A Romanian citizen has pleaded guilty to federal charges resulting from a ransomware attack that targeted a police department. On 20 September, Eveline Cismaru, 28, pleaded guilty before the Honorable Dabney L. Friedrich in the District of Columbia to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer […]… Read More
The post Romanian Citizen Admits Guilt in Police Department Ransomware Attack appeared first on The State of Security.
The Information Commissioner’s Office (ICO) of the United Kingdom announced it will fine Equifax £500,000 for a data breach that occurred in 2017. In a monetary penalty notice filed on 19 September, the ICO revealed its decision to impose the maximum fine specified in section 55A of the Data Protection Act 1998 on Equifax. The […]… Read More
The post ICO to Fine Equifax £500,000 for 2017 Data Breach appeared first on The State of Security.
The U.S. State Department said that some employees’ information might have been exposed in a recent security incident. In a notice shared by Politico, the State Department disclosed that “activity of concern” on an email system might have exposed some employees’ personally identifiable information (PII). IT personnel inside the Department determined that the activity affected […]… Read More
The post State Department Says Some Employee Info Possibly Exposed in Security Incident appeared first on The State of Security.
A quarter of civilian federal agencies have adopted DMARC and SPF email authentication protocols for all their domains in compliance with a mandate. Thirty-four percent of 133 agencies are now fully compliant with what is known as BOD 18-01. Issued by the Department of Homeland Security (DHS), the mandate requires civilian federal agencies within its […]… Read More
The post A Quarter of Civilian Federal Agencies Have Adopted DMARC and SPF for All Domains appeared first on The State of Security.
A ransomware attack prevented an English airport from using its flight information screens to assist passengers in their travels. On 13 September, Bristol Airport tweeted out that its flight information systems were experiencing technical difficulties. We are currently experiencing technical problems with our flight information screens. Flights are unaffected and details of check-in desks, boarding […]… Read More
The post Ransomware Attack Takes Down Airport’s Flight Information Screens appeared first on The State of Security.
The United Kingdom’s Information Commissioner’s Office (ICO) has been receiving 500 calls pertaining to data breaches since the European Union’s General Data Protection Regulation (GDPR) took effect. Speaking before hundreds of senior business leaders at the Confederation of British Industry’s (CBI’s) fourth annual Cyber Security Conference, ICO deputy commissioner James Dipple-Johnstone revealed that of the […]… Read More
The post ICO Receiving 500 Breach-Related Calls a Week Since GDPR Took Effect appeared first on The State of Security.
The OilRig group conducted at least one attack campaign containing an updated variant of the BONDUPDATER trojan as its final payload. In August 2018, Palo Alto Networks’ Unit 42 threat research team detected an OilRig campaign targeting a high-ranking government organization in the Middle East. The email campaign leveraged spear-phishing, one of the most common […]… Read More
The post OilRig Launching Attack Campaigns With Updated BONDUPDATER Trojan appeared first on The State of Security.
Security professionals are warning users who are or soon will be engaged in real estate transactions to watch out for the “homeless homebuyer” scam. On 10 September, Verdict built upon its coverage of account takeover attacks found in its threat insight magazine Verdict Encrypt to discuss this particular scam. The homeless homebuyer ruse first begins […]… Read More
The post Beware the Homeless Homebuyer Real Estate Scam! appeared first on The State of Security.
Electric vehicle manufacturer Tesla is encouraging what it calls “good faith” security research in its bug bounty program. In its vulnerability disclosure program, Tesla says it welcomes “the community to participate in our responsible reporting process” for the company’s product offerings and services. Researchers who participate in the program must report a vulnerability along with […]… Read More
The post Tesla Encouraging “Good Faith” Security Research in Bug Bounty Program appeared first on The State of Security.
Someone compromised a Google Chrome extension with malicious code designed to snoop on users’ account credentials and cryptocurrency private keys. On 4 September, a security researcher who goes by the name “SerHack” tweeted out a warning about version 3.39.4 of the Chrome extension for MEGA.nz, a cloud storage and file sharing service. !!! WARNING !!!!!!! […]… Read More
The post Compromised Chrome Extension Snooped on Users’ Credentials, Cryptocurrency Private Keys appeared first on The State of Security.