HackDig : Dig high-quality web security articles

City of Tulsa's online services disrupted in ransomware incident

The City of Tulsa, Oklahoma, has suffered a ransomware attack that forced the City to shut down its systems to prevent the further spread of the malware.Tulsa is the second-largest city in Oklahoma, with a population of approximately 400,000 people.Over the weekend, threat actors deployed a ransomware attack on the City of Tulsa's network that led to the Cit
Publish At:2021-05-10 20:39 | Read:47 | Comments:0 | Tags:Security ransomware

Colonial Pipeline Cyberattack: What Security Pros Need to Know

As the massive US pipeline operator works to restore operations after a DarkSide ransomware attack late last week, experts say it's a cautionary tale for critical infrastructure providers.Major US pipeline operator Colonial Pipeline is investigating and responding to a ransomware attack on its IT network that ultimately disrupted its pipeline operations
Publish At:2021-05-10 18:57 | Read:108 | Comments:0 | Tags: security cyber

FBI confirmed that Darkside ransomware gang hit Colonial Pipeline

The U.S. FBI confirmed that the attack against the Colonial Pipeline over the weekend was launched by the Darkside ransomware gang. The U.S. Federal Bureau of Investigation confirmed that the Colonial Pipeline was shut down due to a cyber attack carried out by the Darkside ransomware gang. “The FBI confirms that the Darkside ransomware is respon
Publish At:2021-05-10 16:56 | Read:124 | Comments:0 | Tags:Breaking News Cyber Crime Malware Security Colonial Pipeline

GitHub now supports security keys when using Git over SSH

GitHub has added support for securing SSH Git operations using FIDO2 security keys for added protection from account takeover attempts.Researchers at North Carolina State University (NCSU) found [PDF] two years ago that more than 100,000 GitHub repositories have leaked API tokens and cryptographic (SSH and TLS) keys after scanning roughly 13% of GitHub's pub
Publish At:2021-05-10 16:44 | Read:69 | Comments:0 | Tags:Security security

US declares state of emergency after ransomware hits largest pipeline

After a ransomware attack on Colonial Pipeline forced the company to shut down 5,500 miles of fuel pipeline, the Federal Motor Carrier Safety Administration (FMCSA) issued a regional emergency declaration affecting 17 states and the District of Columbia.The declaration aims to provide assistance to areas in need of an immediate supply of gasoline, diesel, je
Publish At:2021-05-10 12:49 | Read:145 | Comments:0 | Tags:Security ransomware

DarkSide ransomware will now vet targets after pipeline cyberattack

The DarkSide ransomware gang posted a new "press release" today stating that they are apolitical and will vet all targets before they are attacked.Last week, the ransomware gang encrypted the network for the Colonial Pipeline, the largest fuel pipeline in the United States.Due to the attack, Colonial shut down its network and the fuel pipeline while rec
Publish At:2021-05-10 12:49 | Read:118 | Comments:0 | Tags:Security cyber ransomware

US and Australia warn of escalating Avaddon ransomware attacks

The Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) are warning of an ongoing Avaddon ransomware campaign targeting organizations from an extensive array of sectors in the US and worldwide.The FBI said in a TLP:GREEN flash alert last week that Avaddon ransomware affiliates are trying to breach the networks of m
Publish At:2021-05-10 12:49 | Read:100 | Comments:0 | Tags:Security ransomware

Cybersecurity M&A Roundup: 16 Deals Announced May 1-9, 2021

A total of 16 cybersecurity-related acquisitions were announced in the first part of May 2021 (May 1-9).Acuant acquires Hello SodaIdentity verification and fraud prevention company Acuant acquired UK-based identity verification and KYC solutions provider Hello Soda. Acuant said the acquisition will help it improve its products and strengthen its position in
Publish At:2021-05-10 11:10 | Read:95 | Comments:0 | Tags:NEWS & INDUSTRY Management & Strategy security cyber

A week in security (May 3 – 9)

Last week on Malwarebytes Labs, we discussed how Spectre attacks have come back from the dead; why Facebook banned Instragram ads by Signal; we highlighted the differences between the most popular VPN protocols; pointed out that Google is about to start automatically enrolling users in two-step verification, and how millions are put at risk by old, out of da
Publish At:2021-05-10 10:59 | Read:142 | Comments:0 | Tags:A week in security 21nails exim gandi HTML sanitization hype

NatWest Bank alerts customers of standing order blunder

Today, the UK-based National Westminster (NatWest) Bank is emailing multiple customers, asking them to check their debit transactions over the last year.The email alerts state that due to a system error, many more payments may have been debited from customer accounts than the originally agreed-upon frequency.In emails sent by NatWest
Publish At:2021-05-10 08:54 | Read:180 | Comments:0 | Tags:Technology Security

The Dystopic Future of Cybersecurity and the Importance of Empowering CISOs

Over a decade ago, in 2007, the first iPhone was released and with it emerged an ecosystem of apps that continues to expand to this day. This was a watershed moment, not solely for the technology industry, but civilization as a whole. It was a catalyst for what was to come.Suddenly, every consumer could access the internet at a touch of a button, and the acc
Publish At:2021-05-10 06:12 | Read:171 | Comments:0 | Tags: security cyber cybersecurity

Cybersecurity and Compliance for Healthcare Organizations

Amidst the pandemic overwhelming the capacity of many hospital systems, malicious hackers have been quick to target healthcare providers and medical agencies. These cyber-attacks have hit both the United States and Europe in recent months, serving as a reminder for organizations to closely review their information security posture during these times of uncer
Publish At:2021-05-10 00:22 | Read:116 | Comments:0 | Tags:Healthcare breach compliance data protection health data sec

CISA MAR report provides technical details of FiveHands Ransomware

U.S. CISA has published an analysis of the FiveHands ransomware, the same malware that was analyzed a few days ago by researchers from FireEye’s Mandiant experts. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis of the FiveHands ransomware that was recently detailed by FireEye’s Mandiant. At the end of April,
Publish At:2021-05-09 16:05 | Read:150 | Comments:0 | Tags:Breaking News Malware Reports Security CISA Cybercrime Cyber

SQL injection issue in Anti-Spam WordPress Plugin exposes User Data

‘Spam protection, AntiSpam, FireWall by CleanTalk’ anti-spam WordPress plugin could expose user sensitive data to an unauthenticated attacker. A Time-Based Blind SQL Injection in ‘Spam protection, AntiSpam, FireWall by CleanTalk’ WordPress plugin, tracked as CVE-2021-24295, could be exploited by an unauthenticated attacker to access user data. The flaw
Publish At:2021-05-09 12:59 | Read:186 | Comments:0 | Tags:Breaking News Hacking Security Anti-Spam WordPress Plugin Cy

Security Affairs newsletter Round 313

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Cloud hosting provider Swiss Cloud suffered a ransomware attackHacking a Tesla Model X with a DJI Mavic 2 drone equipped with a WIFI dongleWeSteal, a shameless commodity cryptocurrency stealer available
Publish At:2021-05-09 05:09 | Read:144 | Comments:0 | Tags:Breaking News Cybersecurity cybersecurity news data breach H