Author Archives: Mark Satter

A ransomware attack and no contingency plan cost a Massachusetts school district $10,000

Posted on by

A small school district in Massachusetts was the target of a ransomware attack last month which resulted in a $10,000 bitcoin payment to anonymous cyber extortionists.  The attack, which locked all of the Leominster Public School District’s computers, was carried out by a party demanding a payment to return the computer system to normal. Paula Deacon, the school district’s superintendent, was notified of the hack on April 14.  “They didn’t have a clean offsite backup,” said Leominster Interim Police Chief Michael Goldman in an interview with ABC News. “This happened and the school system was not locked down as they should have been.” Cybersecurity experts often recommend up-to-date, offsite backups of computer systems as the best defense against ransomware. If a ransomware target is locked out of one system, a backup would allow them to immediately move their operations to a new server and continue normally.  Leominster officials also notified […]

The post A ransomware attack and no contingency plan cost a Massachusetts school district $10,000 appeared first on Cyberscoop.

Continue reading A ransomware attack and no contingency plan cost a Massachusetts school district $10,000

Here’s all the security features in the new Gmail

Posted on by

Google began a global phased rollout of the new Gmail on Wednesday, which comes with a host of added security features including a confidential mode, expiration dates on messages, and two factor authentication. The update will not be available to all 1.4 billion users immediately. Some users can opt-in to the updated inbox via the settings menu, which will roll out Wednesday. The new confidential mode lets you disable the option to forward, copy, download, or print messages. This makes it harder for others to share sensitive information, like banking details or tax returns.  There will also be an option to enable two-factor authentication (2FA) for individual messages, meaning recipients of sensitive emails can be asked to verify their identity with a passcode send to their phones via SMS, before being able to read the email. Prior to the update, 2FA was available when accessing a Gmail account, but not […]

The post Here’s all the security features in the new Gmail appeared first on Cyberscoop.

Continue reading Here’s all the security features in the new Gmail

Zuckerberg: Facebook warned campaigns in 2016 about Russian hackers

Posted on by

Facebook warned political campaigns involved in the 2016 presidential election that they were targets of Russian hackers, CEO Mark Zuckerberg claimed while testifying before the Senate Tuesday. Previously, it was reported that Facebook had notified the FBI of Russia’s cyber operations, but not the political campaigns themselves.  “One of my greatest regrets in running the company is that we were slow in identifying the Russian information operations in 2016. We expected them to do a number of more traditional cyber attacks, which we did identify and notify the campaigns that they were trying to hack into them,” Zuckerberg told lawmakers. Zuckerberg revealed the new information while responding to question from Sen. Dianne Feinstein, D-Calif., about how Facebook intends to prevent foreign governments from interfering in future US elections, a phenomenon the tech CEO had previously dismissed as “crazy.” A former member of the Hillary Clinton presidential campaign said they were […]

The post Zuckerberg: Facebook warned campaigns in 2016 about Russian hackers appeared first on Cyberscoop.

Continue reading Zuckerberg: Facebook warned campaigns in 2016 about Russian hackers

Delta and Sears data breach exposes credit card information of customers

Posted on by

Some customers of Delta Airlines and Sears had their credit card information exposed following a data breach last fall at a mutual contractor, the companies announced Wednesday.  San Diego-based [24]7.ai, a customer experience software and services company, said in a press release that a data breach into customer payment information began on Sept. 26, 2017, and was discovered and contained on Oct. 12, 2017.  Sears said that less than 100,000 customers likely were affected. Delta Airlines said a “small subset” of customers had been affected by the breach, but that “customers’ passport, security and frequent-flyer information had not been included in the breach.” Both Delta and Sears said they will ensure that customers will not be liable for fraudulent transactions on their credit cards resulting from the supply chain breach. Delta said it would set up a website for concerned customers today, and Sears promised to create a hotline for […]

The post Delta and Sears data breach exposes credit card information of customers appeared first on Cyberscoop.

Continue reading Delta and Sears data breach exposes credit card information of customers

Alleged NSA leaker seeks to subpoena major cybersecurity companies, intel agencies

Posted on by

A 26-year old former NSA contractor accused of leaking classified documents is now looking to subpoena some of the largest cybersecurity firms in the industry as part of her legal defense against the government. Reality Winner was arrested in June 2017 for allegedly removing a top-secret report on Russian hacking activity connected to the 2016 election from an NSA facility where she worked at Fort Gordon in Augusta, Georgia, and sending it to The Intercept.  Winner’s lawyers are also seeking to subpoena several state governments and U.S. intelligence agencies. According to Politico, the requested subpoenas, filed Friday, target representatives of the states formally notified by the Department of Homeland Security last September that they were targeted by hackers the U.S. government says were acting on behalf of the Russian government. In total, 21 states, five government agencies, and 11 cybersecurity firms — including TrendMicro, FireEye, Eset, CrowdStrike, Volexity, F-Secure Corporation, ThreatConnect, Secureworks and Fidelis […]

The post Alleged NSA leaker seeks to subpoena major cybersecurity companies, intel agencies appeared first on Cyberscoop.

Continue reading Alleged NSA leaker seeks to subpoena major cybersecurity companies, intel agencies

Justice Department seeks dismissal of Kaspersky lawsuit, court documents show

Posted on by

The Justice Department filed motions in district court Monday to dismiss two lawsuits brought by Russian cybersecurity and anti-virus provider Kaspersky. It is the latest move in a protracted legal battle. All U.S. federal agencies have been prohibited from using any hardware, software, or devices developed by Moscow-based Kaspersky, following President Donald Trump’s signing of the annual National Defense Authorization Act (NDAA) on Dec. 12, 2017. Kaspersky claims that by prohibiting the use of their products, Congress has violated the Bill of Attainder Clause of the Constitution, which prohibits the singling out of a private entity for punishment without sufficient evidence of wrongdoing. But in the motion filed by Assistant Attorney General Chad Readler, the Justice Department argues that Kaspersky has neglected to consider the weeks of congressional meetings and debates that preceded the decision to prohibit their products. Lawmakers have had concerns about Kaspersky since at least April 2017, […]

The post Justice Department seeks dismissal of Kaspersky lawsuit, court documents show appeared first on Cyberscoop.

Continue reading Justice Department seeks dismissal of Kaspersky lawsuit, court documents show

NSA has been tracking bitcoin users since 2013

Posted on by

The National Security Agency has been spying on bitcoin users around the world beginning as early as March 2013, according to a story published by The Intercept. Classified documents leaked by whistleblower Edward Snowden show the NSA used a secret data source that “leveraged the NSA’s ability to harvest and analyze raw, global internet traffic while also exploiting an unnamed software program that purported to offer anonymity to users.” The NSA reportedly tracked bitcoin users by collecting sensitive information from their computers, including passwords, internet activity, and unique identifiers assigned to devices known as MAC addresses. Documents also suggested that the agency used XKeyScore, the NSA’s formerly secret global internet data analysis program, to monitor targets tied to bitcoin. According to the documents, the tracking of bitcoin users as of 2013 was done through OAKSTAR, a program that consisted of a “collection of covert corporate partnerships enabling the agency to monitor communications, including […]

The post NSA has been tracking bitcoin users since 2013 appeared first on Cyberscoop.

Continue reading NSA has been tracking bitcoin users since 2013