Windows TCO Leftovers
-
Krebs On Security ☛ Fintech Giant Finastra Investigating Data Breach
The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company.
-
Security Week ☛ Russian Phobos Ransomware Operator Extradited to US
Starting November 2020, the indictment claims, Ptitsyn conspired with others to create and offer Phobos under the ransomware-as-a-service (RaaS) model, where affiliates were using Phobos to encrypt victims’ data and demand ransom payments.
The sale and distribution of the ransomware were coordinated using a Tor-based website, while the RaaS was advertised on dark web cybercrime forums and messaging platforms.
-
The Record ☛ TSA not monitoring transportation sector efforts to stop ransomware, watchdog says
A U.S. Government Accountability Office (GAO) report on Tuesday said four of the six cybersecurity recommendations made to TSA since 2018 have still not been addressed — including one centered around the agency’s efforts to protect companies from ransomware.
“For example, in January 2024, GAO reported that ransomware was having increasingly devastating impacts in the sector and found that TSA’s security directives did not align with ransomware leading practices,” said Tina Won Sherman, director of Homeland Security and Justice at the GAO.
-
The Register UK ☛ Alleged Phobos ransomware IT admin extradited to US
According to American prosecutors [PDF], since November 2020 the Phobos crew let criminals use its Windows ransomware for free to infect others, then charged those crooks $300 per decryption key, which were then resold to victims for amounts determined by the intruders.
-
The Register UK ☛ 21K Equinox patients, employees notified of data theft
Equinox, a New York State health and human services organization, has begun notifying over 21 thousand clients and staff that cyber criminals stole their health, financial, and personal information in a "data security incident" nearly seven months ago.
Adding insult to injury, it appears the LockBit ransomware gang – which was supposed to have been shut down at the time of the incident – may be to blame.
-
Cyble Inc ☛ Drinking Water Systems For 27 Million Americans Vulnerable
Nearly 27 million Americans are served by drinking water systems that have high-risk or critical cybersecurity vulnerabilities, according to a new report from the U.S. Environmental Protection Agency’s Office of the Inspector General (OIG).
An additional 83 million Americans are served by systems that have medium or low-severity vulnerabilities, defined as “having externally visible open portals,” the EPA OIG report said.
-
EPA ☛ Management Implication Report: Cybersecurity Concerns Related to Drinking Water Systems [PDF]
The passive assessment covered 1,062 drinking water systems for cybersecurity vulnerabilities that serve over 193 million people across the United States. Scan results for October 8, 2024, identified 97 drinking water systems serving approximately 26.6 million users as having either critical or high-risk cybersecurity vulnerabilities.
A non-linear scoring algorithm was used to prioritize the highest risk findings that should be addressed first. The findings are ranked by the 'score' and considers the impact of problem identified, risk to the organization, and number of times the problem has been observed
-
The Register UK ☛ A third of Americans are served by insecure water systems
The EPA OIG released a report last week that found 308 of the 1,062 drinking water systems it tested were lacking in terms of the security of their computer systems. By the sounds of it, we're talking the IT used in back-office and operational functions.
The analysis relied on a "passive assessment of cybersecurity vulnerabilities," which included mapping the digital footprint of water systems.
-
The Age AU ☛ Australian private schools at risk of extortion: Australian Signals Directorate
Cybercriminals see private schools as increasingly attractive extortion targets, threatening to publish sensitive student and parent data unless school authorities pay a ransom, according to the nation’s top cyber spy agency.
-
Bruce Schneier ☛ Most of 2023's Top Exploited Vulnerabilities Were Zero-Days - Schneier on Security
Zero-day vulnerabilities are more commonly used, according to the Five Eyes: [...]
-
Security Week ☛ Akira Ransomware [Publishes] 30 Victims on Leak Site in One Day
Cyberint, which was acquired by Check Point this fall, observed Akira adding 32 new victims to the ‘Leaks’ section between November 13 and November 14. A majority of these victims had their stolen information made public without first being named in the ‘News’ section.
-
Bitdefender ☛ 200,000 SelectBlinds customers have their cards skimmed in malware attack
In breach notification documents filed in the states of California and Maine, SelectBlinds described how on September 28 2024 it discovered that malware had been present on its website's checkout page since at least January 7 2024.
Customer contact details falling into the hands of malicious hackers is bad enough, but the fact that complete payment card details - including card numbers, expiry dates, and CVV security codes - were also taken during the attack is particularly serious.