A passenger railroad service announced that a data breach might have affected some passengers’ personally identifiable information (PII).In a “Notice of Data Breach” letter sent to the Attorney General’s Office of Vermont, Amtrak revealed that it had discovered the data breach on April 16 2020.Amtrak looked into the matter and discove

The coming of widespread 5G technology promises more than just faster everything, enhanced capacity and greater reliability. Leading proponents of the wonders of 5G, such as the theoretical physicist and author Michio Kaku, paint a picture of a true technological “paradigm shift, a game-changer.”The self-described futurist invites us to imagine a lightning-f

The U.S. National Security Agency (NSA) warned that the Sandworm team is exploiting a vulnerability that affects Exim Mail Transfer Agent (MTA) software.In a cybersecurity advisory published on May 28, the NSA revealed that the Sandworm team has been exploiting the Exim MTA security flaw since August 2019.The vulnerability (CVE-2019-10149) first appeared in

Security researchers witnessed the deployment of PonyFinal ransomware at the end of extended human-operated attack campaigns.In a series of tweets, Microsoft Security Intelligence revealed it had observed human-operated campaigns laying in wait for the right moment to deploy PonyFinal ransomware as their final payload.In their operations, the attackers used

What is NetWalker?NetWalker (also known as Mailto) is the name given to a sophisticated family of Windows ransomware that has targeted corporate computer networks, encrypting the files it finds, and demanding that a cryptocurrency payment is made for the safe recovery of the encrypted data.Ransomware is nothing new. Why should I particularly care about NetWa

Over the last few weeks, most organisations have had to transition to enable their employees to work remotely. The key focus has been on business continuity during this trying time. Unfortunately, business continuity isn’t so easy. Keeping the day-to-day operations of the business running has been one of the hardest IT challenges that most organisations have

A new ransomware family called “[F]Unicorn” masqueraded as a COVID-19 contact tracing app in order to target Italian users.On May 25, the the Computer Emergency Response Team (CERT) from the Agency for Digital Italy (AgID) revealed in an advisory that it had received a sample of [F]Unicorn from security researcher JamesWT_MHT.The sample analyzed

Big data is revolutionizing fleet management — specifically in the form of telematics.From engine diagnostics that track fuel efficiency and mileage to sensors that detect aggressive driving behavior and interior vehicle activity, this information is so valuable that we’re quickly approaching the point where connected technology will come standard in every v

Researchers found an updated version of AnarchyGrabber that steals victims’ plaintext passwords for and infects victims’ friends on Discord.Detected as AnarchyGrabber3, the new trojan variant modified the Discord client’s %AppData%Discord[version]modulesdiscord_desktop_coreindex.js file upon successful installation. This process gave the ma

Working remotely, either from home or from elsewhere, isn’t something new. It has been used by many companies worldwide over the past decade. That said, it was typically restricted to only a couple days a month or to specific IT-savvy departments.But as we have seen throughout time, adversity and crisis lead to change and sometimes revolutions in industry, s

Samsung has released a security update for its popular Android smartphones which includes a critical fix for a vulnerability that affects all devices sold by the manufacturer since 2014.On its Android security update page Samsung thanks researcher Mateusz Jurczyk of Google Project Zero for the discovery of the vulnerability that could – he claims ̵

The Cyber Security Body of Knowledge project or CyBOK is a collaborative initiative mobilised in 2017 with an aspiration to “codify the foundational and generally recognized knowledge on Cyber Security.” Version 1.0 of the published output of this consultative exercise was quietly released last year and then more publicly launched in January 2020.Yet, this f

This new world is putting a strain on organizations’ digital security defenses. First, malicious actors are increasingly leveraging coronavirus 2019 (COVID-19) as a theme to target organizations and to prey upon the fears of their employees. Our weekly COVID-19 scam roundups have made this reality clear.Second, organizations are working to mitigate the risks

The UK’s designated national agency responsible for providing information and expert guidance on qualifications (UK NARIC) recently announced that the Certified Information Systems Security Professional (CISSP) credential offered by (ISC)2 is rated RQF Level 7, thereby placing it equal to a particular level of a Master’s Degree. This declaration is not witho

Newly-discovered zero-day vulnerabilities may generate the biggest headlines in the security press, but that doesn’t mean that they’re necessarily the thing that will get your company hacked.This week, US-CERT has published its list of what it describes as the “Top 10 Routinely Exploited Vulnerabilities” for the last three years.The l