Cyber Bites

  Railroad construction and maintenance firm Railworks Corp. has disclosed a ransomware attack that may have also resulted in the breach of personally identifiable information. The attack took place on Jan. 27 and email notifications were sent to those affected by the attack between Jan. 30 and Feb. 7. Data potentially stolen in the attack included names, addresses, driver license numbers, government-issued IDs, Social Security numbers, dates of birth and other employee information. Those affected...

WordPress is, by far, the most widely used website building technology on the internet. According to the most recent statistics, more than 35% of all internet websites run on versions of the WordPress CMS (content management system).Due to its huge number of active installations, WordPress is a massive attack surface. Attempts to hack into WordPress sites are like a constant hum in the background of all internet traffic, going on at any given time. Source:...

The UK's cybersecurity agency has updated its guidance on what to do after a ransomware attack, following a series of incidents where organisations were hit with ransomware, but also had their backups encrypted because they had left them connected to their networks. Keeping a backup copy of vital data is a good way of reducing the damage of a ransomware attack: it allows companies to get systems up and running again without having to pay...

Data shows 73% are concerned about municipal ransomware threats but only 38% are trained on preventing these attacks. RSA CONFERENCE2020 - San Francisco - Nearly 75% of government employees are concerned about the potential for ransomware attacks against cities across the United States, but only 38% of state and local government workers are trained in ransomware prevention, according to a new report. Source: Dark Reading

  Shark Tank's Barbara Corcoran has lost almost $400,000 to cybercriminals after her office recently fell victim to a phishing scam. The incident began last week when Corcoran's bookkeeper received an email regarding an invoice related to a real estate renovation. Corcoran explained why her bookkeeper didn't find the email to be suspicious to PEOPLE, saying: “I lost the $388,700 as a result of a fake email chain sent to my company. It was an...

  Microsoft just announced that it’s bringing its Defender anti-virus software to Android and iOS. Although details about how the app will work are still pretty scarce, it’s expected the software will offer similar functionality to its desktop counterpart. Microsoft Defender – previously called Windows Defender before the release of the Windows 10 November 2019 Update – aims to make devices more secure with real-time protection against viruses, malware and spyware across the web. Source:...

  Cybercriminals behind a recently observed phishing campaign used a clever ruse in the form of a bogus NortonLifelock document to fool victims into installing a remote access tool (RAT) that is typically used for legitimate purposes. The malicious activity has the hallmarks of a seasoned threat actor familiar with evasion techniques and offensive security frameworks that help install the payload. Source: Bleeping Computer

  A Huawei executive and a US Department of Defense official got onstage together Wednesday at the RSA Conference in San Francisco, and the conversation got heated. Katie Arrington, an official in charge of acquisition at the Defense Department, insisted that lawmakers and President Donald Trump had good reason to remove Huawei products from government use. Huawei USA Chief Security Officer Andy Purdy said the decision was the wrong approach. Source: CNET

Cloud services provider Bretagne Télécom was hacked by the threat actors behind the DoppelPaymer Ransomware using an exploit that targeted servers unpatched against the CVE-2019-19781 vulnerability. Bretagne Télécom is a privately held French cloud hosting and enterprise telecommunications company that provides telephony, Internet and networking, hosting, and cloud computing services to roughly 3,000 customers, operating around 10,000 managed servers. Source: Bleeping Computer

Security researchers say that an Android malware strain can now extract and steal one-time passcodes (OTP) generated through Google Authenticator, a mobile app that's used as a two-factor authentication (2FA) layer for many online accounts. Google launched the Authenticator mobile app in 2010. The app works by generating six to eight-digits-long unique codes that users must enter in login forms while trying to access online accounts. Source: ZD Net