One of the biggest cities in the US  by population size, the City of Tulsa, was victim of a ransomware attack that affected its government’s network and forced the shutdown of official websites over the weekend.

Shortly after the attack, that took place Friday night, the city issued a statement to inform that no customer information has been comprised in the security breach.

The City’s IT and security staff have shut down impacted internal systems to avoid the spreading of the threat. Emergency services such as 911 and the city’s public safety response will continue to operate normally.

“According to the Tulsa Police Department (TPD), 911 is operational and Tulsa’s public safety response is continuing as normal.” reported the Krmg website.

“As for utility billing, Tulsa police say new account registration is currently unavailable. Tulsans can make a payment on their account and view their bill as a guest as long as they have their new account number and customer ID, plus the name on their account exactly as it appears on their bill.”

The City of Tulsa reported the incident to the authorities and is investigating the infection with the help of external security experts.

The impact is believed to have impacted a small portion of the infrastructure, and internal experts are attempting to recover impacted systems from backups.

Unfortunately, ransomware attacks against cities in the US are very frequent and in many cases the victims opted to pay the ransomware to restore the operations.

City of Tulsa, is the last US city hit by ransomware attack

U.S. intelligence said that the Chaos iPhone remote takeover exploit was used against the minority ethnic group before Apple could patch the problem.

In 2019, a Chinese security researcher working with the internet security and antivirus company Qihoo 360 unveiled an intricately woven exploit: One that would allegedly let a remote attacker easily jailbreak an iPhone X iOS 12.1. 

The researcher, Qixun Zhao, dubbed the exploit Chaos, for good reason. As this proof-of-concept video allegedly shows, a successful exploit would allow a remote attacker to jailbreak an iPhoneX, with the targeted user none the wiser, allowing the intruder to gain access to a victim’s data, processing power and more. It worked as a drive-by malware download, only requiring that the iPhone user visit a web page containing Qixun’s malicious code. 

It would have made a superb spying tool, seeing how it would let an attacker easily take control of even the newest, most up-to-date iPhones, enabling a snooper to read a victim’s messages and passwords and to track their location in near-real time. 

Source: iPhone Hack Allegedly Used to Spy on China’s Uyghurs

Microsoft is warning of a large-scale BEC campaign that targeted hundreds of organizations leveraging typo-squatted domains registered days before the attacks.

Business email compromise (BEC) attacks represent a serious threat for organizations worldwide, according to the annual report released by FBI’s Internet Crime Complaint Center, the 2020 Internet Crime Report, in 2020, the IC3 received 19,369 Business Email Compromise (BEC)/Email Account Compromise (EAC) complaints. The reports states that BEC/EAC crimes caused $1.8 billion in losses.

Now Microsoft is warning of a large-scale BEC campaign that targeted more than 120 organizations with gift card scam.

The attackers targeted organizations in multiple industries, including the consumer goods, process manufacturing and agriculture, real estate, discrete manufacturing, and professional services sectors. The threat actors leverage typo-squatted domains to trick the recipients into believing that the emails were originating from valid senders.

Microsoft warns of a large-scale BEC campaign to make gift card scam

Records and Information Management: Fundamentals of Professional Practice, Fourth Edition presents principles and practices for systematic management of recorded information. It is an authoritative resource for newly appointed records managers and information governance specialists as well as for experienced records management and information governance professionals who want a review of specific topics. It is also a textbook for undergraduate and graduate students of records management or allied disciplines—such as library science, archives management, information systems, and office administration—that are concerned with the storage, organization, retrieval, retention, or protection of recorded information.

The fourth edition has been thoroughly updated and expanded to:

• Set the professional discipline of RIM in the context of information governance, risk mitigation, and compliance and indicate how it contributes to those initiatives in government agencies, businesses, and not-for-profit organizations
• Provide a global perspective, with international examples and a discussion of the differences in records management issues in different parts of the world. Its seven chapters are practical, rather than theoretical, and reflect the scope and responsibilities of RIM programs in all types of organizations.
• Emphasize best practices and relevant standards.

The book is organized into seven chapters that reflect the scope and responsibilities of records and information management programs in companies, government agencies, universities, cultural and philanthropic institutions, professional services firms, and other organizations. Topics covered include the conceptual foundations of systematic records management, the role of records management as a business discipline, fundamentals of record retention, management of active and inactive paper records, document imaging technologies and methods, concepts and technologies for organization and retrieval of digital documents, and protection of mission-critical records. In every chapter, the treatment is practical rather than theoretical. Drawing on the author’s extensive experience supplemented by insights from records management publications, the book emphasizes key concepts and proven methods that readers can use to manage electronic and physical records.

Records and Information Management 4th Edition by Dr. William Saffady now available

FIDO: The YubiKey 5 NFC is FIDO certified and works with Google Chrome and any FIDO-compliant application on Windows, Mac OS or Linux. Secure your login and protect your Gmail, Facebook, Dropbox, Outlook, LastPass, Dashlane, 1Password, accounts and more.

The task of a computer security system is to safeguard the information transmitted over the network and to adequately preserve the data stored in it. 

Excluding in this discussion threats due to natural disasters, we can classify the man-made risk, to which an information system is subject, into intentional threats or unintentional threats due to negligence or inexperience.

Businesses need to protect themselves from these threats, which can put both applications and assets at serious risk.

Intentional human threats can come from individuals with an interest in acquiring information or limiting the operation of business processes, driven by the pursuit of financial or political gain, or simply for fun.

An intentional attack can come from individuals outside the organisation or from internal staff such as ex-employees, disgruntled employees or malicious actors. In fact, personnel who are familiar with the security systems and the structure of the information system and who have the authorisation to access the system itself, can get hold of information or insert malicious code more easily.

The development of the Internet and the distributed processing of information over shared lines has certainly made security a necessary duty. Therefore, the corporate network, if not adequately protected, could be subject to unauthorized access with possible network compromise and information theft.

There is an ongoing battle between the e-commerce giant and dubious sellers, worldwide, who wish to hamstring competitors and gain an edge by generating fake reviews for their products. 

This can include paying individuals to leave a glowing review or by offering free items in return for positive, public feedback. 

How they operate and stay under Amazon’s radar varies, but an open ElasticSearch server has exposed some of the inner workings of these schemes. 

On Thursday, Safety Detectives researchers revealed that the server, public and online, contained 7GB of data and over 13 million records appearing to be linked to a widespread fake review scam. 

It is not known who owns the server but there are indicators that the organization may originate from China due to messages written in Chinese, leaked during the incident. 

The database contained records involving roughly 200,000 – 250,000 users and Amazon marketplace vendors including user names, email addresses, PayPal addresses, links to Amazon profiles, and both WhatsApp and Telegram numbers, as well as records of direct messages between customers happy to provide fake reviews and traders willing to compensate them. 

According to the team, the leak may implicate  “more than 200,000 people in unethical activities.”

The database, and messages contained therein, revealed the tactics used by dubious sellers. One method is whereby vendors send a customer a link to the items or products they want 5-star reviews for, and the customer will then make a purchase. 

Several days after, the customer will leave a positive review and will send a message to the vendor, leading to payment via PayPal — which may be a ‘refund,’ while the item is kept for free. 

As refund payments are kept away from the Amazon platform, it is more difficult to detect fake, paid reviews. 

Data leak implicates over 200,000 people in Amazon fake product review scam

Usually, when browser updates come out, it’s obvious what to do if you’re running that browser on your laptop or desktop computer.

But we often get questions from readers (questions that we can’t always answer) wondering what to do if they’re using that browser on their mobile phone, where version numbering is often bewildering.

In the case of Firefox’s latest update we can at least partly answer that question for Android users, because the latest 88.0.1 “point release” of Mozilla’s browser lists only one security patch dubbed critical, namely CVE-2021-29953:

This issue only affected Firefox for Android. Other operating systems are unaffected. Further details are being temporarily withheld to allow users an opportunity to update.

The bug listed here is what’s known as a Universal Cross-site Scripting (UXSS) vulnerability, which means it’s a way for attackers to access private browser data from website X while you are browsing on booby-trapped website Y.

It’s world password day! Cast your mind back to last month when it was revealed 15% of people use their pets name as their password… Make sure yours is as strong as can be!

Households across the country are using their home broadband more than ever, to work, educate their children or keep in touch with loved ones.

But many are unaware that old equipment provided by internet service providers (ISPs), including EE, Sky, TalkTalk, Virgin Media and Vodafone, could be putting them at risk of hackers spying on what they are browsing online or even directing them to malicious websites used by scammers.

Which? investigated 13 old router models and found more than two-thirds – nine of them – had flaws that would likely see them fail to meet requirements proposed in upcoming government laws to tackle the security of connected devices.

The legislation is not yet in force and so the ISPs aren’t currently breaking any laws or regulations.

one of the most popular and mediatic trojan bankers active since 2007.

The malware QakBot, also known as Qbot, Pinkslipbot, and Quakbot is a banking trojan that has been made headlines since 2007. This piece of malware is focused on stealing banking credentials and victim’s secrets using different techniques tactics and procedures (TTP) which have evolved over the years, including its delivery mechanisms, C2 techniques, and anti-analysis and reversing features.

Emotet is known as the most popular threat distributing QakBot in the wild, nonetheless, Emotet has been taken down recently, and QakBot operators are using specially target campaigns to disseminate this threat around the globe.

The PCI DSS Toolkit Overview

Does your organization process, transmit or store payment card data? If your answer is yes, then you need to comply with the PCI DSS (Payment Card Industry Data Security Standard). The payment Standard helps to ensure the security of transactions and protect your business from potential data breaches and fines.

The PCI DSS places a significant emphasis on documentation with all 12 sections of the Standard requiring documented policies and procedures. The more payment channels your organization accepts, the greater the need for documented policies and procedures to support the applicable requirements. Unsurprisingly, it can all get a little complicated and you may find yourself unsure of what you need to do and how to develop policies and procedures that best reflect your environment.

Let’s comply with PCI with PCI DSS Documentation Toolkit

Covering PCI DSS v3.2.1 the PCI DSS Documentation Toolkit provides guidance documents, tools and templates to help you identify what is required of your organization and develop the documentation you need.

A security expert released technical details and proof-of-concept exploit (PoC) code for the high-severity vulnerability CVE-2021-28482 in Microsoft Exchange that could be exploited by remote attackers to execute arbitrary code on vulnerable systems.

April 2021 Microsoft Patch Tuesday security updates addressed four critical and high severity vulnerabilities in Exchange Server (CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483), some of these flaws were reported by the U.S. National Security Agency (NSA).

All the vulnerabilities are remote code execution that could allow attacks to compromise vulnerable installs, for this reason, the IT giant urges its customers to install the latest updates.

The NSA confirmed that the critical vulnerabilities in the Microsoft Exchange server were recent discovered by its experts that immediately reported them to Microsoft.

“After we disclosed these vulnerabilities to Microsoft, they promptly created a patch. NSA values partnership in the cybersecurity community. No one organization can secure their networks alone” states the NSA.

List of data breaches and cyber attacks in April 2021 – 1 billion records breached – It was another busy month in the cyber security sector, as we discovered 143 incidents that resulted in 1,098,897,134 breached records.

Ransomware was again one of the biggest contributors to that total, accounting for almost one in three data breaches.

As always, you can find the full list of incidents below, with those affecting UK organizations listed in bold.

In case you missed it, you may also be interested in our first quarterly review of data breaches and cyber attacks. The report takes the information collected in these lists and summarizes our findings.

It includes year-on-year comparisons in the number of incidents that were detected, a review of the most frequently breached sectors and a running total of incidents for the year.

In a climate where remote work became more prevalent—and in some cases, mandatory—those citing “limited remote work possibilities” as a reason for leaving their cybersecurity role saw a six-percentage point decline (45%) compared to the year before.

Though the cybersecurity workforce was mainly spared the pandemic devastation experienced by other sectors, the survey found that longstanding issues persist, including:

• 61 percent of respondents indicate that their cybersecurity teams are understaffed.
• 55 percent say they have unfilled cybersecurity positions.
• 50 percent say their cybersecurity applicants are not well qualified.
• Only 31 percent say HR regularly understands their cybersecurity hiring needs.

Understaffed cybersecurity teams and attacks issues

The term “extended detection and response” (or XDR) was coined back in 2018, but definitions continue to vary significantly (see one, two, or three, and tell me what XDR actually is -:). There was no reliable, unbiased explanation for what XDR is and how it differs from a security analytics platform, which has led to confusion and disregard from clients who dismiss it as nothing more than yet another cybersecurity marketing buzzword.

What Is Extended Detection And Response (XDR)?

Researchers at SentinelLabs say that they found various exploitable bugs in one of Dell’s Windows kernel drivers, which they reported back in December 2020.

There were five related bugs, now collectively dubbed CVE-2021-21551.

Dell has now issued a patch for these vulnerabilities (the official update is dated 2021-05-04), noting that:

Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

Expunging the bugs

A Californian hospital operator has made the move to take is network offline after it was hit by a major cyberattack. 

Reports state that the Scripps Health computer network that operates across half a dozen hospitals and a number of outpatient facilities in the San Diego, California area was forced to move to offline procedures after hackers launched a major cyberattack. 

The Californian hospital operator says it has contacted law enforcement and government agencies of the cyberattack, but failed to mention specifics of the departments it has informed of the potential data breach. 

Hospital Operator Takes Network Offline After Major Cyberattack 

Data Protection and Privacy in Healthcare

A strong case can be made that shoring up defenses requires “automating out” the weakest link – i.e., humans – from any cloud that companies are entrusting with their data. This applies to their internal, on-premise clouds as well as to the external cloud vendors that they choose to engage with.

In “automating out the weak link,” the ability of superusers or IT administrators – or of bad actors who have gained access to valid admin credentials – to manually interfere with sensitive data becomes non-existent, because human interaction is eliminated.

Trust no one

The zero-trust model, which has gained favor in recent years among many cloud vendors, serves as a starting point for making this happen.

The zero-trust security framework challenges the idea of trust in any form, whether that’s trust of networks, trust between host and applications, or even trust of super users or administrators. The best way to secure a network, according to the zero trust framework, is to assume absolutely no level of trust.

Zero Trust Security