Category: Uncategorized

Popular email marketing and newsletter service Mailchimp has disclosed yet another security breach that enabled threat actors to access an internal support and account admin tool to obtain information about 133 customers.
“The unauthorized actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained access to select Mailchimp accounts using employee credentials compromised in that attack,” the Intuit-owned company said in a disclosure.
The development was first reported by TechCrunch.
Mailchimp said it identified the lapse on January 11, 2023, and noted that there is no evidence the unauthorized party breached Intuit systems or other customer information beyond the 133 accounts.
It further said the primary contacts for all those affected accounts were notified within 24 hours, and that it has since assisted those users in regaining access to their accounts.
The Atlanta-based company, however, did not reveal the duration for which the intruder remained on its systems and the exact types of information accessed.
But WooCommerce, which is one of the breached accounts, said the incident exposed users’ names, store URLs, addresses, and email addresses but not their payment data, passwords, or other sensitive information.
In the past year alone, Mailchimp has been the victim of two different breaches, the first one of which involved a malicious actor gaining unauthorized access to 319 customer accounts in April 2022 with the goal of carrying out crypto phishing scams.
Then in August 2022, it fell for another elaborate social engineering attack orchestrated by a group called 0ktapus (aka Scatter Swine) that resulted in the compromise of 216 customer accounts.
Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.

source

Let Cybersecurity Dive’s free newsletter keep you informed, straight from your inbox.

The report highlights the rising fears about how the growing political instability across the globe, including events like Russia’s invasion of Ukraine, could result in a catastrophic cyberattack. 
Following the onset of the coronavirus pandemic, the global supply chain became more dependent on automation, and a large number of countries and private sector organizations lack the existing investment or the available number of workers to mitigate the impact of such an event. 
Julie Sweet, Accenture chair and CEO, referenced data showing 43% of business leaders said they expect such a cyber event to have a material impact on their businesses, while only 27% believe they are cyber resilient. 
“The gap between cyber resilient companies and the likelihood of a materially catastrophic event is significant,” Sweet said. 
Albanian Prime Minister Edi Rama noted the country has been under an extensive cyberattack that began in the summer of 2022 from actors backed by Iran, pointing out the toll it can take on a relatively small country like his in terms of resources.
“It’s not something we can match in terms of finance, in terms of ruthlessness, in terms of anti-democratic behavior and so on,” Rama said. 
As previously reported, the U.S. Treasury Department in September announced sanctions linked to this activity, with officials linking the threat actors to an APT group known as MuddyWater.  
Jürgen Stock, secretary general of Interpol, said combating cybercrime will require victims of these crimes, including companies and individuals, to come forward and cooperate. 
Companies need to do more to anticipate cyberthreats, because cyber criminals are outsourcing attacks through ransomware as a service operations and using much more sophisticated methods to launch attacks. 
“The criminals are investing their huge profits into new tools, into the sophisticated tools,” Stock said at the press conference. “We have to make sure we keep pace, but also that we are further developing the global architecture of security.”
C-suite executives are becoming more aware there is a global problem with cybersecurity, said Nikesh Arora, chair and CEO of Palo Alto Networks. But the industry is behind due to years of underinvestment. 
“That’s the sort of part we all have to work on collectively,” Arora said. “Nobody seems comfortable that they have it under control.”
Get the free daily newsletter read by industry experts
The agency placed a premium on low cost, high impact security efforts, which account for more than 40% of the goals.
Enterprise cybersecurity is navigating market turmoil and vendor consolidation. Here’s what experts expect to happen to the industry in 2023.
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Want to share a company announcement with your peers?
Get started ➔
The agency placed a premium on low cost, high impact security efforts, which account for more than 40% of the goals.
Enterprise cybersecurity is navigating market turmoil and vendor consolidation. Here’s what experts expect to happen to the industry in 2023.
The free newsletter covering the top industry headlines

source

Searching for your content…
In-Language News
Contact Us
888-776-0942
from 8 AM – 10 PM ET
News provided by
Jan 18, 2023, 11:30 ET
Share this article
SAN FRANCISCO, Jan. 18, 2023 /PRNewswire/ — Schubert Jonckheer & Kolbe LLP is investigating a data breach impacting the personal information and password vaults of customers of LastPass US LP, a provider of password management solutions. 
According to the company, the incident began in August 2022 when “an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information.” Then, in November 2022, the company announced that “an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information,” later clarifying that the information included “a backup of customer vault data” as well as “customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service.”
If your personal information and/or password vault was impacted by this incident, you may be entitled to money damages and an injunction requiring changes to LastPass’s security practices.
If you received notification of this data breach or are a LastPass customer and wish to obtain additional information about your legal rights, please contact us today or visit our website at https://www.classactionlawyers.com/lastpass.
About Schubert Jonckheer & Kolbe LLP
Schubert Jonckheer & Kolbe represents shareholders, employees, and consumers in class actions against corporate defendants, as well as shareholders in derivative actions against their officers and directors. The firm is based in San Francisco, and with the help of co-counsel, litigates cases nationwide.
SOURCE Schubert Jonckheer & Kolbe LLP
More news releases in similar topics
Cision Distribution 888-776-0942
from 8 AM – 9 PM ET

source

The Home of the Security Bloggers Network
Home » Security Bloggers Network » The cyber security environment in 2022- What did we learn?
Cybersecurity is a constantly evolving field that’s becoming more complex and difficult to navigate. This article will explore cyber security in 2022 and how you can protect yourself against the latest threats.
In an interview with cybersecurity expert Sean Sullivan, he offered his knowledge of what the future holds for cybersecurity. “The number of cyber attacks is increasing,” said Sullivan. “There are more people who are aware of it and they’re reporting it.”
Most computer and network users are not concerned about cyber security or cyber-attacks. A survey by UK Government found that only 40% of respondents felt safe from online threats, while half (50%) believed they could be hacked. Furthermore, only 35% considered themselves good digital citizens by regularly updating software and keeping their devices up-to-date with security patches.
We are having a massive problem with identity theft, and it’s only getting worse in the coming years. In fact, according to the National Cyber Security Alliance (NCSA), more than 6 million cases of identity theft were reported worldwide in 2018 alone. Additionally, this number is expected to grow by 2021 when they predict that there will be over 10 million cybercrime incidents annually—and these stats don’t even account for all types of attacks!
The mobile environment is of particular concern to cybercriminals because people are always connected to the internet. Mobile devices are small and portable, making them easy to steal or lose. Cybercriminals can hack into your phone and steal your information, including banking details and personal photos.
Hacking and phishing will be easy for hackers using advanced tools with artificial intelligence. Hackers have access to more devices than ever, allowing them to develop new ways of attacking systems. For example, they could use advanced tools that use artificial intelligence (AI) technology to attack and find vulnerabilities. This is why it’s essential for businesses worldwide—especially those dealing with sensitive data- to invest in skilled people, good processes, and cybersecurity technology. An important aspect of cyber intelligence is mapping the sensitive data you need to protect and developing architecture to manage the data flows.
Cyber attacks are increasing in frequency and severity. The threat posed by cyberattacks to companies, governments, and individuals will only worsen. Cybersecurity is not just for big companies anymore. It’s become a real problem for everyone who uses the internet or has an email address—and it’s not going away anytime soon. If you haven’t taken steps yet to protect yourself from hackers who want access to your personal information (or worse), now is the time!
1. Robotics and automation present another area to exploit for cybercriminals.
2. Robotics is being used in manufacturing. Vulnerabilities with hardware and software can be used to steal data or shut down critical systems. 
3. Medical robotics is also being developed and used by hospitals to perform surgeries. Still, hackers could also use them to cause physical damage or steal patient information if they access the system that controls them (e.g., a hospital’s network).
Soon, you will need help determining whether a person is honest. If you are unsure if they are authentic, do not respond to them. If you wish to be sure that they are confirmed:
1. Follow their lead;
2. Do what they ask, and
3. Be patient until the situation becomes clear (assuming it does).
Cybercriminals will continue to target SCADA systems shortly due to their wide variety of uses. These systems are used in many industries and can lead to significant disruptions if hacked, mainly connected to critical infrastructures such as water supplies or power grids. In addition, cybercriminals could cause physical damage by shutting down pumps and electrical substations, which would cause severe disruptions for nearby residents.
Hackers will also target other areas within an organization’s network that have access to sensitive data, such as customer information or financial records; these types of attacks could potentially be more damaging than those targeting SCADA systems because they affect the company’s reputation rather than just its bottom line (and therefore attract less attention).
New technology is being created rapidly, and new tools are being developed daily to combat them. Many types of cyber security threats can affect your business or personal life. Still, the most common ones include:
1. Malware – malicious software (malware) is code designed to damage or destroy computers and other electronic devices by exploiting vulnerabilities in their operating systems or applications.
2. Botnets – hackers use these networks of infected computers as part of more extensive campaigns against websites and other online assets. Botnets allow attackers to send spam email messages with links directly back to the hacker’s command-and-control server location. On this computer, they maintain control over all infected devices on the botnet network.
Small businesses are increasingly aware that they must do more to protect themselves from cyber attacks, but many need more resources. In fact, according to a survey conducted by the Ponemon Institute, only 17% of small businesses surveyed said they were aware of all the threats associated with cyber security. And when asked how much their IT departments spend on managing these challenges and other issues related to information technology (IT), 60% said less than $100k per year—the equivalent of about one-third of what larger organizations spend annually.
Even if you’re not a large company with a robust IT department and dedicated staff members who specialize in protecting your data and systems against hackers—or even if you’re trying to keep up with basic security measures like updating software patches or installing firewalls—there are still steps you can take now that will help ensure nothing wrong happens later down the line:
Hackers must find new ways to attack systems as software manufacturers improve their products and customers improve their processes and adapt… This is a good thing because it means that the threat of cyber attacks will continue to increase over time, which means cyber security professionals must keep up with new trends to stay ahead of hackers.
Advances in artificial intelligence, blockchain, and web3 are making it easier for hackers to bypass some security measures and find new ways of attacking systems. This can be done by creating software that detects attacks before they occur or by building new tools that allow security teams to see vulnerabilities in their designs.
In addition, AI is being used as part of an overall strategy for cyber-security by helping companies identify threats before they happen, determine what risks need to be mitigated and then implement those strategies through the use of technology such as machine learning techniques (ML).
As the cyber security environment changes, everyone must stay up-to-date with the latest threats and vulnerabilities to protect themselves against them.
The cyber security field is constantly evolving, so your organization must be constantly vigilant to stay ahead of its competitors. You’ll need a team effort to succeed in this field—multiple people or consortiums of organizations working together as one unit rather than individuals trying things independently or relying on outdated solutions that may no longer work for today’s needs. Cybersecurity requires constant vigilance, education, and learning from others who are experts in their fields; however, these tools are not always available at every company or school because they don’t have enough resources available yet!
Cybersecurity is a constantly evolving field that’s becoming more complex and difficult to navigate. This article will explore cyber security in 2022 and how you can protect yourself against the latest threats.
In an interview with cybersecurity expert Sean Sullivan, he offered his knowledge of what the future holds for cybersecurity. “The number of cyber attacks is increasing,” said Sullivan. “There are more people who are aware of it and they’re reporting it.”
Most computer and network users are not concerned about cyber security or cyber-attacks. A survey by UK Government found that only 40% of respondents felt safe from online threats, while half (50%) believed they could be hacked. Furthermore, only 35% considered themselves good digital citizens by regularly updating software and keeping their devices up-to-date with security patches.
We are having a massive problem with identity theft, and it’s only getting worse in the coming years. In fact, according to the National Cyber Security Alliance (NCSA), more than 6 million cases of identity theft were reported worldwide in 2018 alone. Additionally, this number is expected to grow by 2021 when they predict that there will be over 10 million cybercrime incidents annually—and these stats don’t even account for all types of attacks!
The mobile environment is of particular concern to cybercriminals because people are always connected to the internet. Mobile devices are small and portable, making them easy to steal or lose. Cybercriminals can hack into your phone and steal your information, including banking details and personal photos.
Hacking and phishing will be easy for hackers using advanced tools with artificial intelligence. Hackers have access to more devices than ever, allowing them to develop new ways of attacking systems. For example, they could use advanced tools that use artificial intelligence (AI) technology to attack and find vulnerabilities. This is why it’s essential for businesses worldwide—especially those dealing with sensitive data- to invest in skilled people, good processes, and cybersecurity technology. An important aspect of cyber intelligence is mapping the sensitive data you need to protect and developing architecture to manage the data flows.
Cyber attacks are increasing in frequency and severity. The threat posed by cyberattacks to companies, governments, and individuals will only worsen. Cybersecurity is not just for big companies anymore. It’s become a real problem for everyone who uses the internet or has an email address—and it’s not going away anytime soon. If you haven’t taken steps yet to protect yourself from hackers who want access to your personal information (or worse), now is the time!
1. Robotics and automation present another area to exploit for cybercriminals.
2. Robotics is being used in manufacturing. Vulnerabilities with hardware and software can be used to steal data or shut down critical systems. 
3. Medical robotics is also being developed and used by hospitals to perform surgeries. Still, hackers could also use them to cause physical damage or steal patient information if they access the system that controls them (e.g., a hospital’s network).
Soon, you will need help determining whether a person is honest. If you are unsure if they are authentic, do not respond to them. If you wish to be sure that they are confirmed:
1. Follow their lead;
2. Do what they ask, and
3. Be patient until the situation becomes clear (assuming it does).
Cybercriminals will continue to target SCADA systems shortly due to their wide variety of uses. These systems are used in many industries and can lead to significant disruptions if hacked, mainly connected to critical infrastructures such as water supplies or power grids. In addition, cybercriminals could cause physical damage by shutting down pumps and electrical substations, which would cause severe disruptions for nearby residents.
Hackers will also target other areas within an organization’s network that have access to sensitive data, such as customer information or financial records; these types of attacks could potentially be more damaging than those targeting SCADA systems because they affect the company’s reputation rather than just its bottom line (and therefore attract less attention).
New technology is being created rapidly, and new tools are being developed daily to combat them. Many types of cyber security threats can affect your business or personal life. Still, the most common ones include:
1. Malware – malicious software (malware) is code designed to damage or destroy computers and other electronic devices by exploiting vulnerabilities in their operating systems or applications.
2. Botnets – hackers use these networks of infected computers as part of more extensive campaigns against websites and other online assets. Botnets allow attackers to send spam email messages with links directly back to the hacker’s command-and-control server location. On this computer, they maintain control over all infected devices on the botnet network.
Small businesses are increasingly aware that they must do more to protect themselves from cyber attacks, but many need more resources. In fact, according to a survey conducted by the Ponemon Institute, only 17% of small businesses surveyed said they were aware of all the threats associated with cyber security. And when asked how much their IT departments spend on managing these challenges and other issues related to information technology (IT), 60% said less than $100k per year—the equivalent of about one-third of what larger organizations spend annually.
Even if you’re not a large company with a robust IT department and dedicated staff members who specialize in protecting your data and systems against hackers—or even if you’re trying to keep up with basic security measures like updating software patches or installing firewalls—there are still steps you can take now that will help ensure nothing wrong happens later down the line:
Hackers must find new ways to attack systems as software manufacturers improve their products and customers improve their processes and adapt… This is a good thing because it means that the threat of cyber attacks will continue to increase over time, which means cyber security professionals must keep up with new trends to stay ahead of hackers.
Advances in artificial intelligence, blockchain, and web3 are making it easier for hackers to bypass some security measures and find new ways of attacking systems. This can be done by creating software that detects attacks before they occur or by building new tools that allow security teams to see vulnerabilities in their designs.
In addition, AI is being used as part of an overall strategy for cyber-security by helping companies identify threats before they happen, determine what risks need to be mitigated and then implement those strategies through the use of technology such as machine learning techniques (ML).
As the cyber security environment changes, everyone must stay up-to-date with the latest threats and vulnerabilities to protect themselves against them.
The cyber security field is constantly evolving, so your organization must be constantly vigilant to stay ahead of its competitors. You’ll need a team effort to succeed in this field—multiple people or consortiums of organizations working together as one unit rather than individuals trying things independently or relying on outdated solutions that may no longer work for today’s needs. Cybersecurity requires constant vigilance, education, and learning from others who are experts in their fields; however, these tools are not always available at every company or school because they don’t have enough resources available yet!
The cyber security environment is changing rapidly, and everyone must stay up-to-date with the latest threats and vulnerabilities to protect themselves against them.
The cyber security environment is changing rapidly, and everyone must stay up-to-date with the latest threats and vulnerabilities to protect themselves against them.
The post The cyber security environment in 2022- What did we learn? appeared first on Cyber security services provider, data privacy consultant | Secureflo.
*** This is a Security Bloggers Network syndicated blog from Cyber security services provider, data privacy consultant | Secureflo authored by service. Read the original post at: https://secureflo.net/blog/the-cyber-security-environment-in-2022-what-did-we-learn/
More Webinars

source

Cyber Security Hub takes a deep dive into smart devices and whether they can hold up against cyber attacks targeting them.
In December 2022, Cyber Security Hub asked a range of experts to predict what threats would dominate the cyber security threat landscape in 2023. Tina Grant, quality assessor at UK-based aerospace company Aeorspheres, predicted that cyber attacks targeting smart devices would rise.
As artificial intelligence (AI) and machine learning (ML) have developed, the technologies have been integrated more fully into smart devices, from lightbulbs and speakers to cars and doorbells. With a predicted 75.4 billion Internet of Things connected devices installed worldwide by 2025, it is no surprise that smart devices are predicted to increase as a cyber attack target throughout 2023.
This article will explore the ways in which malicious actors can target smart devices and how companies are attempting to fight against them.
In December 2022, cyber security blogger Matt Kune was awarded US$107,500 from Google after discovering and reporting a bug that meant Google Home smart speakers could be essentially turned into wiretap devices.
Using a Google Home mini, Kune discovered that any attacker close enough to wirelessly connect to a Google Home speaker could “install a ‘backdoor’ account on the device, enabling them to send commands to it remotely over the Internet, access its microphone feed, and make arbitrary HTTP requests within the victim’s LAN (which could potentially expose the Wi-Fi password or provide the attacker direct access to the victim’s other devices)”.
Using the ‘routines’ feature in the Google Home app, Kune was able to set up malicious routines, including calling any device linked to the Google Home account (e.g. a potential victim’s mobile phone) at specified times. Once the phone call was accepted, Kune was able to listen to himself speaking via the Google Home microphone. 
While Kune said this was “pretty cool” in isolation and when enacted on himself by himself, he noted that malicious parties could use this vulnerability to spy on victims if they gained access to their Google Home network. He suggested that they may be able to do this if victims were targeted with a social engineering attack which prompted them to download a malicious app, which would allow hackers to link their device with the victim’s Google Home.
Next, Kune tested to see if hackers could gain access to a victim’s Google Home network without the need for a social engineering attack. So, he attempted to force the smart speaker to disconnect from the Wi-Fi network by “launch[ing] a deauth[entication] attack” against the router. Also known as deauth attacks, this attack vector targets the deauthentication frames of a device, which are not encrypted. By targeting these frames, attackers can force the device to disconnect from its Wi-Fi network.
After forcing the smart speaker to disconnect from the Wi-Fi router, Kune discovered that the speaker immediately made its own separate network.
“I connected to the network and used netstat to get the router’s IP (the router being the Google Home) and saw that it assigned itself the IP 192.168.255.249. I issued a local API request to see if it would work. I was shocked to see that it did! With this information, it’s possible to link an account to the device and remotely control it,” Kunes explained.
Discover more about Kune’s investigation here.
These issues have since been fixed by Google, however, the potential ramifications from unsecured smart devices should not be dismissed. 
Once an attacker has access to a victim’s smart speaker, depending on how many other smart devices they have connected to their network, malicious parties can set up any number of disruptive routines including calling their or other household member’s mobile phones, loudly playing music or even disrupting other smart devices such as TVs or lights.  
If a victim has further smart technology integrated into their home such as a smart climate control system or thermostat, smart home security system or smart cameras, this could allow hackers to lock or unlock doors and windows, severely heat or cool their home or even film and/or broadcast footage of them within their home.
An example of this was seen in 2019 in the US state of Wisconsin when hackers gained access to and took over a Milwaukee couple’s smart home via their Google Nest account. Samantha Westmoreland discovered that the system had been hacked after her smart thermostat was used to turn the home’s temperature up to 90 degrees Fahrenheit (32 degrees Celsius) and “vulgar” music was played through a smart speaker. Westmoreland also reported that a voice began speaking to her and her husband through the Nest security camera that was installed in their kitchen.
Google said that the hack was the result of Westmoreland using a password for the Google Nest account that had been compromised in a data breach, allowing hackers access to any number of accounts also using the same credentials. The company recommended that those with smart home capabilities use Google’s “additional tools and automatic security protections such as Suspicious activity detection, 2-Step Verification and Security Checkup” to prevent attacks such as these.
Westmoreland was deeply affected by the attack, noting that the smart home system had been bought to make her house feel more secure, and instead she “didn’t feel safe”.
While the smart device attack against the Westmorelands appears to be an untargeted attack, it should be noted that malicious parties can use cyber attacks to gain access to smart device networks to target specific victims.
UK-based domestic abuse organization Refuge notes that smart devices can be used by abusers to cause distress to their victims. With 48 percent of those surveyed by Refuge unable to name a single device that could be vulnerable to hacking, the need for education around securing home networks is clear.
In December 2022, two men were charged with participating in a swatting spree after they allegedly hacked into the smart doorbells of dozens of people. 
The pair, James Thomas Andrew McCarty and Kya Christian Nelson, who went by the aliases Aspertaine and ChumLul, respectively, were accused of stealing the login credentials to victim’s smart doorbells to log into their video recording capacity, then using this video recording capacity to stream footage of the victims getting swatted.  
According to the Department of Justice (DoJ) for the Central District of California, the pair allegedly acquired login credentials of Yahoo email accounts belonging to victims across the US, then used the credentials to find out if the owners of said accounts had a Ring doorbell, and used the same login credentials to attempt to log in to victim’s Ring accounts, using the video monitoring feature to gain further information about their victims and to stream the footage of the victim’s houses being raided by SWAT teams in response to their false reports.
The DoJ gave an example of a swatting attack allegedly carried out by the pair, stating: “On November 8, 2020, Nelson and an accomplice accessed without authorization Yahoo and Ring accounts belonging to a victim in West Covina. A hoax telephone call was placed to the West Covina Police Department purporting to originate from the victim’s residence and posing as a minor child reporting her parents drinking and shooting guns inside the residence of the victim’s parents.
“Nelson allegedly accessed without authorization a Ring doorbell camera, located at the residence of the victim’s parents and linked to the victim’s Ring account, and used it to verbally threaten and taunt West Covina Police officers who responded to the reported incident.”
The spree of attacks even prompted the FBI to issue a warning to those with Ring doorbells, urging them to “practice good cyber hygiene by ensuring they have strong, complex passwords or passphrases for their online accounts, and should not duplicate the use of passwords between different online accounts”, and to reset their passwords frequently.
Owner of the Ring company, Amazon, took immediate steps to protect customers once news of the hacking and attacks broke. To combat the attacks, Amazon made two-step verification mandatory and now conducts regular scans for Ring passwords compromised in non-Ring data breaches as well as investing in cyber security solutions to harden its own defenses against attacks.
“Swatting” refers to the practice of malicious actors making false reports of extreme violence, kidnapping or terrorism to the police and giving them the victim’s address with the sole purpose of sending armed officers to their home. These attacks can have devastating consequences. 
In 2017, Andrew Finch of Kansa, America was fatally shot by a police officer during a swatting attack after it was claimed that Finch was armed and dangerous.
Finch was an unintended victim of the attack, which was instigated by online gamer Casey Viner. The swatting’s target was intended to be fellow gamer Shane Gaskill, as the pair had argued over a $1.50 bet on a Call of Duty: WWII game which culminated in Viner threatening to swat Gaskill. Gaskill, however, gave him a false address, which actually belonged to Andrew Finch and his family.
Viner hired serial swatter Tyler Raj Barriss to carry out the attack. Barriss called Wichita police, posing as a man named Brian, and claimed that he had shot his father, was currently holding the remaining members of his family hostage and was preparing to self-immolate. When police arrived at the address supplied by Barriss, Finch exited the house to investigate why they were there and was shot by an officer. He later died in hospital. Finch had no relation to Viner or Gaskill, or Call of Duty: WWII.
Barriss was arrested in connection with the crime and later plead guilty to involuntary manslaughter. He was sentenced to 20 years imprisonment. Viner was jailed for 15 months and banned from playing video games for two years.
In her prediction, Grant forecast that cyber attacks targeting smart devices will predominantly affect autonomous devices with multiple points of attack, for example smart cars.
Grant said: “Today’s automobiles come equipped with automatic features including airbags, power steering, motor timing, door locks, and adaptive cruise control aid systems. These vehicles use Bluetooth and Wi-Fi to connect, which exposes them to a number of security flaws or hacking threats. 
“With more autonomous vehicles on the road in 2023, it is anticipated that attempts to take control of them or listen in on conversations will increase. Automated or self-driving cars employ an even more complicated process that demands stringent cybersecurity precautions,” she explains.
The dangers of this have already been explored by David Columbo, a cyber security researcher and founder of cyber security software company Columbo Tech. 
So, I now have full remote control of over 20 Tesla’s in 10 countries and there seems to be no way to find the owners and report it to them…

In a series of tweets in January 2022, Columbo explained that he had hacked into and gained remote access to “over 20 Tesla’s[sic] in 10 countries” allowing him to “remotely run commands on 25+ Tesla‘s[sic] in 13 countries without the owners’ knowledge”. While Columbo did not have “full remote control” – meaning he could not remotely control steering, acceleration or braking – he noted that even some remote-control access was dangerous. 
To demonstrate this, Columbo joked about using his newfound abilities to prank the affected Tesla owners by playing Rick Astley’s ‘Never Gonna Give You Up’ through their speakers. He then acknowledged that while this may seem innocuous, the ability to remotely play loud music, open windows or doors or flash a car’s headlights repeatedly could put not only the driver’s but other motorists’ lives in danger, especially if the car was driving at speed or in a busy area. 
If drivers are distracted, this can have fatal consequences; The US Department of Transportation found that in 2019, over 3,100 people were killed and about 424,000 were injured in crashes involving a distracted driver. One in five of those killed by distracted drivers were not motorists themselves and were pedestrians, cyclists or not inside a vehicle for any other reason.
After Columbo alerted Tesla of the vulnerability, the company investigated the issue, then notified him that they had immediately revoked the access tokens and notified the owners of the issue.
Smart devices are targets for hackers because of their ability to wreak havoc if they are compromised. If someone has multiple, interconnected smart devices, this not only opens up more points of attack for hackers to target, but also means that hackers can gain access to all their smart devices if one is compromised.
While companies work rapidly to patch and rectify any vulnerabilities they are alerted to, the fact remains that it may not always be white hat hackers that discover these vulnerabilities. In the case of Ring doorbells, multiple people had already been terrorized by the time Amazon became aware of the issue. 
Relying on ethical hackers to discover issues, or rapidly addressing security flaws after they have been found by black hat hackers is not good enough both in terms of threat defense security strategy and in terms of keeping those who own smart devices safe.
While smart devices may always be an attractive target to hackers, companies who make them should look at vulnerabilities that have been exploited in the past at the forefront of their software design to ensure they are as secure as possible before they are released to the public. While these vulnerabilities may not always be detectable, if it becomes apparent that they can be exploited by malicious actors, companies should work as rapidly as others have in the past to solve these issues before too much damage is done. 
February 21 – 22, 2023
Free CS Hub Online Event
22 February, 2023
Online
01 March, 2023
Online
08 – 09 March 2023
Free CS Hub Online Event
08 March, 2023
Online
15 March, 2023
Online
Insights from the world’s foremost thought leaders delivered to your inbox.
2023-03-15
10:00 AM – 11:00 AM EST
2023-03-15
10:00 AM – 11:00 AM SGT
2023-03-08
10:00 AM – 11:00 AM EST
Reach Cyber Security professionals through cost-effective marketing opportunities to deliver your message, position yourself as a thought leader, and introduce new products, techniques and strategies to the market.
Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.
Cyber Security Hub, a division of IQPC

Careers With IQPC| Contact Us | About Us | Cookie Policy
Become a Member today!
Already an IQPC Community Member?
Sign in Here or Forgot Password
Sign up now and get FREE access to our extensive library of reports, infographics, whitepapers, webinars and online events from the world’s foremost thought leaders.
We respect your privacy, by clicking ‘Subscribe’ you will receive our e-newsletter, including information on Podcasts, Webinars, event discounts, online learning opportunities and agree to our User Agreement. You have the right to object. For further information on how we process and monitor your personal data click here. You can unsubscribe at any time.

source

Cyberattacks against healthcare organizations can impair their ability to provide critical care. Ransomware can encrypt important data and Distributed Denial of Service DDoS attacks can bring critical systems down. According to a recent survey by the Ponemon Institute, over 20% of healthcare organizations have experienced increased patient mortality rates after a cyberattack, and another 57% report that these attacks result in poor patient outcomes.
Healthcare organizations commonly experience significant impacts from cyberattacks. Healthcare organizations have the highest average cost of a data breach, and 1 in 42 healthcare organizations was impacted by ransomware in Q3 2022.
Watch the On Demand Webinar Learn More
Healthcare organizations are prime targets for cybercriminals for a few different reasons. One is that these companies have access to extremely sensitive and valuable data, including patient health records and payment card data. An attacker with access to this data can sell it at a premium or encrypt it and demand a ransom for its release.
Healthcare organizations also commonly struggle to secure their increasingly complex IT environments. Healthcare organizations and their patients rely on a growing number of networked devices, providing attackers with numerous potential avenues for attack.
Healthcare organizations face various challenges when attempting to protect their systems and their patients’ data against cybersecurity threats. Some of the primary cybersecurity challenges that healthcare organizations contend with include the following:
Securing healthcare organizations against cyber threats requires deploying security solutions designed to meet the unique needs of the various components of their complex infrastructure. Vital security capabilities include:
Healthcare organizations have complex environments, and a variety of solutions are needed to defend them properly against cyber threats. However, deploying a variety of point security solutions to address these needs can result in a complex and unusable security architecture. Additionally, these disconnected solutions increase the probability of redundant functionality and visibility and security gaps.
A consolidated security architecture is essential to effectively and scalably preventing cyberattacks against healthcare organizations. By centralizing security monitoring and management in a single solution, consolidated security enhances security teams’ ability to manage their security architecture and address potential threats.
Check Point Infinity architecture provides healthcare organizations with consolidated security designed to protect against zero-day and fifth-generation cyber threats. Check Point Threat Cloud is a global threat intelligence platform that provides Check Point Infinity with real-time information regarding emerging threats and vulnerabilities.
For healthcare organizations looking to simplify their security architecture, Check Point Infinity ELA provides access to Check Point’s full security product suite under a single enterprise license. Learn more about how Check Point healthcare-focused security solutions help organizations to defend against cyber threats in this healthcare CISO talk on Preventing Cyber Attacks from Spreading.
 
Healthcare Cyber Security Solutions
Cyber Security Enterprise License Agreement
Check Point Research
Infinity Enterprise License Agreement
What is Cyber Security
HIPAA Compliance
Cyber Attack
Internet of Thing (IoT)

source

Federal IT systems and our nation’s critical infrastructure are at risk of attack from malicious actors, including those acting on behalf of other nations. Such attacks could result in serious harm to human safety, national security, the environment, and the economy.
The federal government should:
We’ve made 335 public recommendations in this area since 2010. Nearly 60% of those recommendations had not been implemented as of December 2022.

Overview
We have made about 335 recommendations in public reports since 2010 with respect to establishing a comprehensive cybersecurity strategy and performing oversight. Until these are fully implemented, federal agencies will be more limited in their ability to protect private and sensitive data entrusted to them. For more information on this report, visit https://www.gao.gov/cybersecurity.
Develop and Execute a More Comprehensive Federal Strategy for National Cybersecurity and Global Cyberspace
The White House’s September 2018 National Cyber Strategy and the National Security Council’s accompanying June 2019 Implementation Plan detail the executive branch’s approach to managing the nation’s cybersecurity. In September 2020, we reported that the strategy and implementation plan addressed some, but not all, of the desirable characteristics of national strategies. In June 2021, the Senate confirmed the first National Cyber Director to head the Office of the National Cyber Director and serve as the principal advisor to the President on cybersecurity policy and strategy.
Extent to Which National Cyber Strategy and Implementation Plan Addressed the Desirable Characteristics of a National Strategy

➢We recommended that the National Security Council work with relevant federal entities to update cybersecurity strategy documents to include goals, performance measures, and resource information, among other things. As of August 2022, according to the Office of the National Cyber Director, the development of a national cybersecurity strategy by the administration is underway.
Mitigate Global Supply Chain Risks
Federal agencies face numerous information and communications technology (ICT) supply chain risks, which could lead to disrupted mission operations, theft of intellectual property, and harm to individuals. In December 2020, our review of 23 civilian agencies found that none had fully implemented all of the seven foundational practices for supply chain risk management and that 14 had not implemented any of the practices.
Extent to Which the 23 Civilian Agencies Implemented Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Practices

➢We recommended that the 23 agencies fully implement foundational practices in their organization-wide approaches to ICT supply chain risk management.
Develop a Government-wide Reform Plan that Addresses the Cybersecurity Workforce Shortage
In April 2020, we examined the extent to which reform plans from the Office of Management and Budget (OMB) and lead agencies addressed key practices for effectively implementing government-wide reforms such as those addressing the cybersecurity workforce shortage. We found that OMB and the Department of Homeland Security (DHS) partially addressed most key practices, including training employees to fill vacant cybersecurity positions and streamlining hiring processes. However, neither agency had established a dedicated implementation team or a government-wide implementation plan, among other practices.
Extent to Which the Government-wide Plan to Solve the Cybersecurity Workforce Shortage Addressed Key Reform Practices

➢We made several recommendations aimed at addressing continuing cybersecurity workforce challenges, including developing a government-wide workforce plan and related supporting practices. Government-wide leadership responsibility for cyber workforce issues transitioned in 2022 from OMB and DHS to the Office of the National Cyber Director. The office has committed to developing a national strategy that addresses key issues.
Ensure the Security of the Emerging Technologies
Secure Internet-connected Devices
The nation’s critical infrastructure sectors rely on electronic systems, including Internet of Things (IoT) and operational technology (OT) devices and systems. In December 2022, we reported that the Departments of Energy, Health and Human Services, Homeland Security, and Transportation had cybersecurity initiatives underway intended to help protect three sectors. However, none of these agencies developed metrics to assess their efforts to mitigate sector risks or conducted IoT and OT cybersecurity risk assessments.
Overview of Connected IT, Internet of Things (IoT), and Operational Technology

➢We made eight recommendations to the Departments of Energy, Health and Human Services, Homeland Security, and Transportation to establish and use metrics to assess the effectiveness of sector IoT and OT cybersecurity efforts and evaluate sector IoT and OT cybersecurity risks.
Quantum Computing Major Cybersecurity Risks
Quantum technologies collect, generate, and process information in ways existing technologies cannot. We reported in September 2022 that quantum technologies could dramatically increase capabilities, including high-value applications in security and cryptography. However, such technology could create major cybersecurity risks such as a full-scale quantum computer to breaking standard encryption technologies. Consequently, the federal government’s cybersecurity infrastructure will need to evolve to address such threats.
For more information about this Snapshot, contact: Marisol Cruz Cain, Director, Information Technology & Cybersecurity, cruzcainm@gao.gov, (202) 512-5017.
Stay informed as we add new reports & testimonies.

source

On Tuesday, January 17, the Pepperdine School of Public Policy, in partnership with the Heritage Foundation, hosted a panel discussion called Cybersecurity and the Quad: Opportunities and Challenges Abound as part of a three-day conference titled “Connected and Secure in the Indo-Pacific: Challenges, Threats, and Opportunities for Quad Cyber Security.” Kiron Skinner, the Taube Professor of International Relations and Politics at the School of Public Policy, and visiting fellow at the Heritage Foundation’s Kathryn and Shelby Cullom Davis Institute for National Security and Foreign Policy, was instrumental in bringing the two organizations together to organize the conference.
“The Quad” is the common name for the Quadrilateral Security Dialogue, an organization described by the Australian Department of Foreign Affairs and Trade as “a diplomatic network of four countries [India, Japan, the United States, and Australia] committed to supporting a free and open Indo-Pacific that is inclusive and resilient.” The Quad focuses on the region’s most pressing challenges, including infrastructure, critical and emerging technology, cyber security, and counterterrorism.
All four member nations were represented on the discussion panel, which featured Gulshan Rai, a distinguished fellow at the Vivekananda International Foundation and former national cyber security coordinator for the government of India; Mihoko Matsubara, chief cyber security strategist for the NTT Corporation in Tokyo and a member of the Japanese government’s cyber security research and development policy committee between 2014 and 2018; Patrick Hallinan, Australian minister counsellor for home affairs and regional director for the Americas with the Embassy of Australia; and Vice Admiral T. J. White of the US Navy (retired), former commander of the US Fleet Cyber Command/US Tenth Fleet/US Navy Space Command and commander of the US Cyber National Mission Force/USCYBERCOM. The discussion was moderated by Jeff M. Smith, director of the Heritage Foundation’s Asian Studies Center.
The panelists discussed a worldwide increase in the number and scope of cyber attacks in recent years, particularly through the use of ransomware that has targeted government and other public institutions, business and industry, education and research facilities, and even private citizens. After a major cyber security breach in Australia, Hallinan shared, “my wife’s personal data was hoovered up. The rubber is very much hitting the road for regular Australians [regarding the importance of cyber security].” Matsubara stressed the importance of “the protection of critical infrastructure and rais[ing the] resiliency of cyber security.”
All panelists emphasized the need for cooperation between the Quad member nations, including sharing best practices to protect against cyber attacks. Vice Admiral White remarked that the Quad countries have “shared interests, shared values, and shared problems,” while later in the discussion, Rai stated, “Mutual cooperation is very, very important between countries.”
310.506.4000
Copyright © 2023 Pepperdine University

source

Walmart’s ongoing cyber security investment  CNBC
source

Let Cybersecurity Dive’s free newsletter keep you informed, straight from your inbox.

The report shows cybersecurity risk has been elevated to the most senior levels of corporations around the world. 
The potential threat of ransomware and data breaches has gained the attention of worldwide corporations. Companies confront the potential loss of control over customer data or proprietary customer secrets, and the impact of an attack on their brand reputation. 
The cost of cybercrime reached about $1 trillion worldwide, the equivalent of about 1% of global GDP, the report said. Cyber incidents are considered the top risk in 19 countries, including France, Japan, India, the U.K. and Canada. 
Data breaches remain an increasing concern, in part due to the tighter regulations surrounding the protection of customer data. In addition, ransomware has become a much more serious concern, particularly as threat actors engage in double and triple extortion against companies in a way that threatens to do reputational harm. 
“So whether that’s customers, whether that’s other people in the supply chain, we see this now as the norm that those attacks will not only impact the company itself, but anyone else along the value chain,” Shanil Williams, a board member and chief underwriting officer corporate at Allianz Global Corporate & Specialty, said Tuesday during a media presentation.
Get the free daily newsletter read by industry experts
Everyone wants to stay on good terms with their employer. Threat actors know this too, and they exploit this weakness accordingly. Don’t fall for it.
The ubiquity of the cloud has left security gaps for organizations, leaving them to navigate a complex vendor landscape and defend their technology supply chain
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Want to share a company announcement with your peers?
Get started ➔
Everyone wants to stay on good terms with their employer. Threat actors know this too, and they exploit this weakness accordingly. Don’t fall for it.
The ubiquity of the cloud has left security gaps for organizations, leaving them to navigate a complex vendor landscape and defend their technology supply chain
The free newsletter covering the top industry headlines

source