Tag Archive for: Information

Hack on Transportation Systems Exposes Employee Information

/in


The Department of Transportation’s administrative systems were hacked, exposing the data of hundreds of thousands of employees, the agency confirmed on Monday. 

According to Reuters, the agency notified Congress about the hack late Friday. Transportation confirmed the breach exposed the personal information of approximately 237,000 current and former agency employees.

The affected administrative systems were used, for example, to process employee transit benefits. The agency noted that the breach did not affect any transportation safety systems. 

Transportation’s Office of the Chief Information Officer is investigating the breach, “with the support of other federal agencies, including CISA,” an agency spokesperson told Nextgov in an emailed statement. ”The OCIO is addressing the breach and has suspended access to relevant systems while we further investigate the issue, and secure and restore the systems.” 

It is unclear who is behind the cyber attack, how it occurred and when it was first discovered.

“In an era where the federal government is asking the private sector to do more in terms of cybersecurity, the Department of Transportation breach shows the government needs to follow its own lead and better protect its own systems,” Brandon Pugh, director of Cybersecurity and Emerging Threats at the R Street Institute, told Nextgov in an emailed statement. “All data breaches are concerning, but there are particular risks with information on federal employees being made public. The information could be used to target the impacted federal employees or to carry out future attacks, depending on the precise data that was breached.”

“Cyber attackers require a single vulnerability to infiltrate an organization’s network, highlighting the critical importance of fortifying individual systems during a data breach,” Amit Bareket, CEO and co-founder of Perimeter 81, told Nextgov in an emailed statement. “In today’s rapidly evolving digital landscape, malicious actors continually devise novel techniques to target organizations and exploit their invaluable resources.”

Bareket noted that “individuals who were affected by the U.S. Department of Transportation data breach…

Source…

‘Juice jacking’ hackers can steal your information from USB ports in public places

/in


NORTH TEXAS (CBSNewsTexas.com) — If you’ve charged your phone with USB ports in public places, the FBI is warning you about what they’re calling “juice jacking.”

Juice jacking is when hackers load malware onto charging stations at libraries, hotels and airports, and steal your personal information.

Cyber security experts say it can be hard to detect from just looking at them, and that all it takes is plugging in your phone. In seconds, the malware can steal information from your device while it’s being charged.

A local IT expert told CBS News Texas that this is rare, but if it happens to you, there’s a lot of information they can steal.

“Think about all the data and all the types of information that you keep in your cell phone on a daily basis. You have your personal contacts…your business email is probably on your cell phone,” said Kenny Riley, a technical director for Velocity IT.

Riley also said that you may not even know you’re a victim because your device likely won’t have a pop-up notification saying it’s happening, unlike a computer virus.

CBS News Texas reached out to both DFW International Airport and Dallas Love Field for comment:

DFW International Airport:

“DFW Airport’s USB ports are ‘charge only,’ not part of a network, and are inspected regularly for signs of tampering. Travelers are always encouraged to inspect USB charging ports before using them and look for signs of unusual adapters or anything suspicious, and to report anything unusual to airport staff.”

Dallas Love Field:

“DAL has not had any reported or confirmed cases of malicious software detected in the airport’s USB ports/outlets. We also do not have standalone phone charging stations.

DAL electrical technicians inspect outlets and USB ports nightly and report any unusual devices or evidence of tampering. Passengers are encouraged to do the same before their usage. As always, we urge…

Source…

Bachelor’s Degree in Cyber Security & Information Technology

/in


CCI’s Bachelor of Science in Computing and Security Technology (BSCST) is Drexel’s cybersecurity undergraduate degree. BSCST students learn to securely manage and operate IT infrastructure. Computer security majors tend to be hands-on and like to master the technical details to make complex systems work smoothly and securely. 

Program Features

  • Utilizes practical computer application work to provide students with the critical knowledge and real-world skills required for successful careers in computing and security technology;
  • Offered as a full-time, on-campus bachelor’s degree program or as an online, part-time degree completion program;
  • Students must choose one of two concentrations: Computing Technology or Computing Security;
  • Students can customize and enhance their studies through a variety of available minors at CCI, including Computer Science, Data Science, Human-Computer Interaction, Information Systems, and Software Engineering, or choose from the hundreds of available minors at Drexel;
  • Drexel is proud to be a National Security Agency Center of Academic Excellence in Cyber Defense (NSA CAE-CD) for more than 15 years;
  • CST classes focus on current, real-world challenges in cyber security. For example, many classes include lessons and hands-on activities involving the security of the Internet of Things (IoT) devices. In CT 212: Computer Forensics, students learn how to conduct forensics on programmable logic controllers (PLCS) used to control IoT devices. CST students learn how cloud computing technologies are used to manage and control the security of IoT systems in CT 353: Virtual Environments and Cloud Security. Also, in CT 393: IT Security Risk Assessment, students examine how to evaluate risk on IoT devices in building automation systems and other industrial control systems (ICS).

Gain Job Experience Before Graduating

Founded in 1919, Drexel’s cooperative education program was one of the first of its kind, and it continues to be among the largest and most renowned. Drexel Co-op allows students to test drive careers, network and gain experience before graduation. Students choose from more than 1,700 employers in 35 states and 45…

Source…

83% of Ransomware Infected Organizations Paid Over $900,000 Each / Digital Information World

/in


The average number of ransomware attacks being experienced by companies grew from four to five in 2022, and that’s just one of the many signs pointing to a worsening state of cybersecurity. Law enforcement agencies usually tell organizations to never pay ransoms because of the fact that this is the sort of thing that could potentially end up making the malicious actors target them repeatedly.

However, ExtraHop’s latest Global Cyber Confidence Index revealed that 83% of organizations that fell pretty to a ransomware attack ended up paying the ransom. The fear of data loss and operational disruption likely led to them biting the bullet, and it is estimated that the companies that paid the ransom had to pay an average of over $925,000 apiece.

With all of that having been said and now out of the way, it is important to note that malicious actors often use the double extortion method when companies pay up. Paying a ransom once makes it more likely that you will pay it again than might have been the case otherwise, so there is a clear correlation between failing to follow post-ransomware instructions and having to go through the ordeal all over again.

77% of experts who are working in the field of IT said that obsolete cybersecurity infrastructure was leading to an increased number of attacks with all things having been considered and taken into account. Spending nearly a million dollars to upgrade this infrastructure might be a far more useful strategy for companies to consider since it can prevent ransomware from making its way onto their systems in the first place.

In spite of the fact that this is the case, most companies tend to have a reactive strategy than a proactive one. Creating backups and keeping cybersecurity tech up to date is both more affordable as well as more efficient, yet most companies are failing to meet this very basic requirement. Until major companies start to take cybersecurity more seriously, the number of these attacks will only grow ever greater. It will be interesting to see if these findings have any sort of impact on how ransomware is dealt with.

Read next: New Investigation Discovers iPhones Being Injected With Spyware Through Exploitation Of…

Source…