Tag Archive for: remain

Neenah schools remain closed following cyber security issue

/in


NEENAH (NBC 26) — For the second day in a row, schools within the Neenah Joint School District will remain closed Wednesday due to a cyber security situation affecting the district.

Neenah schools closed Tuesday as the investigation into the IT security incident continues. Mary Pfeiffer, Neenah Joint School District superintendent, said a potential unauthorized access to the school data system caused an outage to the district’s internet, phone systems and several software applications.

At this time, Pfeiffer said they don’t believe confidential or personal information has been compromised.
Teachers spent Tuesday creating non-digital lesson plans, a challenge when a lot of that information is on the district’s server.

“In March of 2020, we shifted our staff to all virtual – at least for a short period of time – and now we’re telling them, ‘no more technology,” Pfeiffer said. “It’s been an incredible year. Another incredible year. And now to have to pivot one more time for something that we didn’t have control of, that can be pretty frustrating.”

Michael Patton, director of the Cybersecurity Center of Excellence at the University of Wisconsin-Oshkosh, doesn’t have direct knowledge of this investigation, but said a concern in this type of situation would be that data is taken. He said access to an organization’s server can happen with just one click on a faulty link or video.

“Whatever you open has as much access to your work computer as you do. They get to do things essentially as you,” Patton said. “Your organization may have permissions in their network that allow for you to share things across computers. So the bad actors would leverage that sharing capability, and move throughout your network and infect lots of other things.”

That’s why Patton said it’s best to separate work and personal.

“Maybe we want to check our Facebook or do some online shopping. Just recognize that if you’re doing that from your work machine, that could allow whatever mistakes you make into your work space,” Patton said.

He added people should always be vigilant and skeptical about things they open online.

The Neenah Joint School District is working to restore phone and internet access for…

Source…

Healthcare OT Facilities Remain Exposed As Industry Experienced 68 Attempted Ransomware Attacks In Q3

/in


Healthcare OT Facilities Remain Exposed As Industry Experienced 68 Attempted Ransomware Attacks In Q3

Source…

Supreme Court narrows scope of hacking law, but questions remain — FCW

/in


Cybersecurity

Supreme Court narrows scope of hacking law, but questions remain

  • By Justin Katz
  • Jun 03, 2021

US Supreme Court shutterstock photo ID: 376063027 By Tinnaporn Sathapornnanont 

The Supreme Court on Thursday narrowed the scope of the Computer Fraud and Abuse Act in a 6-3 decision that leaves open questions about the law’s application in the future.

The decision in Van Buren v. United States brought together a coalition of left-leaning and right-leaning justices. The case represents one of the most significant looks at the 1980s-era CFAA, which prohibits individuals from accessing a computer “without authorization or exceeding authorized access” and is a key statute in prosecuting computer crimes.

In the case that reached the high court Nathan Van Buren, a former police officer, was convicted of a CFAA violation after he was discovered using his official access to obtain information about an individual in exchange for a bribe. The case came to light in an FBI sting operation that targeted Van Buren. The ruling reversed a circuit court decision upholding Van Buren’s conviction and remanded the case for further consideration in light of the new reading of CFAA.

The majority opinion from Justice Amy Coney Barrett narrowed the scope of what is meant by “exceeding authorized access” under the law. The court found that if a user has rightful access to a computer, they are not necessarily in violation of the law simply because they use the device for something other than its expressed purpose.

“The Government’s interpretation of the ‘exceeds authorized access’ clause would attach criminal penalties breathtaking amount of commonplace computer activity,” according to the court’s opinion, written by Justice Amy Barrett.

The CFAA’s vague wording has had technology groups worried for some time about how it could be used by some companies to penalize competitors and would-be competitor and to criminalize a range of benign activity, including cybersecurity research.

“When it comes to cybersecurity, there is good news and bad news,” Harley Geiger, senior director of public…

Source…

Upstox alerts users of data breach; says funds, securities remain safe

/in



Retail broking firm Upstox has alerted customers of a security breach that included contact data and KYC details of customers, but assured users that their funds and securities remain safe.


The development comes close on the heels of reports of data breaches at organisations like MobiKwik, Facebook and LinkedIn.



“On receipt of e-mails claiming unauthorised access into our database, we have appointed a leading international cyber-security firm to investigate possibilities of breach of some KYC data stored in third-party data warehouse systems.


“This morning, hackers put up a sample of our data on the dark web,” a company spokesperson said in an e-mailed statement.


The spokesperson added that as a proactive measure, the company has initiated multiple security enhancements, particularly at the third-party warehouses, real-time 24×7 monitoring and additional ring-fencing of its network.


“As a matter of abundant caution, we have also initiated a secure password reset via OTP for all Upstox users. Upstox takes customer security extremely seriously.


“Funds and securities of all Upstox customers are protected and remain safe. We have also duly reported this incident to the relevant authorities,” the spokesperson said.


The spokesperson further said that at this point, “we don’t know with certainty the number of customers whose data has been exposed”.


Upstox, which is backed by investors like Tiger Global and Ratan Tata, has over three million users.


On the company website, Upstox co-founder and CEO Ravi Kumar said funds and securities of customers are protected and remain safe.


“Funds can only be moved to your linked bank accounts and your securities are held with the relevant depositories.


“As a matter of abundant caution, we have also initiated a secure password reset via OTP. Through this time, we have also strongly fortified our systems to the highest standards,” he said.


He added that the company has restricted access to the impacted database, and added multiple security enhancements at all third-party data-warehouses.


The company has also ramped up its bug bounty programme to…

Source…