Cyber Bites

Ransomware may be poised to return as a top scourge for companies, as more and more of them pay up after an attack in an effort to minimize the cost of recovery. That’s just one insight gleaned from an interview at RSA Conference 2019 last week with Josh Zelonis, senior analyst at Forrester Research. Threatpost sat down with Zelonis to discuss looming threats to corporate security, especially those that may not be that well-known. According...

President Donald Trump has revealed his proposed budget for the 2020 fiscal year, which "supports the creation" of Space Force (USSF) as the sixth branch of the armed forces. The White House also hopes to bolster cybersecurity and NASA exploration missions. The administration wants to increase Department of Defense spending by five percent to $718 billion. It's earmarking more than $9.6 billion to support three DOD cybersecurity objectives: "safeguarding DOD's networks, information, and systems; supporting military commander objectives; and defending the nation." That...

Security researchers have found dozens of companies inadvertently leaking sensitive corporate and customer data because staff are sharing public links to files in their Box  enterprise storage accounts that can easily be discovered. The discoveries were made by Adversis, a cybersecurity firm, which found major tech companies and corporate giants had left data inadvertently exposed. Although data stored in Box enterprise accounts is private by default, users can share files and folders with anyone, making data publicly...

As emerging technology and threat landscapes experience rapid transformation, the skillsets need to change as well. 80 percent of 336 IT security professionals Dimensional Research polled on behalf of Tripwire believe it’s becoming more difficult to find skilled cybersecurity professionals, and nearly all respondents (93 percent) say the skills required to be a great security professional have changed over the past few years. Source: Help Net Security

Earlier this week Google released an update for the Chrome web browser that it urged users to ensure was implemented immediately. That was because the Threat Analysis Group at Google had uncovered a critical zero-day vulnerability that was already being exploited in the wild. Now a Google security engineer, Clement Lecigne, has warned that another zero-day vulnerability that is also being exploited, impacting Windows 7 users, was being used together with the Chrome exploit to take over...

Many healthcare organizations remain vulnerable to phishing attacks, a new study finds. When researchers sent simulated phishing emails, nearly one in seven of the messages were clicked by employees of healthcare systems, according to the report published in JAMA Network Open. “Cybersecurity is a really important issue for hospitals and healthcare organizations and it’s only getting more important,” said lead study author Dr. William Gordon, of Brigham and Women’s Hospital and Harvard Medical School in...

American software company Citrix disclosed a security breach during which hackers accessed the company's internal network. In a short statement posted on its blog, Citrix Chief Security Information Officer Stan Black said Citrix found out about the hack from the FBI earlier this week. "On March 6, 2019, the FBI contacted Citrix to advise they had reason to believe that international cyber criminals gained access to the internal Citrix network," Black said. Source: ZDNet

Thousands of people in Russia have protested against plans to introduce tighter restrictions on the internet. A mass rally in Moscow and similar demonstrations in two other cities were called after parliament backed the controversial bill last month. The government says the bill, which allows it to isolate Russia's internet service from the rest of the world, will improve cyber-security. But campaigners say it is an attempt to increase censorship and stifle dissent. Activists say...

IoT devices in synchronised attacks on targets represent a growing part of global Distributed Denial of Service (DDoS) weapon arsenals. There is a significant potential for attackers to use an IoT-related protocol, the Constrained Application Protocol (CoAP), deployed on IoT devices to marshal attacks. Source: Help Net Security

Researchers at Kaspersky Lab have uncovered new malware spreading through Pirate Bay, the popular torrent tracker. The malware, which aims to infect users' PCs with adware and tools for additional malware installation, has a multi-layered structure. Due to its hidden, seemingly endless stack of functionality, the threat has been named PirateMatryoshka, after the traditional Russian stacking doll. Source: IT Web