Tag Archive for: Information

Dallas ransomware: Employees benefit information likely accessed

/in


DALLAS — Hackers likely accessed city of Dallas employees’ benefits information as a result of the ransomware attack that occurred in early May, WFAA has learned. 

WFAA obtained a copy of an email sent to city employees from Dallas City Manager T.C. Broadnax, which stated “some benefits-related information maintained by the City’s Human Resources department was accessed by the unauthorized third party responsible for this ransomware incident.”

Broadnax did not say in the email how many employees were affected. He also said the City is offering free credit monitoring for employees. 

In late June, Dallas City Council approved a near $4 million deal to ramp up cybersecurity systems already in place. The funding specifically provides the city with a “threat and anomaly detection” system for the Information and Technology Services Department over the span of three years.

“We understand the concern this incident may cause, and please know we are working to provide the necessary resources and support for our employees,” Broadnax said in the email.

Source…

According to Researchers, Google’s Bard Presents a Ransomware Threat / Digital Information World

/in


The introduction of AI is revolutionary in and of itself. But with such a rapidly evolving technology accessible to common folks, the chances of users exploiting it for unethical and fraudulent purposes are high. Google’s AI chatbot, Bard, is reported to willingly produce harmful phishing emails when given prompts. By tweaking the wording of those prompts in a specific manner, Bard even can generate basic ransomware code. Check Point, a cybersecurity firm, stated that Bard has gone beyond its competitor, ChatGPT when it comes to cybersecurity.

In light of recent worries regarding the potential misuse of OpenAI’s large-language model in generating harmful programs and threats, Check Point conducted a research proceeding with absolute caution. ChatGPT has enhanced security measures in comparison to Google’s Bard, which has yet to reach that level of security.

Check Point’s researchers gave both ChatGPT and Bard identical prompts. Upon querying for phishing emails were refused by both AI programs. But the findings showcased the difference between both AI programs — ChatGPT explicitly stated that engaging in such activities was considered fraudulent, Bard, on the other hand, claimed that it could not fulfill the request. Furthermore, results showed that ChatGPT continued to decline their request when prompted for a particular type of phishing email, while Bard began providing a well-written response.

However, both Bard and ChatGPT firmly refused when Check Point prompted them both to write a harmful ransomware code. They both declined no matter what, despite their attempts at tweaking the wording a bit by telling the AI programs that it was just for security purposes. But it didn’t take the researchers that long to get around Bard’s security measures. They instructed the AI model to describe common behaviours performed by ransomware, and results showed that Bard had spurted out an entire array of malicious activities in response.

Subsequently, the team went further to append the list of ransomware functions generated by the AI model. They asked it to provide a code to do certain tasks, but Bard’s security was foolproof and claimed it could not proceed with such a…

Source…

New Director Information Warfare set to hit the ground running

/in


Indo Pacific 2023 Ad for APDR 728x90px VISITOR REGISTRATION WEB

 

Defence SA has appointed Dr Dave Ormrod as its inaugural Director Information Warfare. Commencing on 3 July, Dave is a leader in information warfare (IW) and cyber security with more than 25 years of industry experience.

Defence SA Chief Executive Richard Price said the newly created role will assist in ensuring South Australia is able to maximise opportunities across the key areas of intelligence surveillance reconnaissance and electronic warfare (ISREW), cyber and ICT for Defence and space.

“South Australia is the hub for Information Warfare and the state has significant high quality research depth with potential to capitalise on a range of opportunities under the AUKUS Pillar 2 agreement,” said Richard.

“Dave’s significant experience in the field will be an asset to the state in supporting a sustainable IW industry for South Australia.”

Dave’s perspective as a member of the IW community has been shaped by his experience serving in the Australian Defence Force, as well as working with defence industry, federal and state government, and the cyber security industry more broadly. Throughout his career, Dave has built high performing security teams, tailored cyber security solutions, and acted as a trusted advisor and collaborator to C-suite Executives. He has worked across Australia, Europe, the United Kingdom and the United States.

“It is a great privilege to join the experienced Defence SA team and I appreciate the opportunity to support the development of an enduring, sustainable, and effective IW capability in South Australia,” Dave said.

“I’m excited to be returning to Adelaide. I have a strong desire to further South Australia’s defence industry capabilities, extending upon my career working with the Australian Defence Force, industry, academia and our allies.”

Dave has made the move to Adelaide from Canberra with his wife Amy, where his most recent role was as a Director in the McGrathNicol cyber security risk and strategy business.

In addition to his practical experience from the military and industry, Dave has a PhD in Computer Science and is a graduate of both the Carnegie Mellon University (CMU) Chief Information Security Officer (CISO) Program and…

Source…

Ransomware criminals dump personal information of students online after stealing files from MN school

/in


The confidential documents stolen from schools and dumped online by ransomware gangs are raw, intimate and graphic. They describe student sexual assaults, psychiatric hospitalizations, abusive parents, truancy — even suicide attempts.

“Please do something,” begged a student in one leaked file, recalling the trauma of continually bumping into an ex-abuser at a school in Minneapolis. Other victims talked about wetting the bed or crying themselves to sleep.

Complete sexual assault case folios containing these details were among more than 300,000 files dumped online in March after the 36,000-student Minneapolis Public Schools refused to pay a $1 million ransom. Other exposed data included medical records and discrimination complaints.

Rich in digitized data, the nation’s schools are prime targets for far-flung criminal hackers, who are assiduously locating and scooping up sensitive files.

Often strapped for cash, districts are grossly ill-equipped not just to defend themselves but to respond diligently and transparently when attacked, especially as they struggle to help kids catch up from the pandemic and grapple with shrinking budgets.

Months after the Minneapolis attack, administrators have not delivered on their promise to inform individual victims. Unlike for hospitals, no federal law exists to require this notification from schools.

The Associated Press reached families of six students whose sexual assault case files were exposed. The message from a reporter was the first time anyone had alerted them.

“Truth is, they didn’t notify us about anything,” said a mother whose son’s case file has 80 documents.

US MARSHALS SERVICE ATTACKED BY RANSOMWARE TARGETING SENSITIVE LAW ENFORCEMENT INFORMATION

Even when schools catch a ransomware attack in progress, the data are typically already gone. That was what Los Angeles Unified School District did last Labor Day weekend, only to see the private paperwork of more than 1,900 former students — including psychological evaluations and medical records — leaked online. Not until February did district officials disclose the breach’s full dimensions.

The lasting legacy of school ransomware attacks, it turns out, is not in school closures,…

Source…