Cyber Security News & Trends

This week, spyware is found in the Android store, maritime cybersecurity protections are considered, and your gas pump could be the next target for a hacker.


SonicWall Spotlight

The CyberWire Daily Podcast – The CyberWire

  • SonicWall CEO Bill Conner speaks with The CyberWire for their story on the dangers of side-channel malware attacks. He details how previous big side-channel attacks like Spectre and Meltdown worked and explains that it’s only a matter of time before someone else manages to find a way of exploiting similar chipset vulnerabilities in the wild.

Rich, Smart and Sensibly Grown-Up? You’re the Hackers’ Dream – The Telegraph (UK)

  • The Telegraph builds a profile of the standard person who gets hacked and takes a look at the “hacker’s menu” – an itemized list detailing the cost of hacking personal information. To make their case they refer to the SonicWall 2019 Cyber Threat Report Mid-Year Update for information on ransomware.

RB Music Uses Spyware to Steal Sensitive Information From the Infected Device – VARINDIA

  • Following up on the SonicWall Alert detailing spyware in the RB Music player on the Android Store, VARINDIA talks to SonicWall’s Debasish Mukherjee. Mukherjee explains that it is common for malware code to be reused by different developers over time and even when an app appears to be legitimate it may contain dangerous code waiting to be activated.

Cybersecurity News

FBI Cyber Warning: Attacks on Key Employees up 100%, as 281 Are Arrested – Forbes

  • The FBI has warned that Business Email Compromise attacks have doubled between June 2018 and July 2019, even as a worldwide crackdown on the practice led to 281 arrests worldwide. Learn how you can protect yourself from Business Email Compromise with SonicWall’s Email Security Appliances.

Cyber-Security Incident at US Power Grid Entity Linked to Unpatched Firewalls – ZDNet

  • A recently released report has detailed how the “cyber-incident” reported on the US Power Grid in June of this year turned out to be a cyberattack that was able to take place because of unpatched firewalls.

Exploit for Wormable BlueKeep Windows Bug Released Into the WildArs Technica

  • A rough but workable exploit for the Bluekeep vulnerability has been coded and released into the wild. While it is highly unlikely that the exploit will be successful in infecting any users in its current form it serves as a proof-of-concept and could be the first step towards bigger problems in the future.

Swedish GDPR Fine Highlights Legal Challenges in Use of Biometrics – Security Week

  • A school in Sweden has been fined for using biometrics on its students, even though the school had obtained consent from both the students and their parents. A court ruling decided that due to the imbalance of power between students and the school, freely-given consent could not be possible. The case highlights the possibility of future problems in wider biometric implementation if, for example, it is argued that employees cannot consent to employers using biometrics in the workplace for similar reasons.

The State of Maritime Cybersecurity – WorkBoat

  • Maritime magazine WorkBoat interviews the creators of a recent survey on the current state of maritime cybersecurity. They discuss why the survey was created, why many companies are not prepared in the current threat landscape and what needs to be done to prevent another problem like the 2017 ransomware attack on global shipper Maersk.

Think Your iPhone Is Safe From Hackers? That’s What They Want You to Think… – The Guardian

  • The Guardian investigates the world of zero-day exploits that are sold on dark web marketplaces and warn that despite Apple’s iOS having a reputation of being close to unhackable, there are, in fact, vulnerabilities in it that have been exploited for years.
And Finally:

IoT Security: Now Dark Web Hackers Are Targeting Internet-Connected Gas Pumps – ZDNet

  • As hackers turn their sights on Internet of Things devices, and the number of these devices worldwide grow, hackers online have been turning their sights on web-connected Gas Pumps. It’s early days yet but researchers hypothesize that the reasons for this could range from obtaining cheap fuel to something much more explosive…

In Case You Missed It

Cyber Security News & Trends

This week, vote for SonicWall in the 2019 Computing Security Awards, a deep dive into 5G cybersecurity, and ransomware is under the spotlight before the 2020 elections.


SonicWall Spotlight

2019 Computing Security Awards – Vote for SonicWall

Vote today!

6 Essential Hardware Firewall Solutions For A Small Business 2019 – Welp Magazine

  • The SonicWall TZ400 is named as the number 1 essential firewall solution for a small business, with traffic targeting ability and scalability as your business grows called out as particular plus points.

7 Sophisticated Cyber-Attacks that are Growing in 2019 – Security Boulevard


Cybersecurity News

Why 5G Requires New Approaches to Cybersecurity – Brookings Institute

  • Former Federal Communication Chairman Tom Wheeler stresses the need to zero in on protecting 5G wireless networks from cyberthreats in a new paper published by the Brookings Institute.

Cybersecurity and the Explosion Of Augmented Reality – The Forbes Tech Council

  • Paul Ryznar of the Forbes Technology Council explores the cybersecurity implications that have arisen from the explosion of Augmented Reality technology products, including security vulnerabilities, cloud technology complications and wearable device exposures.

A Huge Database of Facebook Users’ Phone Numbers Found Online – Tech Crunch

  • An exposed Facebook database of phone numbers linked to Facebook account IDs has been found online. The company argue that the data is old and taken from a time before they updated their security systems.

Rising Fines Will Push Breach Costs Much Higher Dark Reading

  • Market forecast by Juniper Research predicts that fines from data-protection laws like GDPR are going to rise dramatically, with the cost likely to exceed $5 trillion by 2024.

Taxpayers Against Cities Paying up in Ransomware Attacks, Says Survey – ZDNet

  • A survey of US citizens in cities has found that 60% of those questioned are against local tax dollars being used to pay ransomware demands in their city. At the same time, 90% are in favor of increasing cybersecurity funding for their local services.

Top NSA Cyber Official Points to Ransomware Attacks as Key Threat to 2020 Elections – The Hill

  • The newly formed Cybersecurity Directorate at the National Security Agency is keeping a close eye on developments in ransomware in the run up to the 2020 election. With a number of ransomware attacks disrupting cities across America in recent weeks, ensuring nothing untoward happens in the election is a top priority.
And Finally:

Teenage Hackers Wanted: Could Your Kid Be the Next £20M Cybersecurity Superhero? – Forbes

  • A growth of Cyber Discovery Clubs in both the U.K. and the U.S is leading to a new generation of young hackers entering the cybersecurity field.

In Case You Missed It

Cyber Security News & Trends

This week, Security in the Cloud with SonicWall, finding a way of measuring cybersecurity, and a long-term spyware attack on Apple’s operating system.


SonicWall Spotlight

How to Make Your Smart Home More Secure – Engadget

  • With Smart Homes becoming a reality, Engadget look at how to secure them from cyberattacks, including using a SonicWall TZ350.

Ping Episode 1: Security in the Cloud, Starring SonicWall – Firewalls.com podcast

  • Firewalls.com have launched a new podcast titled Ping and they interview SonicWall’s Shannon Emmons in their very first episode. She discusses makes Cloud App Security a uniquely SonicWall offering and outlines the types of subscriptions and support available to make Cloud App Security a convenient fit for SMBs and enterprises alike.

Cybersecurity News

Google Unearths 2-Year-Long iPhone Spyware Attack – Financial Times

  • Google’s security team has revealed a series of security flaws in Apple’s iOS operating system, active from iOS 10 to iOS 12. While the vulnerabilities have now been patched, they were actively exploited by an unknown entity for at least two years.

How to Make $1 Million From Hacking: Meet Six Hacker Millionaires – Forbes

  • Six millionaires who made their money through legitimate hacking, mostly cashing in on bug bounties, are interviewed by Forbes telling their stories.

French ‘Cybercops’ Dismantle Pirate Computer Network – BBC

  • French “cybergendarmes” have dismantled a botnet that had infected more than 850,000 computers worldwide after working with the FBI to track down the command server.

Hackers Could Steal a Tesla Model S by Cloning Its Key Fob—Again – Wired

  • Tesla’s flawed and patched Model S keyfob system has been shown to have another vulnerability – found by the same team who discovered the problems the first-time round. The good news is that where previously the keyfobs had to be replaced, the new flaws can be fixed with a wireless software update.

Android Google Play App With 100 Million Downloads Starts to Deliver Malware – ZDNet

  • CamScanner PDF creator is a hugely popular app that has been downloaded 100 million times since it was first released on the Google Play Store in 2010. It has now been removed from the store after it was discovered that it was delivering a Trojan to people who had it installed on their device. This is most likely due to a problem with the ad library the app uses rather than a decision by the makers of the app themselves.

How to Measure Cybersecurity – Lawfare Blog

  • In a complex article Lawfare Blog investigates quantitative vs. qualitative attempts to find a successful metric for measuring cybersecurity systems.

Quantum Computing: The New Moonshot in the Cyber Space Race – HelpNetSecurity

  • The race to develop quantum computing has been heating up since China launched the first quantum communications satellite in 2016. HelpNetSecurity covers the history of quantum computing as China and the USA compete to be the first country to successfully reach “Q-Day.”
And Finally:

Astronaut Accused of Identity Theft, Accessing Estranged Wife’s Bank Account, From International Space Station – SC Magazine

  • An astronaut is being accused of identity theft after accessing her estranged wife’s financial information… from the International Space Station.

In Case You Missed It

Cyber Security News & Trends

This week, smart cities are exposed, side-channel attacks are explained, and Texas reels from coordinated ransomware attacks.


SonicWall Spotlight

Side-Channel Attacks: Cyber Warfare’s New Battleground – Security Boulevard

  • SonicWall CEO Bill Conner pens a piece for Security Boulevard discussing the current, complex state of the cybersecurity landscape. He examines how side-channel attacks and malware cocktails have emerged as some of the most potent threats and recommends layered cyberdefenses along with emergent AI-based solutions.

Podcast: Cloud Application Security Is Your Gateway to Cloud Confidence – RedZone Podcast

  • Shannon Emmons, Senior Product Manager at SonicWall, is interviewed on the RedZone podcast discussing why a holistic approach to cloud application security solutions must be followed to tackle modern cloud cyberthreats.

Hackers Breach 20 Texas Government Agencies in Ransomware Cyber Attack – Dallas News

  • At least 20 government agencies in Texas were affected by a coordinated ransomware attack late last week and Dallas News quotes SonicWall CEO Bill Conner on the issue. SonicWall also digs deep into the ransomware figures and this story on our blog.

SonicWall Evolves as a Company Offering a Full Suite of Integrated Security Solutions – VARIndia

  • SonicWall Country Director Debasish Mukherjee is interviewed by VARIndia. He talks about the newest SonicWall tech updates, where the company is headed in the Indian market, and the SonicWall SecureFirst Partner Program.

Cybersecurity News

Into the Breach: Why We’re Seeing a Sharp Rise in GDPR Violations – ITProPortal

  • It’s a year since GDPR was made law and reported violations are going up rather than down. IT Pro Portal argues that this is to be expected as we are currently in a transitional time as companies get used to the legislation.

Cybersecurity Challenges for Smart Cities: Key Issues and Top Threats – HelpNetSecurity

  • Smart city development projects include an array of interconnected, interdependent digital infrastructure networks. A recent report by ABI Research has found that the current cybersecurity spending on these networks is way below what would be required to keep them safe and this is an ever-growing risk to smart city development if the issue is not addressed.

Data Breaches Expose 4.1 Billion Records in First Six Months of 2019 – Forbes

  • Just eight breaches have been responsible for 3.2 billion of the 4.1 billion records exposed so far in 2019. While the majority of breaches have scored very low on severity scales the sheer number of people affected by them is adding up fast.

The Year-Long Rash of Supply Chain Attacks Against Open Source Is Getting Worse – Ars Technica

  • The surge in supply chain attacks hitting open source software over the past year shows few signs of abating. Open source software is seen as low-hanging fruit by cyberattackers, in part because many don’t enforce good authentication methods like multi-factor authentication, and also because the potential of having a backdoored app on a huge number of systems is too big a payoff to resist.

Open Source-Based Ransomware Targets Fortnite Players – SecurityWeek

  • A new ransomware that specifically targets Fortnite players has been discovered by security researchers who have dubbed it “Syrk.” The basis for this ransomware is the well-known Hidden-Cry open-source malware.
And Finally

Employees Connect Nuclear Plant to the Internet so They Can Mine Cryptocurrency – ZDNet

  • The Ukranian Secret Service is investigating an incident where nuclear power plant employees near Yuzhnoukrainsk connected the internal network of their power station to the internet in order to mine for cryptocurrency.

In Case You Missed It

Cyber Security News & Trends

This week, vote for SonicWall in the computer security awards, an update on the Capital One data breach suspect, and GDPR is an identity thief’s dream.


SonicWall Spotlight

2019 Computing Security Awards – Vote for SonicWall

  • SonicWall are nominated in the following categories:

    Anti-Malware Solution of the Year – SonicWall Capture Client
    New Hardware Solution of the Year – SonicWall TZ Series
    SME Security Solution of the Year – SonicWall TZ Series

Vote today!

The Top 25 Enterprise IT Innovators of 2019CRN

  • SonicWall CEO Bill Conner is named as one of CRN’s top 25 Enterprise IT innovators of 2019 with SonicWall Cloud App Security 2.0 names as one of the reasons behind the recognition.

Forget Panic Rooms and Alarms, State-of-the-Art Security Is Now Insanely High-Tech—and Nearly Invisible – Robb Report

  • Luxury lifestyle magazine Robb Report takes a look at the most up to date home and business security systems that money can buy, from residential surveillance systems installed by private security firms to the best business firewalls like those offered by SonicWall.

Best Security Hardware – Gold Medal – ChannelPro Network


Cybersecurity News

Virtually All Polled Enterprises Say They’ll Use SD-WAN in Next Two Years. Do You Know What It Is? Let Us Fill You In – The Register

  • With IDC’s Software-Defined WAN Survey published in April this year estimating that 95 per cent of enterprises expect to use SD-WAN technology within the next two years, and almost half already using it in one form or another, The Register take a look at the key SD-WAN considerations in 2019.

The Capital One Breach Suspect May Have Stolen Data From at Least 30 Other Companies and SchoolsBusiness Insider

  • Prosecutors of the Capital One data breach allege the suspect stole data on more than 30 entities, including private companies and schools, as well as 100 million Capital One customers.

Security Warning for Software Developers: You Are Now Prime Targets for Phishing Attacks – ZDNet

  • A new study has found that cybercriminals are increasingly targeting software developers in the hopes of landing administrator privileges on a network. With professional networks like LinkedIn providing would-be hackers with personal information they can easily harvest they are able to craft convincing looking phishing emails that may even fool the technology savvy.

Crossrider Adware Still Causing Unwanted Mac Browser Redirects – Security Boulevard

  • Addressing the myth that Mac’s cannot get a virus Security Boulevard investigate a new variant of the Crossrider malware currently infecting Apple systems. The risk isn’t just an infection from annoying but relatively benign adware, but that it may morph into something more dangerous.

‘It Is Absurd.’ Data Breaches Show It’s Time to Rethink How We Use Social Security Numbers, Experts Say – Time

  • Unchanging Social Security numbers that were never intended to be used as identification are described as an ‘absurd’ idea in a world where data is regularly being stolen and released online. ID cards that use Blockchain technology is one of several solutions proposed to deal with identity theft in the modern age.

And Finally

Talk About Unintended Consequences: GDPR Is an Identity Thief’s Dream Ticket to Europeans’ Data – The Register

  • A student attending Black Hat 2019 explains how he gamed GDPR privacy laws to allow him access to a huge amount of personal data, the very kind of data the laws are designed to protect.

In Case You Missed It

Cyber Security News & Trends

This week, SonicWall CEO Bill Conner is recognized with a Top Executive accolade from CRN, it’s a tough week for major global retailers impacted by data breaches and cybersecurity concerns aboard the International Space Station.


SonicWall Spotlight

The Top 25 Enterprise IT Innovators Of 2019 – CRN

  • SonicWall CEO Bill Conner is listed as one of the 25 Most Innovative Executives, “always two steps ahead of the competition,” part of CRN’s Top 100 Executives Of 2019 list.

Ransomware Today: Everything You Need to Know to Protect Your Business – Infoblox Threattalk (podcast)

  • Infoblox’s podcast discusses the evolving rate of ransomware attacks and what organizations need to do to decrease the likelihood of a ransomware attack, referring to the 2019 Sonicwall Cyber Threat Report data that ransomware attacks have grown per customer at a rate of 11% year on year.

Four Signs the U.S Government Is Becoming More Aggressive With Cybersecurity – Law.com

  • With the NSA launching the Cybersecurity Directorate in October, Law.com argue that we are entering an era of more aggressive cybersecurity, quoting SonicWall CEO Bill Conner on the need for public and private sectors to share data.

Cybersecurity News

Hacker Threatened Shooting at Social Media Company, U.S. Says – Bloomberg

  • The Seattle woman accused of a massive hack of personal and financial data from Capital One Financial Corp. threatened to shoot up an unnamed California social media company, according to court records.

Data Breach Can Cost About $3.2 Million. So What Has Your Business Done to Protect Important Data? – The Philadelphia Inquirer

  • Two recent studies have found that over half of small and medium-sized companies are not prepared for a cyberattack, despite the cost of a data breach having risen 12% over the last five years and now averaging $3.92 million per business.

Cybersecurity Officials Warn State and Local Agencies (Again) to Fend off Ransomware – Ars Technica

  • As Louisiana was declaring a cybersecurity state of emergency, Baltimore was approving $10 million in spending to recover from its own nearly month-long ransomware related IT outage. Reacting to these and other incidents, several US government departments, CISA, MS-ISAC, NGA & NASCIO, have issued a joint statement for state, local, territorial and tribal government partners recommending immediate action to safeguard against ransomware attacks.

Sephora Data Breach Hits Southeast Asia and ANZ Customers – ZDNet

  • Some personal information such as first and last name, date of birth, gender, email address, and encrypted password, as well as data related to beauty preferences may have been exposed.

5 Experimental Cybersecurity Trends Your Business Needs to Know About – Tech Republic

  • Disinformation defense, open source security, zero-knowledge proofs, homomorphic encryption and blockchain security – five experimental cybersecurity trends Tech Republic speculate are increasingly becoming more important.

New Mirai Botnet Lurks in the Tor Network to Stay Under the Radar – ZDNet

  • A new, Mirai based, Internet of Things botnet has been found hiding online, launching itself from the Tor network in an effort to prevent takedowns. While this is not the first time that malware has attempted to anonymize itself and become more difficult to combat by using Tor, some experts think this may be a “possible precedent” setting case.

And Finally

Cybersecurity test on ISS – Phys.org

  • Space, the cybersecurity frontier. Experiments are being carried out to improve cybersecurity on the International Space Station.

In Case You Missed It

Cyber Security News & Trends

This week, SonicWall releases a mid-year update to the 2019 SonicWall Cyber Threat Report, hackers breach the FSB, and Johannesburg hit by ransomware.


SonicWall Spotlight

SonicWall 2019 Mid-Year Threat Report Shows Worldwide Malware Decrease of 20%, Rise in Ransomware-as-a-Service, IOT Attacks and Cryptojacking – SonicWall Press Release

  • SonicWall refreshes its data from the first months of 2019 for the Cyber Threat Report Mid-Year Update. The Cyber Threat Report provides insights into the cybersecurity industry’s top threats and trends, major finds include:
    • Ransomware volume up 15% globally year to date
    • Encrypted threats spike 76%
    • IoT malware attacks up 55%
    • Malware attacks across non-standard ports dips to 13%
    • With bitcoin value spiking, cryptojacking volume up 9%

SonicWall CEO on McAfee IPO Rumours and Symantec’s Possible Sale – CRN ChannelWeb

  • Channel Web interviews SonicWall CEO Bill Conner discussing business and government reactions to changes to the cybersecurity industry where the threat landscape which is “is getting very, very real.”

UK Ransomware Attacks Soar 195% – Malware Cocktails Proliferate – CBROnline


Cybersecurity News

NSA Launches Cybersecurity Directorate – NextGov

  • The National Security Agency has announced the launch of a new division aimed at defending the country’s national security infrastructure from digital attacks. The Cybersecurity Directorate will bring the agency’s foreign intelligence and cyber operations together under the same roof.

Hackers Breach FSB Contractor, Expose Tor Deanonymization Project and More – ZDNet

  • A contractor for the FSB, Russia’s national intelligence service, has been hacked with over 7.5 terabytes of data taken. Information exposed includes data on secret developments like a Tor deanonymization project and the ability to disconnect the Russian internet from the rest of the world.

Two Charged With Terrorism Over Bulgaria’s Biggest Data Breach: Lawyer – Reuters

  • Police raided the offices of cybersecurity firm Tad Group following last month’s cyberattack and data breach in which personal data for nearly every adult Bulgarian was stolen. Two workers have been charged with terrorism, both deny wrongdoing.

Louisiana Governor Declares State Emergency After Local Ransomware Outbreak– ZDNet

  • Following a series of cyberattacks on school districts Louisiana Governor John Bel Edwards declared a cybersecurity state of emergency. This is only the second time a state has declared a state of emergency over cybersecurity, the first being Colorado in February 2018.

Facebook to Pay $100 Million SEC Fine Over Cambridge Data Use – Bloomberg

  • Facebook has agreed to pay $100 million in a U.S. Securities and Exchange Commission settlement over the Cambridge Analytica scandal. In the settlement Facebook refuse to admit or deny any wrongdoing.

Ransomware hits Johannesburg electricity supply – BBC

  • Johannesburg’s City Power has been the latest high-profile victim of a ransomware attack with more than a quarter of a million people affected. The City of Johannesburg says no customer data has been compromised.

And finally:

UK, EU Police Pilot Scheme to Give Wayward Teen Hackers White Hats – ZDNet

  • A new UK and EU scheme called “Hack_Right” is currently being trialled. The scheme is aimed at staging interventions for teenagers who are involved in hacking, encouraging them to change their behavior rather than punishing them with jail time or fines.

In Case You Missed It

Cyber Security News & Trends

This week, SonicWall CEO Bill Conner is included on a coolest CEO list and we have a special look at what people are saying about the growth of AI in the cybersecurity arena.


SonicWall Spotlight

The 11 Coolest Endpoint Security CEOs of 2019 – Solutions Review

  • SonicWall CEO Bill Conner is named one of Solutions Review’s top 11 coolest Endpoint Security CEOs, recognizing CEOs who bring “their own unique blend of experience and expertise to their endpoint security companies.”

SonicWall on Youtube

  • Did you know that SonicWall has an official channel on YouTube? We update it with all sorts of content, such as technical support videos, SonicWall product news, unboxing videos and more. You can follow us for updates here.

Sonicwall’s Roadshow Guides Customers and Channel Partners Address Network Security Issues – SME Channels (India)

  • SonicWall’s Debasish Mukherjee is quoted talking at the SonicWall roadshow at Mumbai And Delhi.

Cybersecurity News

Why AI is the Future of Cybersecurity – Forbes

  • Forbes digs into the figures available in a new report titled “Reinventing Cybersecurity with Artificial Intelligence” to see who is, and who is not, using AI in cybersecurity research. They conclude that with 69% of enterprises polled believing AI will be necessary to counter cyberattacks AI is going to be the future, one way or another.

AI Has a Bias Problem and That Can Be a Big Challenge in Cybersecurity – CNBC

  • If AI is the future of cybersecurity, then what can be done about its inherent bias problems? CNBC investigates how bias is found in the program, the data and the people who design the AI systems.

Researchers Easily Trick Cylance’s AI-Based Antivirus Into Thinking Malware Is ‘Goodware’ – Motherboard

  • Researchers in Australia say they have found a way of subverting Cylance’s AI-based antivirus into thinking malware, including the high-profile ransomware like Wannacry, is “goodware.” The relatively simple method involves taking strings from a non-malicious file and appending them to a malicious one, tricking the system into thinking the malicious file is benign.

Debunking the Myths of AI Cybersecurity – ITProPortal

  • ITProPortal look at four AI cybersecurity myths and explain why they are either incorrect or overblown.

What Kind of Cybersecurity Threats Does 5G Pose? – Silicon Republic

  • Huawei are currently global leaders in 5G infrastructure but with concerns in the USA, now spreading to the UK, over whether or not the company is sufficiently independent from the government of China, could threats in 5G infrastructure be like finding a needle in a haystack?

Cyberattacks Inflict Deep Harm at Technology-Rich Schools – New York Times

  • Schools are becoming ever-more attractive targets for cybercriminals as a school will hold a wealth of personal information on its students and provides critical public services. The Washington Times investigates the increase in cyberattacks on schools and how the FBI can only do so much when an attack is successful.

And finally:

FBI Shares Master Decryption Keys for Prolific GandCrab Ransomware – Washington Times

  • The jig appears to finally be up for the Gandcrab ransomware group after master decryption keys were made public by the FBI. The group appears to have known this was coming and had ended its criminal “affiliate program” after claiming that the program had generated over $2 billion in ransom payments.

In Case You Missed It

Cyber Security News & Trends

This week, Baltimore ransomware woes continue, the story of how the WannaCry cyberattack was stopped, and Magecart groups change tactics.


SonicWall Spotlight

Sonicwall’s Roadshow Helps Customers and Channel Partners Address the Critical Issue of Network Security – CRN

  • SonicWall’s Debasish Mukherjee is on the move with the SonicWall Roadshow across Mumbai and Delhi in India. He talks SonicWall expansion in India and Next-Gen AV – Capture Client with CRN.

Cybersecurity News

Border Officials Not Told of Massive Surveillance Breach Until Three Weeks After Subcontractor Was First Alerted – Washington Post

  • S. Customs and Border Protection was not informed that a hacker had stolen a huge cache of sensitive border-surveillance documents from a subcontractor until nearly three weeks after the cyberattack was first discovered. A huge trove of data, including travelers’ images and license plates, was taken in the attack and has since appeared on the dark web.

The Sinkhole That Saved the Internet – TechCrunch

  • In 2017, as the WannaCry ransomware attack was spreading across the internet, two security researchers were all that stood in its way after they found a kill-switch hidden in the code. Two years later, TechCrunch speaks to the researchers and breaks down the moment by moment saga as it happened.

Baltimore Ransomware Infection Keeping City Employees From Accessing Older Emails: Report – Washington Times

  • Nearly two months after Baltimore was first caught by the Ransomware attack that crippled the cities operations, employees are still incapable of accessing emails older than 90 days.

Here’s How Hackers Are Making Your Tesla, GM and Chrysler Less Vulnerable to Attack – USA Today

  • Since the newest model cars contain a series of connected computers, cyber vulnerabilities are an increasing concern in the automotive industry. To combat this, many car companies have launched bug bounty programs and attend all day hacking events like Pwn2Own with top prizes for hackers who can breach their cybersecurity or find unknown bugs.

U.S. Coast Guard Issues Cybersecurity Warnings for Commercial Vessels – SecurityWeek

  • The U.S. Coast Guard issued a cybersecurity warning for commercial vessels following successful cyberattacks and an increase in phishing attempts in 2019. It says that “It is imperative that the maritime community adapt to changing technologies and the changing threat landscape by recognizing the need for and implementing basic cyber hygiene measures.”

Marriott to Contest $124 Million Fine Imposed by UK Data Protection Regulator – SecurityWeek

  • Both Marriott and British Airways will be subject to fines of over a hundred million dollars in the UK under GDPR regulation, both stemming from data breaches in 2018. Marriott International says it will fight the fine.

Anaesthetic Devices ‘Vulnerable to Hackers’ – BBC

  • Security researchers at CyberMDX have found a vulnerability in a brand of widely used anesthetic machines. The Aespire and Aestiva 7100 and 7900 can be hacked and controlled from afar if left accessible on a hospital computer network. The makers of the machine have responded saying that there is “no direct patient risk.”

France Says Ransomware Attacks on Big Companies Are on the Rise – Bloomberg

  • The head of the office charged with fighting cyber threats in France says that large companies are increasingly the target of cyberattacks and ransomware demands but often don’t want to report the attacks for fear of hurting their public image.

And finally:

New Magecart Attacks Leverage Misconfigured S3 Buckets to Infect Over 17K Sites – ZDNet

  • Magecart, the troublemaking credit card skimming gangs behind a number of high-profile breaches like British Airways, has successfully infected over 17,000 domains since April. The shotgun approach being taken leading to such a huge number of infections is a change in tactics to previous methods of highly targeted attacks. This is likely down to both the ease at which the skimming software can be implemented, and poor website security hygiene on the domains’ side.

In Case You Missed It

Cyber Security News & Trends

This week, SonicWall data continues to drive innovation in the cybersecurity space, the biggest cybersecurity crises of 2019 so far, and FireEye reconsiders its choice of keynote speaker for this year’s Cyber Defense Summit following online backlash.


SonicWall Spotlight

Three-Tiered Security for the Internet of Things Engineering.com

  • Galvanized by data from the 2019 annual SonicWall Cyber Threat Report, which shows a rapid increase in Internet of Things (IoT) attacks, cybersecurity researchers are doubling down on efforts to improve security in IoT by tackling vulnerabilities in microcontroller units (MCUs). Avnet and Microsoft have partnered in one such effort, designing the infrastructure of hardware along with its software and cloud-ecosystem to deliver Azure Sphere.

SonicWall TZ300P Review: A Multi-Site Marvel – IT Pro

  • IT Pro reviews the SonicWall TZ300P, a versatile and affordable firewall, built with SMBs and remote offices in mind. The commendatory review concludes that the TZ300P delivers a “wealth of security measures at a great price.”

Cybersecurity News

The Biggest Cybersecurity Crises of 2019 So Far – Wired

  • From the Perceptics breach to LockerGoga to supply chain attacks on Microsoft and Asus, Wired provides an overview of the biggest cyberattacks reported in the first half of the year.

Hillary Clinton Withdraws From Cybersecurity Conference Speaking Gig, Citing ‘Unforeseen Circumstance’ – The Epoch Times

  • Following online backlash to a controversial keynote speaker announcement for this year’s FireEye Cyber Defense Summit, FireEye has announced in an email this week that Hillary Clinton will no longer be participating in this year’s conference as the keynote speaker citing “unforeseen circumstance.”

Hackers in Md. Breach Accessed Names, Social Security Numbers of up to 78,000 People – The Washington Post

  • A labor department breach in Maryland has resulted in the exposure of names and Social Security numbers belonging to as many as 78,000 people who received unemployment in 2012 or who sought a general equivalency diploma in recent years.

Confirmed: 2 Billion Records Exposed In Massive Smart Home Device Breach – Forbes

  • Researchers from vpnMentor have uncovered a database housing more than 2 billion logs containing everything from user passwords to account reset codes and even a “smart” camera recorded conversation. The database, belonging to Chinese company Orvibo, was not password protected.

US Border Agency Cuts Ties with Breached Surveillance Contractor – The Verge

  • US Customs and Border Protection has suspended all federal contracts with Perceptics, a surveillance contractor suspected of suffering a data breach first reported in May.

And finally:

WannaLocker Ransomware Found Combined with RAT and Banking Trojan – SC Magazine

  • Researchers are warning that a new version of WannaLocker – essentially a mobile derivative of WannaCry ransomware – has been enhanced with spyware, remote access trojan and banking trojan capabilities.

In Case You Missed It