urge businesses to consider our guidance to help make the decision that’s right for them.”

The guidance was welcomed by two UK insurance associations, the British Insurance Brokers’ Association (BIBA), and the Association of British Insurers (ABI), while Andrea García Beltrán, cyber-manager (underwriting) at the UK & International Division of RSA Commercial, said organizations are increasingly considering the purchase of cyber insurance as part of their cyber-risk management approach. 

“As a result, the NCSC is frequently asked about cyber insurance by customers, however, they cannot provide advice on insurance solutions or products, so they have decided to create guidance considering a wider approach to cyber-risk management by focusing on the cybersecurity elements of cyber insurance,” she said.

“From our perspective, we welcome the guidance specially because not all buyers are sophisticated and we cannot provide advice either.”

She said this will help organizations to have a better understanding of: 

• Actions needed from the risk management point of view prior to transferring the risk to insurers
• What to expect during the insurance purchase process
• Who needs to be involved from the company side; ultimately cyber is an enterprise risk 
• Role of the insurance broker or agent
• Overall information needed by insurers to be able to assess the risk

“Last but not least, this guide helps to clarify that cyber insurance is part of a robust cybersecurity resilient strategy and not the only solution to the evolving risk and exposure,” she added.

Steve Durbin, managing director of the Information Security Forum, said: “Cyber-risk is a growing concern for organizations around the world, as data breaches make headlines with increasing frequency and the resulting financial and reputational costs mount. Risk management as an effective way of addressing these concerns is absolutely key for all organizations during these times of pandemic and recession – many of the secure architectures and structures previously adopted may have changed and ensuring that the way of working today has been risk assessed is a key task for security professionals.

“Increasingly we have seen companies turning to insurance as a means of mitigating costs associated with breaches and the rise in ransomware amongst other threats has pushed many boards into considering cyber insurance. However, insurance is no excuse for poor security and focus should first be on ensuring a robust security posture that reflects the needs of the organization before rushing headlong into taking out insurance as a means of mitigating risk.”

Dubrin recommended organizations adopt a robust, scalable and repeatable process to address information risk – obtaining assurance proportionate to the risk faced in which insurance may play a role. “Enterprise risk management must be extended to create risk resilience, built on a foundation of preparedness, that assesses the threat vectors from a position of business acceptability and risk profiling,” he said. 

The ‘from’ address field in an email is supposed to identify the person that sent an email, but unfortunately that’s not always the case. In a Black Hat USA 2020 virtual conference session researchers outlined 18 different attacks against email sender authentication systems.

Jianjun Chen, postdoctoral researcher at the International Computer Science Institute (ICSI), explained that the original Simple Mail Transfer Protocol (SMTP) – which is used by the world’s email systems to send email – once had no built-in authentication mechanisms. As such, in the early days of the internet, it was trivially easy for anyone to spoof any identity for the ‘from’ address in an email.

That situation changed with the debut of a trio of sender authentication protocols that have been advanced over the past decade. Among those protocols is Sender Policy Framework (SPF) which verifies the IP address of the sending domain. DomainKeys Identified Mail (DKIM) is a standard that verifies that the email is signed by the sending domain. Finally, Domain Message Authentication, Reporting and Conformance (DMARC), brings SPF and DKIM together into a policy framework approach.

Bypassing Email Sender Authentication

However, in a series of slides revealing specific details, Chen, along with his co-presenters Jian Jiang, senior director of engineering at Shape Security and Vern Paxons, professor at UC Berkeley, outlined how it is possible to get around the enforcement that DMARC is supposed to provide for email sender authentication.

Chen noted that the key idea behind attacks of this nature is to take advantage of inconsistencies between different components of DMARC as well as Mail User Agent (MUA) software, which is what end users use to access email. In one scenario detailed by Chen, an attacker could potentially exploit how SPF and DKIM send results to DMARC, in order to trigger a ‘pass’ for email authentication.

Another scenario can exploit an ambiguity in how a receiving email server shows addresses and how the same address is displayed in an email client. For example, the RFC 5322 specification that defines how email messages should be constructed specifies that messages with multiple ‘from’ headers should be rejected. In practice, the researchers found that 19 out of 29 MUAs in fact accepted multiple ‘from’ addresses.

In summing up the different attacks, Jiang noted that when there are multiple identifiers in the email protocol it is easy to have discrepancies and inconsistencies about which identifier to use. He added that email messages are processed by multiple components and all of the components need to have some kind of agreement on the recognized identifiers in order to accurately enforce email sender authorization policies.

How to Defend Against Email Authentication Bypass

Jiang noted that, generally speaking, when the email authentication protocols are parsing emails they should be set up for strict compliance and reject any kind of suspicious formats.

For end users, Jiang suggested to never blindly trust the email address displayed in an email client, even though it’s typically difficult to verify trust. Jiang commented that the researchers overall found that the user interface of email clients is not sufficient to provide any kind of real security assurance about the authenticity of an email.

“So even for a security professional, it’s not easy for them to use any kind of security indicators to show if an email is trustable or not,” Jiang said. “So there is plenty of space to improve in that direction.”

The opioid crisis in the US has had a devastating toll, impacting tens of thousands of families.

According to Mitchell Parker, CISO at Indiana University Health, a small part of the human suffering could have potentially been alleviated, if there was better control and security for Electronic Medical Record (EMR) systems. Parker presented his views during a session at the Black Hat USA 2020 virtual conference, where he outlined what has gone wrong with EMR systems and what can be done to make them more secure.

One of the drivers of the opioid crisis was the underhanded manipulation of an EMR system, that is intended to be used to assist physicians in prescribing medications. In January 2020, EMR vendor Practice Fusion was fined $145m by the US Department of Justice for receiving kickback cash payments from an opioid vendor to influence physician prescription activities. Practice Fusion provides a cloud-based EMR that is advertisement supported.

“People died and became addicted because of this manipulation and this subversive manipulation we’re talking about is a security issue,” Parker said.

How EMRs Work

Parker explained that an EMR is essentially a digital version of the paper charts found in a doctor’s office, including a patient’s medical treatment history. An EMR allows doctors to track data over time and the system can also be used to identify when preventive screenings and checkups are needed.

In the Practice Fusion case, opioid vendors were buying advertisements to influence physicians, but that’s not the limit of the security risk that exists with EMR systems. Parker noted that while EMR systems need to be certified for use to store patient record data, there are a variety of security holes that certification doesn’t consider.

One risk comes from pretexting attacks, where a criminal claims to be a government regulatory agency or a professional association and calls up medical offices asking staff for information.

“It's not difficult to get personal information using this method,” Parker said.

Parker noted that in his experience many vendors and service providers are doing a reasonably good job protecting against malware and ransomware, but are not protecting against identity theft and manipulation.

How to Improve EMR Security

Among the recommendations that Parker shared to help improve EMR systems is for vendors and users to deploy and enforce two-factor authentication methods for authentication, as well as for prescriptions.

Parker also suggested that medical offices limit access overall to a minimal number of users that can make changes of any type in the EMR. On top of that, he advised EMR vendors to make it easier to provide change reports when changes are made.

Parker noted that smaller medical groups are likely more susceptible to electronic subversion of their critical systems because of a lack of resources. He stated that he wanted to see those smaller groups partner with larger health systems to help manage EMR systems with the right governance and cybersecurity procedures.

“This [Practise Fusion] was a case of a company taking advantage of the fact they knew no one was looking and well, they did what they did with tragic consequences,” Parker said.

Capital One has been fined $80m following its breach last year.

According to a statement from the Office of the Comptroller of the Currency (OCC), these actions were taken against Capital One “based on the bank’s failure to establish effective risk assessment processes prior to migrating significant information technology operations to the public cloud environment and the bank’s failure to correct the deficiencies in a timely manner”.

The breach occurred in March 2019, when a former employee of Capital One named Paige Thomson exfiltrated the data of 100 million people in the US and six million in Canada, exploiting a weakness in the configuration of perimeter security controls to gain access to sensitive files housed in its cloud storage.

Capital One blamed a “configuration vulnerability” as the customer data was exfiltrated from an AWS S3 data storage service and moved to a Github site. At the time, Capital One said the breached information “included personal information Capital One routinely collects at the time it receives credit card applications, including names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth and self-reported income.”

In taking the financial action, the OCC said it considered the bank’s customer notification and remediation efforts, and while it “encourages responsible innovation” in all banks it supervises, “sound risk management and internal controls are critical to ensuring bank operations remain safe and sound and adequately protect their customers.”

Stuart Reed, UK director, Orange Cyberdefense, said: “The fine handed out to Capital One yesterday is another stark reminder of the financial implication of failing to fully assess cybersecurity risk. It is also a reminder of the potential challenges of migrating data from physical IT to the cloud, something that more and more organizations are seeking to do.”

Reed said the case against Capital One “underlines the expectation that organizations demonstrate best security practice at all times” and it is imperative that organizations recognize that the onus is on them to make sure they have done everything they can to protect customer data. “Otherwise, the consequences can be complex and extremely costly,” he said.

Mark Bower, senior vice-president at data security specialist comforte AG, said the fine “mirrors how we’ve seen industry regulators rip into ineffective controls over data protection.

“The signal is very clear: the often referenced shared responsibility cloud model means naught when it’s your data,” he added. “What’s very surprising about this breach is, per Capital One’s prior announcements, only a fraction of the regulated data was properly tokenized (credit card and SSN data), and the rest accessible under attack. Had tokenization been applied across the full regulated data set, this breach would have been a non-event.”

Nation state threat actors, including Russia and China, are using multiple techniques to effectively ‘hack’ public opinion around the world, according to Renée DiResta. DiResta expressed her views in a keynote session at the Black Hat USA 2020 virtual conference.

DiResta works at the Stanford Internet Observatory and has been actively researching how different nation states have attempted to influence policies and individuals. She explained how, over the last decade, state actors have recognized that they can advance their geopolitical goals with different types of misinformation, propaganda and influence campaigns that make use of social media platforms.

“As we move from just the idea of influence to the idea of information operations specifically, what you start to see is it goes from shaping public opinion to what we’re going to call hacking public opinion – using manipulative, misleading tactics,” DiResta said.

Distract, Persuade, Entrench and Divide

There are four primary approaches that nation state threat actors typically take to hack public opinion efforts including distraction, persuasion, entrenchment and division.

DiResta said a common goal is to have a distraction campaign, which is trying to make a target audience pay attention to something else. Another model is a persuasion campaign, which is trying to convince people to believe a certain fact, or feel a certain way. Entrenchment is another approach, and it is where the attackers create groups dedicated to particular types of identities in an attempt to advance a given position. Nation states are also often trying to highlight divisions between different groups of people, amplifying existing social fissures.

The process by which nation states achieve their public opinion influencing goals is relatively well-understood. DiResta explained that the first step is often just the creation of personas; that is fake social media profiles for different types of individuals. Those fake personas then create content, designed to achieve a particular goal. The content is then posted to various social media platforms and promoted to a target audience, via different means. The most successful efforts end up being shared organically by real users that unknowingly share messages created by the fake personas.

China and COVID-19

DiResta specifically outlined how China has attempted to hack public opinion, on a number of issues, including the democracy protests in Hong Kong as well as the COVID-19 pandemic. In August 2019, Twitter and Facebook suspended nearly 1000 user accounts that were associated with nation state sponsored disinformation campaigns.

“The Hong Kong protests attracted worldwide attention, and what you began to see was as Western media and others began to talk about them, these Twitter accounts would kind of come out of the woodwork to respond to the journalists to tell them they had it wrong,” DiResta said.

She noted that the same type of activities have now been happening in 2020 with China attempting to influence global opinion on its role in the COVID-19 pandemic. DiResta said that it’s clear that China has a committed strategy to influencing opinion online and it will continue to evolve its tactics.

Russia and the Hack and Leak Model

Russia has also been particularly effective in its attempts to hack public opinion, according to DiResta. One of the approaches that has worked well for Russia is a hack and leak approach, that makes use of network intrusion techniques as well social media influencing tactics.

“The hack and leak operations provide extraordinary collateral for driving the influence operations,” DiResta said.

Agents working on behalf of the Russian government hack into a site with confidential information and then transmit the collateral to one of their fake personas. The fake persona in turn pitches the leak to journalists, who then are used to help spread the information. That’s what happened in the Guccifer case back in 2016 that was tied to emails connected to the Democratic and Republican political parties in the US.

DiResta suggested that there are a variety of actions that can be taken to help mitigate the risk of nation state public opinion hacking. For one, she said that security professionals should be proactively thinking about the social medial ecosystem to identify what types of manipulation is possible.

“We need to increase communication between infosec professionals and information operations researchers with the goal of developing better understanding of how social network manipulation intersects with network infiltration,” she concluded.

More than half (55%) of all cyber-attacks targeted organizations’ applications in 2019, which is a substantial increase compared to the previous few years, when these types of attacks made up around 30% of the total number.

This is according to data outlined in NTT’s Monthly Threat Report for August, which found that the apps most attacked globally in 2019 primarily related to supporting organizations’ web presence. About a third (33%) of all attacks were aimed at Joomla! (17%) and Apache products (16%) while 19% targeted other content management systems and supporting technologies.

Speaking to Infosecurity , Matt Gyde, CEO of the Security Division at NTT, said: “Since late 2018, there have been a number of significant vulnerabilities exposed in popular web frameworks and applications commonly used to develop and support an organization’s web presence. There was not a significant increase of new vulnerabilities, but there were new, exploitable vulnerabilities (we are seeing the re-activation of vulnerabilities that we thought were no longer in use), in some popular content management systems and related supporting technology.”

The report also revealed that in June 2020, attacks against networking products, such as Zyxel, Netis, Netcore, Netgear, Linksys, D-link and Cisco, accounted for 32% of all attacks, many of which were brute force or authentication attacks.

Another finding was that the amount of actual vulnerabilities being actively exploited is quite narrow, with the top 10 most attacked vulnerabilities in 2019 making up 84% of all attacks observed, while the top 20 most attacked vulnerabilities accounted for nearly 91% of all attacks. This indicates that threat actors are focusing on vulnerabilities that are known to give them success.

Additionally, just eight technologies made 41% of all attacks in June 2020, according to the report. These findings suggest that by focusing on the patching of a fairly narrow range of vulnerabilities, organizations can significantly lower the risk of attack.

Gyde added: “Many organizations simply do not have the appropriate infrastructure to track and manage vulnerabilities in an efficient manner, and are struggling to identify what priorities have the largest return on investment for their efforts.

“While many organizations would like to have an active patch management program, operational concerns, staff skills and priorities end up meaning that not everything gets patched all the time. The transitioning of security away from hardware to as-a-service and cloud-enabled has the potential to modernize systems which will allow for more consistent patching.”

A report published yesterday by Synopsys found that nearly half (48%) of organizations regularly push vulnerable code into production in their application security programs due to time pressures.

A judicial candidate in Louisiana has been charged with hacking into state computers and sharing confidential court documents with a friend.

Attorney Trina Chu allegedly committed the offenses while working as a law clerk to now retired Chief Judge Henry Brown in 2018. 

According to a statement released by Caddo Parish sheriff Steve Prator, Chu copied sensitive court documents from the Louisiana 2nd Circuit Court of Appeals onto a USB flash drive. 

Chu allegedly sent three confidential documents relating to a judgement made against her friend Hanh Williams from the drive to her own personal email account in July 2018. These documents were then forwarded directly to Williams. 

At the time of the alleged crimes, three judges were considering Williams' appeal from a district court's ruling against her.

"The documents concerned a case under consideration by the 2nd Circuit involving a judgement against her close friend Hanh Williams for over $460,000," said Prator. 

The court had ruled that financial adviser Williams owed $460,605 to the estate of a Caddo Parish man to whom she had been a financial adviser. 

In his will, Williams' client, Fred Houston, had named her as his executor. Williams' administration of the Fred L. Houston Inter Vivos Trust was then challenged by the will's chief beneficiary, Louisiana State University's veterinary school.

“The jury charged Ms. Williams with $1.1 million in damages for breach of duty to the Trust and determined she was liable to the Estate for $460,605,” according to the 2nd Circuit opinion handed down August 15, 2018.

The sheriff said that Chu's alleged criminal activity was exposed "after a thorough investigation involving search warrants served to email providers, digital forensic examinations, and in person interviews."

Forty-six-year-old Chu was arrested on Tuesday by members of the CPSO Warrants Unit on two felony charges—offense against intellectual property and trespass against state computers. She was released the same day after paying bonds of $10,000 issued for each count.

According to online records for Louisiana's secretary of state, Chu is currently challenging 2nd Circuit Court of Appeal Judge Jeanette Garrett in an election scheduled to take place on November 3.

On election campaign website chuforjudge.com, Chu is touted as a “hardworking” person who stands for “fairness, equality and justice for all.” Chu had pledged to donate 75% of her judicial salary to four Louisiana nonprofit groups if elected.  

An investigation is under way into a data breach that impacted an online examination tool used by educational establishments around the world.

The breach affected users of software made by American company ProctorU to provide live and automated online proctoring services for academic institutions and professional organizations. 

According to Honi Soit, a database of 440,000 ProctorU user records was published by hacker group ShinyHunters over the past week along with hundreds of millions of other user records. ProctorU user data exposed includes usernames, unencrypted passwords, legal names, and full residential addresses. 

Among the records are email addresses belonging to the University of Sydney, the University of New South Wales, the University of Melbourne, the University of Queensland, the University of Tasmania, James Cook University, Swinburne University of Technology, the University of Western Australia, Curtin University, and Adelaide University.

A spokesperson for the University of Sydney said that ProctorU had confirmed on Thursday that an investigation into the confidential data breach had been launched.

According to the spokesperson, the data exposed relates to ProctorU users who registered on or before 2014. 

"We met with ProctorU’s CEO and compliance officer today, who confirmed they are investigating a breach of confidential data relating to users of their service," said the spokesperson. 

"Any breach of security and privacy of this type is of course deeply concerning, and we will continue to work with ProctorU to understand the circumstances of the breach and determine whether any follow-up actions are required on our part."

The University of Sydney doesn't believe any current students are affected by the data breach, as the university only began using ProctorU's services in 2020 in response to the COVID-19 pandemic. However, after learning about the breach, the establishment will be "reviewing our experience of online exams and proctoring this year to inform our approach to assessments in 2021."

A spokesperson for Swinburne University of Technology in Victoria said that it has launched its own investigation into the breach, which has impacted a small number of its students.

Two California cybersecurity companies have joined forces to help protect healthcare networks from cyber-threats. 

CynergisTek and Awake Security announced yesterday that they are pooling resources to develop an online threat assessment program that healthcare organizations can use to identify attacker activity. 

Ben Denkers, CynergisTek SVP of security and privacy services, said the partnership was conceived after the outbreak of COVID-19 changed the medical world's working practices.

“As America’s hospitals scrambled to respond to the pandemic, the entire threat landscape and the associated attack surface completely changed, placing America’s hospitals squarely in the cross hairs for adversarial activity," said Denkers. 

"New vulnerabilities from telemedicine combined with an increased network footprint due to work-from-home employees means we have a perfect storm for increased cyber-attacks."

As part of the partnership, both companies are "assembling the best minds in networking, machine learning, data science, cybersecurity, privacy, and compliance to help healthcare organizations get a more complete view and understanding of their potential attack surface, including every user, medical device, and application on the network." 

The aim is to enable hospitals to track every asset in their network, whether it's moved on-premises or by remote users working in the cloud. Assistance will be given to help healthcare organizations identify high-risk incidents and compromised entities without the need for agents, manual configuration, or complex integrations.

"This partnership allows us to identify adversarial activity including reconnaissance in its early stages, allowing organizations to re-baseline their security posture as they return to normal operations,” said Denkers.

The new compromise assessment will be powered by Awake Security's network detection and response technology and offered to CynergisTek's customer base of more than 1,000 healthcare organizations. 

“Sensitive healthcare data is extremely valuable to hackers, and we know they aren’t sitting on the sidelines during the pandemic but are in fact attacking both hospitals and pharmaceutical companies during this volatile time,” said Rahul Kashyap, CEO of Awake Security. 

"In times like this, we’re excited to help healthcare entities for this ‘all-hands-on-deck’ moment to bolster their defenses and prevent crises from emerging and impacting patients.”