News

Many students of the Central Michigan University were hacked after they opened emails having the bright blue button which says "click here to read message", and then inevitably clicks them. The emails look like being sent by somebody already known to the student, as the subject line was already exchanged previously with that person. "One of the interesting things is that because the subject line is always different, it was hard to identify, but if...

The Swiss Federal Chancellery (SFC) on Tuesday said security researchers have found an fascinating flaw in the Swiss Post's e-voting system as part of an ongoing penetration test. Said flaw, if successfully exploited by miscreants, would prevent officials from detecting unauthorized changes to citizens' electronically-cast votes. Swiss authorities released the source code of their computer-based voting system and began a public audit of their blueprints on February 25, 2019, to identify vulnerabilities and fix them. The test is scheduled...

A new Ransomware-as-a-Service called Yatron is being promoted on Twitter that plans on using the EternalBlue and DoublePulsar exploits to spread to other computer on a network. This ransomware will also attempt to delete encrypted files if a payment has not been made in 72 hours. BleepingComputer was first notified about the Yatron RaaS by a security researcher who goes by the name A Shadow. Since then, the actor behind this ransomware has strangely been promoting the service...

The state now says more than 600,000 people might have been affected by a health care data breach. Michigan Attorney General Dana Nessel says the breach involving Wolverine Solutions Group impacted customers with several health systems. Those include Blue Cross Blue Shield of Michigan, McLaren Health Care and others. Wolverine Solutions Group says the ransomware got into patient’s information including names, social security numbers, medical information and other sensitive information. Source: 9 and 10 News

Ransomware may be poised to return as a top scourge for companies, as more and more of them pay up after an attack in an effort to minimize the cost of recovery. That’s just one insight gleaned from an interview at RSA Conference 2019 last week with Josh Zelonis, senior analyst at Forrester Research. Threatpost sat down with Zelonis to discuss looming threats to corporate security, especially those that may not be that well-known. According...

President Donald Trump has revealed his proposed budget for the 2020 fiscal year, which "supports the creation" of Space Force (USSF) as the sixth branch of the armed forces. The White House also hopes to bolster cybersecurity and NASA exploration missions. The administration wants to increase Department of Defense spending by five percent to $718 billion. It's earmarking more than $9.6 billion to support three DOD cybersecurity objectives: "safeguarding DOD's networks, information, and systems; supporting military commander objectives; and defending the nation." That...

Security researchers have found dozens of companies inadvertently leaking sensitive corporate and customer data because staff are sharing public links to files in their Box  enterprise storage accounts that can easily be discovered. The discoveries were made by Adversis, a cybersecurity firm, which found major tech companies and corporate giants had left data inadvertently exposed. Although data stored in Box enterprise accounts is private by default, users can share files and folders with anyone, making data publicly...

As emerging technology and threat landscapes experience rapid transformation, the skillsets need to change as well. 80 percent of 336 IT security professionals Dimensional Research polled on behalf of Tripwire believe it’s becoming more difficult to find skilled cybersecurity professionals, and nearly all respondents (93 percent) say the skills required to be a great security professional have changed over the past few years. Source: Help Net Security

Earlier this week Google released an update for the Chrome web browser that it urged users to ensure was implemented immediately. That was because the Threat Analysis Group at Google had uncovered a critical zero-day vulnerability that was already being exploited in the wild. Now a Google security engineer, Clement Lecigne, has warned that another zero-day vulnerability that is also being exploited, impacting Windows 7 users, was being used together with the Chrome exploit to take over...

Many healthcare organizations remain vulnerable to phishing attacks, a new study finds. When researchers sent simulated phishing emails, nearly one in seven of the messages were clicked by employees of healthcare systems, according to the report published in JAMA Network Open. “Cybersecurity is a really important issue for hospitals and healthcare organizations and it’s only getting more important,” said lead study author Dr. William Gordon, of Brigham and Women’s Hospital and Harvard Medical School in...