Cyber Security News & Trends – 03-15-19

This week, vote for SonicWall in 2019 CRN Channel Madness, Facebook suffers an outage worldwide, and one U.S. County pays a $400,000 ransom.

SonicWall Spotlight

SonicWall’s HoJin Kim has been nominated in the 2019 CRN Channel Madness Tournament.

  • CRN’s fifth annual Channel Madness Tournament of Chiefs pits some of the channel’s best-known executives against in each other. Vote for HoJin Kim now!

SonicWall Launches Security Solutions for Wireless Networks, Cloud Apps and Endpoints – CRN (India)

  • SonicWall’s Debasish Mukherjee is quoted talking about the release of new SonicWall products and the expansion possibilities for SonicWall in the Indian market.

SonicWall Now a California Multiple Award Schedule (CMAS) Vendor – SonicWall Blog

  • Being a CMAS vendor allows SonicWall to support K-12 education through the E-rate program, a Federal funding program that allows technology products and services to be purchased by school districts and libraries.

Cyber Security News

Hackers Use Slack to Hide Malware Communications – CSO Online

  • Cyberattackers have been using a previously undocumented backdoor program to launch an attack on users of Slack. A fully patched computer will prevent the attack but in cases where the exploit runs successfully it triggers a damaging multi-stage infection.

Web Inventor Tim Berners-Lee Calls for ‘Fight’ Against Hacking and Abuse on its 30th Birthday – CNN

  • On the 30th anniversary of its launch, the inventor of the world wide web called out three major “sources of dysfunction” affecting it; deliberate malicious intent, system design and the unintended negative consequences of benevolent design.

Facebook’s Daylong Malfunction Is a Reminder of the Internet’s Fragility – New York Times

  • A technical error by Facebook led to a worldwide outage that affected Facebook, WhatsApp and Instagram. The New York Times looks at how the more tightly woven a computer network becomes, the more likely it is that a small problem can grow into a large one.

Applicant Data Hacked and Ransomed at Three U.S. Colleges – Fortune

  • Three U.S. colleges recently suffered successful ransomware attacks. The hackers were able to fool college staff members into handing over passwords and then took control of databases that housed student applicant information.

Hackers Cop a FILA Thousands of UK Card Deets After Slinking Onto Clothing Brand’s Servers – The Register (UK)

  • Sportswear brand FILA are the latest company to suffer from a damaging malware infection with an attack similar to Magecart infecting card payments on their website.

US Senators Want to Know How Many Times They’ve Been Hacked – ZDNet

  • Two US senators have requested the US Senate Sergeant at Arms to provide each senator with both annual statistics about cyberattacks and a commitment to disclosing breaches within five days of discovery.

Georgia County Pays a Whopping $400,000 to Get Rid of a Ransomware Infection – ZDNet

  • Officials in Jackson County, Georgia, negotiated with cybercriminals to pay a $400,000 ransom after being successfully infected with ransomware.

In Case You Missed It

Cyber Security News & Trends – 03-08-19

This week, SonicWall protects against the newest Intel chip vulnerability, millions more records are found unprotected online and Google Chrome has a serious security flaw.

SonicWall Spotlight

SonicWall Extends SMB Cybersecurity Ambitions – Security Boulevard

  • SonicWall’s Dmitriy Ayrapetov provides insight into SonicWall’s newest product releases, where SonicWall is heading and the benefits of unifying cybersecurity systems.

SonicWall Aims at Evasive Cyber Threats Targeting Wireless Networks, Cloud Apps, Endpoints – CRN (India)

  • CRN India review the new SonicWall releases in detail and Jeff Wilson, Senior Research Director at IHS Markit, highlights the need for cloud protection as provided by SonicWall Cloud App Security 2.0.

Cyber Security News

‘Spoiler’ Flaw in Intel CPUs is Similar to Spectre – Yet Dangerously Different – Tech Radar

  • A new Intel chip vulnerability dubbed ‘Spoiler’ is similar to the Spectre flaw that allows an attacker to exploit the way PC memory works. Attackers using the flaw can, amongst other things, view data from running programs which should otherwise not be accessible. SonicWall RTDMI identifies and blocks this threat.

Google Confirms Serious Chrome Security Problem – Here’s How to Fix It – Forbes

  • Google issues an urgent update warning for all Chrome users after a zero-day vulnerability was discovered being exploited in the wild.

An Email Marketing Company Left 809 Million Records Exposed Online – Wired (UK)

  • Researchers found over 150 gigabytes of detailed private data, including hundreds of millions of unique email addresses and personal social media accounts, easily accessible online after an “email verification” company left the records exposed.

Project Zero Discloses High-Severity Apple macOS Flaw – Threat Post

  • Google Project Zero researchers detail a new high-severity macOS flaw after Apple failed to patch it by the 90-day disclosure deadline.

A CEO Cheat Sheet for the Cybersecurity Big One – Forbes

  • Warren Buffet calls it “The Big One” – it’s the worst-case cybersecurity scenario for a company. Forbes provide a CEO cheat sheet with tips on how to prepare for it.

Cyberattack Planning Is Still Depressingly Poor, Even in Big Businesses – ZDNet (UK)

  • A report by the British government has found that while most companies have some kind of cybersecurity strategy in place, many have not tested it, or fail to fully understand the threats faced.

After the Breach: Six Key Actions to Take – IT Pro Portal

  • Contain, Identify, Determine, Announce, Offer, and Make Sure it doesn’t happen again – IT Pro Portal detail six steps a company must follow if they suffer a data breach.

Ransomware Warning: The Gang Behind This Virulent Malware Just Changed Tactics Again – ZDNet (UK)

  • The gang behind the GandCrab ransomware, who sell it through a Ransomware “as-a-service” model, are under constant cybersecurity scrutiny and continue to change tactics. Instead of targeting small networks they are now advertising to those who want to go after larger targets for a bigger payday.

In Case You Missed It

Cyber Security News & Trends – 03-01-19

This week, SonicWall announces a whole range of new products, there is an investigation into cloud computing that finds that hackers can leave malware waiting for customers, and a study finds that cybercriminals are spending their money like rock stars.

SonicWall Spotlight

Slate of New Product Offerings Marks Rebirth of SonicWall – Forbes

  • SonicWall CEO Bill Conner speaks to Forbes about the announcement of new SonicWall products and services, including a new line of firewalls, and discusses how far the company has come since splitting from Dell.

SonicWall Enhances Wi-Fi, Cloud Apps and Endpoints Security for SMBs and Distributed Enterprises – Help Net Security

  • Help Net Security review the new SonicWall releases in detail and James Crifasi of Redzone Technologies talks about the Wi-Fi improvements to the Capture Security Center saying, “We are thrilled at the improvements in security, management, and performance the new series has given us.”

2019 Security 100: 20 Coolest Network Security Vendors – CRN

  • SonicWall is named one of the coolest network security vendors of 2019 as part of CRN’s 2019 Security 100 list.

Inside the Biometrics of Those Post-Brexit Blue Passports – ComputerWorld UK

  • SonicWall CEO Bill Conner spoke to Computer World UK for their story on post-Brexit passports. He talks about his previous experience as CEO of Entrust and the problems faced successfully developing biometric passports.

Cyber Security News

Hackers Can Slip Invisible Malware Into ‘Bare Metal’ Cloud Computers – Wired (UK)

  • Cybersecurity researchers have shown that cyberattackers could leave malware undetected on a rented “bare metal” cloud computer. Once successfully infected at the firmware level the computer would then wait for the next customer and infect them.

European Telecommunications Standards Institute Publishes New IoT Security Standard – Security Week

  • The European Telecommunications Standards Institute (ERSI) published a cybersecurity standard for consumer Internet of Things (IoT) devices. The hope is that this will provide the basis for future IoT certification schemes that will be designed to prevent both the loss of users’ personal data and the recruitment of consumer IoT devices into botnets.

Persistent Attackers Rarely Use Bespoke Malware – Dark Reading

  • Cybercriminals have been found to be using open-source over custom-made malware because bespoke programs are more likely to trigger cybersecurity systems. In addition, the quality of readily-available malware is to a high enough standard that hardened cybercriminal groups are able to incorporate it into their own toolsets without having to make major changes.

Surge in Number of Data Breaches Reported to Commission in 2018 – RTE News (Ireland)

  • Both Ireland and the UK reported a huge increase in the number of data breaches reported to regulators after the implementation of GDPR. Facebook, Twitter, LinkedIn and Apple, all which have their European headquarters in Ireland, are named as having ongoing breach inquiries.

Over 25 Million Home Voice Assistants at Increased Hacking Risk – The International Business Times

  • A recent report concluded that the very rudimentary cybersecurity on more than 25 million voice assistants is leaving them at an increased risk of being hacked.

Why Knowing How Your Data Behaves Is the Key to Cybersecurity – InfoSecurity Magazine

  • “Data in transit” or “data at rest” – Infosecurity Magazine argues that thinking of data in terms of these two poles will help decide what kind of cybersecurity best suits your needs.

Cybercriminals Spend Like Rockstars – SC Magazine

  • A recent study found that while some cybercriminals use their ill-gotten gains to simply cover their day-to-day necessities, others are splashing out on luxury goods like flashy cars and jewelry.

In Case You Missed It

Cyber Security News & Trends – 02-22-19

This week, ATM hacking is so easy cybercriminals turn it into a game, the flaws in blockchain are investigated, and the British Labour Party lockdown their data.

SonicWall Spotlight

January 2019 Cyber Threat Data: New Year, New Malware Attack Variants – SonicWall Blog

  • SonicWall’s threat blog for January 2019 finds that while overall malware attacks are dropping, the variants of malware are growing with twice as many new threats diagnosed compared to the same time last year.

Cyber Security News

Once Hailed as Unhackable, Blockchains Are Now Getting Hacked – MIT Technology Review

  • MIT Technology review traces how all blockchain technology payments like Bitcoin are vulnerable to “51% Attacks” due to the inherent structure of blockchain. Renting enough mining power to attack bitcoin would cost more than $260,000 per hour but, with lesser-known blockchain currencies, this figure drops dramatically.

Russian Hackers Targeted European Research Groups, Microsoft Says – New York Times

  • Microsoft reports that the hacker group Fancy Bear, often associated with Russian intelligence, are targeting European think tanks and NGOs in the lead up to the 2019 European Parliament election. Russian officials deny any links to the group.

Data-Spewing Spectre Chip Flaws Can’t Be Killed by Software Alone, Google Boffins Conclude – The Register (UK)

  • Although Intel announced hardware fixes for some of the Spectre vulnerabilities in 2018, Google researchers have concluded that the proposed solution of simply fixing the remaining issues with software is not a viable option.

ATM Hacking Has Gotten so Easy, the Malware’s a Game – Wired

  • ATM hacking is usually seen as easily preventable if basic cybersecurity protocols are followed. However, many ATMs worldwide simply never receive updates. As a result, theft from ATMs has become so easy that some hackers have turned their hacking malware into a game.

Ransomware Attacks Classified as a Felony Under Proposed Maryland Bill – Health IT Security

  • Proposed legislation in Maryland wants to lower the financial threshold for a ransomware attack to be considered as a felony from $10,000 to $1,000 USD.

POS Firm Says Hackers Planted Malware on Customer Networks – ZDNet

  • A Point of Sale (POS) company based in Minnesota announced that a security breach in January 2019 led to almost 140 of its customers being affected by malware. Full details are not available, but it is likely that any card details used on the POS systems while the malware was active were compromised.

When Cyberattacks Pack a Physical Punch – Threat Post

  • “Physical” cyberattacks, where hardware is compromised or physical infrastructure like a burglar alarm is attacked, now count for more than one in ten data breaches. Threat Post investigates the shrinking gap between cyber and physical security.

Data Breach Rumours Abound as UK Labour Party Locks Down Access to Member Databases – The Register (UK)

  • The UK Labour Party announced this week that its databases would be unavailable after confirmed access by “individuals who are not, or are no longer, authorised to do so.” It is likely this refers to the recently launched Independent Group of breakaway MPs who made headlines leaving the party this past week.

In Case You Missed It

Cyber Security News & Trends – 02-08-19

This week, SonicWall highlights how the UK is taking malware seriously, there is an investigation into new vehicles that are vulnerable to cyberattacks, and an update on the average price paid for ransomware.

SonicWall Spotlight

Bill Conner: How the UK Is Taking Malware Seriously – Information Age

  • SonicWall CEO Bill Conner was interviewed by Information Age editor Nick Ismail on the changing cybersecurity landscape, how malware can be region specific, the possibilities of cross-border collaboration, and more.

DCC Inks Distribution Deal With SonicWall

  • IT products distributor Drive Control Corporation (DCC) has been appointed as an official distributor for SonicWall in South Africa.

SMBs Need Layered Security to Defend Their Businesses – Forbes

  • Bill Conner, CEO of SonicWall, talks as part of the Forbes Technology Council on why small and medium businesses (SMBs) need layered cybersecurity. He argues that if you’re running an SMB online cybercriminals see you as an easy target and, without adequate investment in cyberdefenses, they might just be correct.

Cyber Security News

Is Your Car Hackable? Cybersecurity Experts Say It Might Be – USA Today

  • A modern car is full of small computers, but in a new survey of 15,900 IT security practitioners and engineers in the automotive industry, many acknowledged a huge number of flaws in the cybersecurity makeup of the vehicles. 62 percent of those surveyed say a malicious attack against automotive technologies is likely or very likely to occur in the next 12 months.

Trojan Malware: The Hidden Cyber Threat to Your PC – ZDNet

  • While Ransomware and cryptocurrency mining have been making the headlines recently, ZDNet investigates the quiet growth of Trojan malware – made possible by the huge number of recent breaches leading to targeted phishing emails.

Ransomware Victims Who Pay Cough up $6,733 (on Average) – BankInfoSecurity

  • A new report has found that in the fourth quarter of 2018 ransomware victims who paid the ransom spent, on average, $6.73; an increase of 13 percent from the previous quarter. Unsurprisingly Bitcoin is the preferred method of payment.

Two Hacker Groups Responsible for 60 Percent of All Publicly Reported Hacks – ZDNet

  • Blockchain analysis firm Chainalysis investigated publicly reported cryptocurrency exchange hacks and concluded that 60 percent could be traced back to two hacking groups.

True Crime: SamSam Ransomware I Am – SC Magazine

  • SamSam may not be the worst malware out there but its impact on enterprise cybersecurity became difficult to ignore in 2018. SC Magazine traces the history of the malware throughout the year.

Report: Nation-State Malware Attack Could Cripple US – BankInfoSecurity

  • A new report has concluded that without improved private and public data co-operation, the US is at risk of being crippled by well-made malware. The report recommends closer technical data sharing and action taken to improve communication between public and private entities.

A Hacker’s Take on Blockchain Security – Forbes

  • With Blockchain seen by some as the solution to cybersecurity problems, Forbes asks a black hat hacker to investigate with them just how true that is. They come across some less obvious stumbling blocks in blockchain security.

In Case You Missed It

Cyber Security News & Trends – 02-01-19

This week, Collections #2-5 drop over 2 billion stolen logins, Bangladesh is suing a Philippines bank over cybertheft and SonicWall CEO Bill Conner discusses keeping up with the cybersecurity market.

SonicWall Spotlight

Could Cash-Rich Facebook Be Considering Acquisition Targets? – Real Money

  • SonicWall CEO Bill Conner is quoted by Real Money talking about Facebook’s need for cybersecurity acquisitions in a piece that speculates where the company might go next.

Are We Really Aware of What Mobile Malware Is? – VarIndia

  • SonicWall’s Debasish Mukherjee is interviewed as part of a panel discussing the mobile malware. He talks about the data SonicWall Capture Labs found on the Android platform throughout 2018.

SonicWall Aims to Build Brand in Critical Two Years – IT Europa

  • Bill Conner, CEO of SonicWall, lends his thoughts to IT Europa talking about the future of the fast-moving cybersecurity market and why not every security company is able to keep up.

Cyber Security News

Hackers are Passing Around a Megaleak of 2.2 Billion Records – Wired

  • After the leak of Collection # 1 earlier in the year Collections #2-5 continue the data dump of hacked records, largely information that has been leaked previously.

Airbus Reports Breach Into Its Systems After Cyber Attack – Reuters

  • Airbus detected a cyberattack which resulted in a data breach of mostly employee data. It says the incident did not affect commercial operations.

What Was the Cybersecurity Impact of the Shutdown? – FCW

  • With the Government shutdown over, the cybersecurity impact is still being worked out. FCW discuss the possible knock-on effects and how long they might last.

IT Spending Expected to Rise in 2019 Amid Shift to Cloud Services – Wall Street Journal

  • Forecasts for IT enterprise spending say there will be an 8.5% growth this year, and overall IT spending is expected to rise 3.2%.

Too Few Cybersecurity Professionals Is a Gigantic Problem for 2019

  • There is a global gap of nearly 3 million cybersecurity positions. In the USA alone 314,000 jobs were posted in a one-year period between 2017 and 2018. Cybersecurity training itself is a new area and almost no cybersecurity professional over 30 today has a formal cybersecurity degree.

Bangladesh to Sue Philippine Bank Over $81M Cyber Heist – Security Week

  • A digital heist in 2016 led to the successful theft of $81 million from the Bangladesh central bank’s account with the US Federal Reserve. Bangladesh is now attempting to retrieve the funds by suing the Philippines bank that facilitated the transfer. The Federal Reserve denies that it was hacked.

Massive DDoS Attack Generates 500 Million Packets per Second – Dark Reading

  • A DDos attack on Github in 2018 made headlines as the biggest ever DDos attack, but it was only a quarter of the size of the attack stopped earlier this month.

Cryptocurrency Thefts, Scams Hit $1.7 Billion in 2018: Report – Reuters

  • Cryptocurrency theft rose 400 percent in 2018, with up to $1.7 billion stolen by the end of the year. $950 million of this was theft from cryptocurrency exchanges and digital wallets.

In Case You Missed It

Cyber Security News & Trends – 01-25-19

This week, fears are growing that new 5G industrial robots are vulnerable to cyberattack, the numbers affected by a breach jump from 500 to over 500,000 and the government shutdown continues to worry cybersecurity experts.

SonicWall Spotlight

SonicWall on Winning the Cyber Arms Race on Winning the Cyber Arms Race – Tahawul Tech

  • SonicWall’s Michael Berg is interviewed talking SonicWall’s expansion in Dubai, the cyber arms race and where SonicWall is going in 2019.

Cyber Security News

Why Cybersecurity Must Be a Top Priority for Small & Midsize Businesses – Dark Reading

  • Big corporations seize the cyberattack headlines, but Dark Reading argues that cybersecurity must be a top priority for small and medium businesses, outlining the major security risks and methods of protection.

For Industrial Robots, Hacking Risks Are on the Rise  – Wall Street Journal

  • 5G and the Internet of Things promise to make factories a lot smarter, but also a lot more vulnerable to cyberattacks.

New Ransomware Poses as Games and Software to Trick You Into Downloading It – ZDNet

  • A Dangerous new ransomware dubbed Anatova that was found at the start of the new year is being watched closely by researchers. Its modular architecture makes it easily adaptable and potentially very dangerous in the hands of a skilled cybercriminal.

The Shutdown Is Exposing Our Economy to Crippling Cybersecurity Breaches – Salon

  • Salon details the infrastructural cybersecurity problems, many previously outlined by SonicWall, that have been growing with the ongoing government shutdown.

Proposed Law Classifies Ransomware Infection as a Data Breach – SecurityWeek

  • The Act to Strengthen Identity Theft Protections in North Carolina proposes widening the definition of a breach to include ransomware and even unauthorized access. The legislation requires tightened data protection and a quicker notifications period when there is a breach.

Online Casino Group Leaks Information on 108 Million Bets, Including User Details – ZDNet

  • The server details of an online casino were left exposed online, leaking information on 108 million bets, including complete customer data like real names and addresses, phone numbers, email addresses, birth dates, and more.

Victim Count in Alaska Health Department Breach Soars – BankInfoSecurity

  • It was originally thought to only affect 501 people but the numbers in the Alaska Health Department breach of June 2018 have soared to up to 700,000. The number has soared after months of analysis and confirmation, the DHSS says they always knew the number would rise dramatically after analysis.

Recession Is the Number One Fear for CEOs in 2019, Survey Says – CNBC

  • While recession is the number one fear worldwide, a survey of over 800 CEO’s found that cybersecurity was the number one fear for CEO’s in the U.S.

Cybercriminals Home in on Ultra-High Net Worth Individuals – Dark Reading

  • With a growing cybersecurity awareness in businesses new research is suggesting that some hackers are shifting their sights to the estates and businesses of wealthy families with personalized cyberattacks.

In Case You Missed It

Cyber Security News & Trends – 01-18-19

This week, one city is back to using pen and paper after a ransomware attack, cybercriminals utilize popular video game Fortnite in a money laundering scam and construction industry cranes are alarmingly vulnerable to being hacked.

SonicWall Spotlight

SSL, TLS Certificates Expiring on US Government Sites During Federal Shutdown – SonicWall Blog

  • SonicWall’s Brook Chelmo explains why US Government websites are starting to suffer during the ongoing Government Shutdown, explaining that security certificates are not being updated and what kind of messages you might be seeing as a result.

Cyber Security News

Hack Brief: An Astonishing 773 Million Records Exposed in Monster Breach – Wired

  • Wired details the mega-breach where at least 773 million emails and 21 million unique passwords have been released in a folder called “Collection #1.” Some are calling this the largest collection of breached data ever found, although it should be noted that Collection #1 is a compilation of both old and new leaked details.

Fortnite Is Being Used by Criminals to Launder Cash Through V-Bucks – ZDNet

  • Criminals have been using the in-game currency in Fortnite for laundering money from stolen cards. It is not known exactly how much profit the cybercriminals have made, but Fortnite coins sold on eBay alone have grossed over $250,000 in two months.

Defense Department Continuously Challenged on Cybersecurity – Security Week

  • A report has revealed that while the U.S. Department of Defense has been making strides to improve their cybersecurity stance, they are still struggling. In September of last year there were 266 open cybersecurity‑related recommendations, some dating as far back as 2008.

NotPetya Victim Mondelez Sues Zurich Insurance for $100 Million

  • Zurich insurance rejected a $100 million claim by Mondelez saying that since the NotPetya ransomware attack has been seen by some, including the UK government, as a Russian military attack it is not covered by standard insurance against malware. Mondelez are taking legal action in response.

Oklahoma Gov Data Leak Exposes FBI Investigation Records, Millions of Department Files – ZDNet

  • A storage server belonging to the Oklahoma Department of Securities was found with terabytes of confidential data exposed and accessible to the public.

Yes, You Can Remotely Hack Factory, Building Site Cranes. Wait, What? – The Register

  • Cybersecurity protection on cranes, drilling rigs, and other heavy machinery has been found to be severely lacking with a report into the area finding that none of the radio remote controllers investigated had “implemented any protection mechanism to prevent unattended reprogramming.”

WEF: Cyber-Attacks a Major Global Risk for Next Decade – Infosecurity Magazine

  • The World Economic Forum released a reporting stating that cyberattacks remain as one of the risks facing the world today with 82 percent of those queried stating they expect data and monetary theft attacks to increase.

Ransomware Attack Sends City of Del Rio Back to the Days of Pen and Paper – ZDNet

  • Officials at Del Rio, Texas, had to abandon their computers and switch to pen and paper after a ransomware attack last week. It has not been revealed who is behind the ransomware but the FBI have been informed and are investigating.

Emotet Malware Returns to Work After Holiday Break – BankInfoSecurity

  • Whether coincidence or a sign that the criminals were actually on holidays, a number of malware strains including Emotet have returned in 2019 after falling out of use towards the end of the year. BankInfoSecurity trace the history and usage of Emotet, including information on where in the world it has and has not been striking.

In Case You Missed It

Cyber Security News & Trends – 01-11-19

Adware apps downloaded by millions, German politicians have their data leaked, and how is the government shutdown affecting cybersecurity? SonicWall has collected this week’s best cybersecurity stories, just for you.

SonicWall Spotlight

What Is Driving the Workforce of the Future? – IT News Africa

  • SonicWall threat data is used to examine the potential dangers of a workforce dependent on the Internet of Things and 5G mobile connection.

Cyber Security News

German Man Confesses to Hacking Politicians’ Data, Officials Say – New York Times

  • The December leak of the personal information of German politicians was carried out by a young German student who used very basic techniques like guessing the passwords. The authorities are treating him as a juvenile and he has been released while the investigation is ongoing.

Google Removes 85 Adware Apps That Were Installed by Millions of Users – ZDNet

  • Google removed 85 apps from the Play Store after complaints that they were blatantly adware where every page on the apps triggered a full screen advert. At the time of removal one of the apps had already been downloaded over five million times.

Class-Action Lawsuit Filed Over Marriott Data Breach Washington Times

  • 76 plaintiffs from all 50 states, the District of Columbia, Puerto Rico and the U.S. Virgin Islands are suing Marriott International Inc. in federal court over the data breach in 2018 that saw millions of people’s data released.

Who Should Be Responsible for Protecting Our Personal Data?World Economic Forum

  • The World Economic Forum explores the growing cybersecurity challenges that are presented by the fact that 89% of Americans and 70% of Europeans use the internet daily, and half the world’s population is online in some way. They ask if governments are reacting fast enough to the changes and if cybersecurity is a personal or public responsibility.

Zeroday Exploit Prices Are Higher Than Ever, Especially for iOS and Messaging Apps – ArsTechnica

  • The going rate for a zero-day jailbreak for Apple’s iOS is currently as high as $2 million. That’s the highest end of the scale but the market for exploits has been going higher and higher with no sign of leveling off.

U.S. Initiative Warns Firms of Hacking by China, Other Countries – Reuters

  • A new initiative by The National Counter-Intelligence and Security Center (NCSC) has been launched, aimed with improving cybersecurity in U.S. companies. Videos, brochures, and online informational materials have all been made available in an attempt to address ongoing concerns that many companies are not currently doing enough to protect themselves from cyberthreats.

Cybersecurity May Suffer as Shutdown Persists – Roll Call

  • The partial government shutdown may be leaving departments open to cybersecurity risks since many of the shutdown departments are on the “hit-list for hackers.” As more time passes there is a fear that minor setbacks may become irreversible.

This Old Ransomware Is Using an Unpleasant New Trick to Try and Make You Pay Up – ZDNet

  • First spotted in 2016, Cryptomix is a ransomware that seemed to have disappeared until it was rediscovered recently with a new distasteful trick; using information scraped from children’s charity organizations to make it seem like the ransom payment will be used to help people in need.

  The Cybersecurity Skills Shortage Is Getting Worse – CSO Online

  • With 53 percent of respondents of one survey reporting a problematic shortage of people with the right skills, the cybersecurity job situation is seen by some as actively getting worse rather than better. CSO Online recommend massive federal leadership, a more thorough public/private partnership and an integrated industry effort to solve the problem.

In Case You Missed It

Cyber Security News & Trends – 01-04-19

How long did it take before 2019’s first cyberattack took place? Find out this and more. SonicWall has collected this week’s best cybersecurity stories, just for you.

SonicWall Spotlight

SonicWall Celebrates Key EMEA Milestones  – Enterprise Channels MEA

  • SonicWall’s Michael Berg comments on SonicWall’s boosted presence in EMEA, crediting channel expertise and commitment to speaking the local language as key factors in growth.

Ransomware Attacks Hit Legal System – Today’s General Counsel Magazine

  • An investigation into the growing threat of ransomware in the legal world uses SonicWall 2018 data as its jumping off point.

Cyber Security News

The Elite Intel Team Still Fighting Meltdown and Spectre – Wired

  • The Spectre and Meltdown vulnerabilities were first announced a year ago and made major waves in the news cycle due to their scope and impact. Wired follow up on the story with an in-depth look at how STORM, Intel’s strategic offensive research and mitigation hacker group, have been dealing with the problem.

Town of Salem Breach Affects 7 Million Accounts – SC Magazine

  • Some payment information was exposed in the breach, but the main leak was of usernames, email addresses, hashed passwords, IP addresses, game and forum activity. The developers have stressed that no card numbers were leaked.

What We Still Don’t Know About the Cyberattack on Tribune Newspapers – Washington Post

  • A cyberattack seriously hampered printing several papers owned by Tribune Publishing, including The L.A. Times. While the Tribune group say they suspect the cyberattack originated from abroad, they have given little other information and the identity and motive of attackers remain unclear.

Dublin’s Luas Tram System Threatened With Private Data Leak – ZDNet

  • Dublin’s tram system is hit with what looks like a ransomware attack that threatens to expose online users unless a ransom of one bitcoin is paid.

Your Data Was Probably Stolen in Cyberattack in 2018 – and You Should Care – USA Today

  • Marriott, Quora, Facebook, Dunkin’ Donuts; USA today summarize the biggest hacks of 2018 and come to the conclusion that very few people have escaped unscathed.

German Politicians Targeted in Mass Data Attack  – BBC

  • Hundreds of German politicians, including Chancellor Angela Merkel, had personal details stolen and published on Twitter throughout December. No one has publicly taken responsibility for the attack yet but all parties except those on the far right were affected.

This Data-Stealing Android Malware Infiltrated the Google Play Store, Infecting Users in 196 Countries – ZDNet

  • When an App is first uploaded into the Google Play Store it is subject to tough reviews to ensure it is safe for users, but some malware developers have been taking advantage of less stringent checks later down the line and injecting malware as an update.

2019’s First Data Breach: It Took Less than 24 Hours – CBR Online

  • The first data breach of 2019 was reported less than 24 hours into the New Year when an estimated 30,000 Australian civil servants had work emails, phone numbers and job titles leaked. Thankfully, no financial information is said to have been affected.

In Case You Missed It