Cyberattack hit more than 100,000 groups in at least 150
countries, Europol says
The international "ransomware" cyberattack
has so far hit more than 100,000 organizations in at least 150 countries, says
Europol, the European Union's police agency.
Spokesman Jan Op Gen Oorth said Sunday that the number of
individuals who have fallen victim to the cyberextortion attack could be much
higher.
… He warned that more people may be hit by the virus
Monday when they return to work and switch on their computers.
… As terrifying as
the unprecedented global "ransomware" attack was, cybersecurity
experts say it's nothing compared to what might be coming -- especially if
companies and governments don't make major fixes.
Perhaps China is gathering information before making a
sanctions decision?
New Fileless Attack Targets North Korea
Baijiu is a newly detected stealthy threat that currently targets North
Korea, and seems to have Chinese provenance. It is delivered by phishing, and comprises a
downloader that is being called Typhoon together with a set of backdoors being
called Lionrock.
The campaign was discovered by Cylance, and it is thought
to be hitherto unknown. "Three
distinctive elements of Baijiu drew and held our attention," writes
Cylance in an analysis published today: "the unusual complexity of the attack; the appropriation of web hosting
service GeoCities (of 1990s fame); and the use of multiple methods of
obfuscation."
Ethics? Is it ‘fake
news’ if you make it real?
Opinion: Some thoughts about Gizmodo's Phishing story
On Tuesday, Gizmodo published a story about how easy it
was to get Trump Administration officials and associates to click a Phishing
link. In order to do this, the Gizmodo
Special Projects Desk developed a fake Google Docs email, complete with a false
sign-in page.
… In my opinion, I
think the point Gizmodo was attempting to make with this story is that
officials haven't changed their habits. Gizmodo can also argue that the public has a
right to know that officials are still clicking potentially dangerous links in
their email.
But does it cross a line when a news organization creates
a Phishing simulation in order to develop news?
… Gizmodo's test [archive
copy] involved spoofing the sender's name to someone the target knew
personally, but leaving the return email address intact – in this case it was:
security.test@gizmodomedia.com
.
The URL hosting the fake log-in page wasn't a Google
domain and it too contained the word test. Moreover, anyone who clicked the sign-in
button was directed to a warning notification informing the user they were
"the subject of a Gizmodo Media Group Special Projects Desk investigation
into your digital security practices."
Question for my Computer Security students: Would all the
planes have the same access code? If
not, how would you do it?
United Airlines Says Some Cockpit Door Access Info Made
Public
United Airlines said Saturday that some cockpit door
access information may have been made public, but said that it has measures in
place to keep the flight decks on its aircraft secure.
Dilbert sums up the Climate Change debate.
No comments:
Post a Comment