Local government in Britain comprises more than 400 councils. (Photo: Stefano Brivio, via CC)

UK Councils: 27 Percent Confirm Ransomware Outbreaks

Mathew J. Schwartz • September 25, 2017

Freedom of Information requests sent to 430 U.K. local government councils by Barracuda Networks found that at least 27 percent of councils have suffered ransomware outbreaks. Thankfully, almost none have paid ransoms, and good backup practices appear widespread.

►

CISO

Former Anthem Cybersecurity Exec on Protecting Credentials

Latest

Data Breach

Buying Cyber Insurance: Who Should Be Involved?

Marianne Kolbasuk McGee • September 25, 2017

All the key players of a company's management group, including the CISO, need to be involved in the decision about whether to invest in cyber insurance, says Greg Markell of Ridge Canada Cyber Solutions, a cyber insurer.

Data Breach

Credit Union Sues Equifax Over Breach-Related Fraud Costs

Jeremy Kirk • September 25, 2017

Summit Credit Union of Wisconsin is seeking class-action status for a lawsuit against credit bureau Equifax. The credit union contends it will have to bear the fraud costs resulting from Equifax exposing a massive amount of U.S. consumer data in one of the worst data breaches ever seen.

Anti-Malware

Trojanized Avast CCleaner Attack Targeted Major Tech Firms

Mathew J. Schwartz • September 22, 2017

An attack campaign involving a trojanized version of the CCleaner Windows utility, built and distributed by British developer Piriform, was much more extensive than it first appeared and may have installed backdoor software on endpoints at hundreds of large technology firms.

Breach Notification

Hackers May Have Traded on Stolen SEC Data

Jeremy Kirk • September 22, 2017

The chairman of the U.S. Securities and Exchange Commission will face the Senate Banking Committee next week following the agency's belated disclosure that in May 2016, hackers stole secret market data from the SEC's systems and apparently used it for "illicit gain through trading."

Breach Notification

Profiting From the SEC Breach

Eric Chabrow • September 22, 2017

Analyzing the impact of a breach of computers at the U.S. Securities and Exchange Commission leads the latest edition of the ISMG Security Report. Also, exploring alternative plans to implement cybersecurity regulations on credit reporting bureaus in the wake of the Equifax breach.

Breach Notification

Equifax's May Mega-Breach Might Trace to March Hack

Mathew J. Schwartz • September 21, 2017

Hackers behind the mega-breach at Equifax stole data in May, but they - or other attackers - penetrated the credit bureau's systems in March, exploiting a vulnerability for which Apache Struts had issued a patch, just four days prior.

Anti-Malware

Part of FTC Complaint Against D-Link Dismissed

Jeremy Kirk • September 21, 2017

A federal judge Tuesday dismissed three of six counts in a complaint filed by the U.S. Federal Trade Commission against IoT manufacturer D-Link that alleges its sloppy security practices deceived consumers. The FTC has until Oct. 20 to amend the complaint.

Anti-Malware

Kaspersky Lab Debate: Put Up or Shut Up

Mathew J. Schwartz • September 20, 2017

Information security professionals to the U.S. government: Please put up or shut up over Moscow-based cybersecurity firm Kaspersky Lab, by either showing evidence that others can independently judge, or else dropping your vague insinuations.

Anti-Malware

Avast Distributed Trojanized CCleaner Windows Utility

Mathew J. Schwartz • September 18, 2017

For one month, the installer for a widely used, free Windows utility called CCleaner also installed a malicious payload that was designed to allow attackers to push additional malware onto infected PCs, warns Cisco Talos. Developer Piriform, owned by Avast, has released updates that expunge the malware.

Compliance

Top Democrat Likens Equifax to Enron as FTC Launches Probe

Mathew J. Schwartz • September 16, 2017

Equifax is facing increased scrutiny from Congress, including a bill that would mandate free credit freezes for consumers, on demand. But a true fix would require Congress to give U.S. government consumer watchdogs more power.

DDoS

US Sanctions Iranian Nationals Over DDoS Bank Attacks

Mathew J. Schwartz • September 15, 2017

The U.S. Treasury Department has announced sanctions against 11 individuals and organizations linked to Iran, some of whom have been accused of helping to launch distributed denial-of-service attacks against dozens of U.S. banks from 2011 to 2013.

Anti-Malware

CDDC: One Secure Screen for Classified, Secret and Public Networks

Jeremy Kirk • September 15, 2017

Researchers in Australia says they've conquered a thorny problem: how to view information stored on multiple air-gapped networks at the same time without security or usability concerns. They've created a device, called the Cross Domain Desktop Compositor, that's been tested by the Australian Department of Defense.