Collaborate Disseminate
CISA warned already-strained public-sector entities about disturbing spikes in Emotet phishing attacks aimed at municipalities. Continue reading Feds Sound Alarm Over Emotet Attacks on State, Local Govs
For Quentin Rhoads-Herrera, this was not a typical security test. A big municipal government in the U.S. had just handed him the source code for software the city uses to manage contracts and track infrastructure projects. He unpacked the code, sifted through it, and found more than a dozen previously undisclosed vulnerabilities, or zero-days, that a hacker could exploit to manipulate data or dump user passwords. But it was more than just a catalog of bugs: Poring over the code, Rhoads-Herrera found the names of two other city governments that have used the software. The product, known as CIPAce, has been used by public and private sector organizations to collect invoices and manage contracts and budgets, according to CIPPlanner Corp., the company that makes it. “If one attacker happens to exploit this city, then they can look and see, easily, every other city that’s using this … and attack them using the same methods,” said […]
The post A researcher found zero-days in one city’s software. Then he realized the problem could be bigger. appeared first on CyberScoop.
Ten days after a suspected ransomware attack, residents of the English borough of Redcar and Cleveland must be starting to wonder when their Council’s IT systems will return. Continue reading Council returns to using pen and paper after cyberattack
On August 16, Texas local government became the latest victim of the expanding global racket that is ransomware. Continue reading Ransomware disrupts 22 Texas government departments
Ransomware attacks are intensely targeting local governments around the US, shutting down their systems. And most of the government appear to ignore the FBI’s warning against giving in to hacker demands. With a population of only 35,000 resi… Continue reading City of Riviera Beach, Florida Pays Ransom to Regain Access to Encrypted Files
Orange County in North Carolina suffered its third ransomware infection in six years, the local government announced on its website on Monday. The attack, probably stemming from a phishing email, a very common practice in such situations, crippled the … Continue reading North Carolina’s Orange County Hit by Third Ransomware Attack in Six Years
Local governments aren’t updating the vulnerable systems. Continue reading Patched Click2Gov Flaw Still Afflicting Local Govs
Madison County in Idaho fell victim to a ransomware attack last week, after an employee opened a phishing email asking for money. The IT department spent the week recovering the computer system from the attack, which took place over the three-day Colum… Continue reading Madison County computer system infected with ransomware
With just weeks until the midterm elections, police in Massachusetts gathered last Thursday to practice responding to cyberattacks from an adversary bent on disrupting the democratic process. The simulation, hosted at the Boston headquarters of network security company Cybereason, pitted a police team that included former Boston Police Commissioner Ed Davis against a red team portraying hackers looking to exacerbate political divisions. The tabletop drill was a strategic duel, with the red team trying to suppress the vote and the cops mobilizing resources in response. The aim of the exercise was to show state and municipal authorities the type of coordinated and clever cyberattacks on critical infrastructure that are possible, according to Cybereason’s Ross Rustici, who helped devise the exercise. Davis said that point hit home. “I think it was an eye-opening experience for everyone who was there,” he told CyberScoop, adding: “People left that exercise with the sober realization that […]
The post In this election security drill, Massachusetts cops battle hackers to protect the vote appeared first on Cyberscoop.
Vice President Mike Pence on Tuesday delivered the most direct and high-profile appeal from the Trump administration to states to accept federal aid in securing election systems, citing a recent “malware attack” in Kansas as a need for state-federal cooperation. “Take advantage of the assistance offered by our administration,” Pence said at the Department of Homeland Security’s cybersecurity summit in New York City. “Do everything in your power to strengthen and protect your election systems.” “It concerns us that many states still don’t have concrete plans to update their voting systems,” said Pence, the former governor of Indiana. “Fourteen states are struggling to replace outdated voting machines that lack paper trails before the next presidential election [in 2020].” To emphasize the need for federal election-security assistance, the vice president shed light on what he described as a “malware attack” within the last two weeks in Finney County, Kansas. Finney County […]
The post Pence urges states to accept federal help in securing elections appeared first on Cyberscoop.
Continue reading Pence urges states to accept federal help in securing elections