Cyber Bites

There's concern a growing number of vacancies for cyber security jobs in Scotland could see a rise in hackers gaining our personal data. According to industry experts there’s a skill shortage and in 2017 it was estimated there were likely to be between 360 and 480 unfilled positions. These figures are expected to rise by 20% per year unless changes are made to increase skills supply. Source: PlanetRadio

CA/Browser Forum wants SSL certificates to expire after a year. Many businesses that rely on them aren't equipped to cope. For years, Secure Sockets Layer (SSL) certificates — a digital tool used to allow secure web connections between a web server and web browser — has been a baseline for a business's digital trust. The padlock icon and https forward that appear in the address bar are an easy way for website visitors to gauge...

A new malware with strange associations to the Ryuk Ransomware has been discovered to look for and steal confidential financial, military, and law enforcement files. While Ryuk Ransomware encrypts a victim's files and then demands a ransom, it is not known for actually stealing files from an infected computer. A new infection discovered today by MalwareHunterTeam, does exactly that by searching for sensitive files and uploading them to a FTP site under the attacker's control. Source:...

An Elastica DB belonging to Dealer Leads exposed a raft of information collected by “research” websites aimed at prospective car buyers. Over 198 million records containing information on prospective car buyers, including loan and finance data, vehicle information and IP addresses for website visitors, has been found exposed on the internet for anyone to see. Source: Threatpost

Radio giant Entercom, the Philadelphia-based owner of more than 235 stations nationwide, was reportedly hit with a ransomware attack last weekend affecting its internal systems including email, production and billing. The ransomware attack appears to have compromised a machine on Entercom's programming side, forcing some stations to complete music logs by hand and run without commercials, according to RadioInsight.com. Source: PhillyVoice

Google has confirmed that a vulnerability could have left 1.5 billion Google Calendar and Gmail users exposed to a dangerous form of phishing attack. As Forbes reports, the problem was a result of the close linking between the two services, which allows calendar invitations to be sent by email – even by people you don't know, and have never spoken to before – and added to your calendar automatically. Source: Tech Radar

Apple will introduce other features that allow more secure use of iPhones in workplace settings as well. Apple's soon-to-be-released iOS 13 includes multiple features designed to give iPhone users substantially better control over their privacy and security settings for both personal and business use. Apple today announced it will release iOS 13 on September 19, one day before the company's scheduled rollout of the new iPhone 11 Pro and iPhone 11 Pro Max phones. The...

A new report points out the dangers to customer data of website reliance on multiple third parties. In an effort to make websites attractive and easy to use for their customers, companies have also made them attractive targets for criminals. That's one of the broad conclusions in a new report that points out where the companies with the largest Web presence have introduced vulnerabilities to go along with their ease of use. Source: Dark Reading

A Montgomery County school district has become the latest apparent victim of a ransomware cyberattack that struck just after the start of the new school year. On Monday, Souderton Area School District Superintendent Dr. Frank Gallagher said that the district’s computer network was hit by the malware attack on Sunday, Sept. 1. Students had returned to class the week before. Source: NBC Philidelphia

Ransomware? Easy cash for attackers. Phishing? Nothing but cash. Spam? All kinds of ways to monetize people clicking links. Data breaches? That stuff gets used for fraud and the rest gets sold off (to be used for more fraud). Nation state attacks? Sure there's ideology, but when you consider that US sanctions no doubt played a part in Russia's motivation for attacking the 2016 election, money is in the equation. And that's not to mention nation...