Tag Archive for: Responsible

City of Dallas identifies group responsible for network outage, ransomware attack

/in


Dallas officials gave an update Thursday after announcing that city servers were under a cyberattack Wednesday, affecting several city services.

“Vendors continue to work around the clock to contain the outage and restore service, prioritizing public safety and public-facing departments,” the city said in the update.

A ransomware group called “Royal” initiated the attack, according to city officials.

Bill Zielinski, the chief information officer for Dallas, will give a briefing on the attack on Monday, May 8.

As of 10 a.m. Thursday, the city provided the following updates on services:

  • Dallas Police Department and Dallas Fire -Rescue service to residents is unaffected.

  • 911 calls continue to be received and dispatched.

  • 311 calls are being answered, but non-emergency service requests may be delayed.

  • Courts are closed and LiveChat is inaccessible. All cases will be reset; jurors do not need to report for service and notices will be sent by mail.

  • Saturday’s election is unaffected. Dallas County will share official information including results. Meeting notices are being posted and meetings may be viewed at dallascityhall.webex.com, dallascitynews.net/watch-live, Spectrum channels 16 & 95, and AT&T U-verse at channel 99. Contracts may be delayed.

  • All branches of the Dallas Public Library are open and in-person checkouts continue. Online materials are currently unavailable.

  • Billing for Dallas Water Utilities is unaffected, but meter reading will be delayed. Only the department’s interactive voice response system can take credit card payments. Disconnections will be discontinued until the outage is resolved.

On Wednesday morning, the City of Dallas’ security monitoring tools notified the Security Operations Center that a likely ransomware attack had been launched on their servers.

The city confirmed later Wednesday that a number of servers have been compromised with ransomware, impacting “several functional areas,” including the Dallas Police Department website, the city said in a news release.

“The City team, along with its vendors, are actively working to isolate the ransomware to prevent its spread, to remove the ransomware from infected servers, and to restore any services…

Source…

Rethinking Responsible Disclosure for Cryptocurrency Security

/in


The Biden administration has pointed, with alarm, to the national security implications of both cybersecurity and cryptocurrency. It’s just a matter of time before the government begins worrying about their intersection—cryptocurrency security. All of the United States’ international adversaries are in the business of exploiting bad cybersecurity, and many of them monetize their exploits using cryptocurrency. There’s nothing more natural for North Korean state hackers, Russian organized crime, or partially privatized cyberspies in China and Iran than to steal cryptocurrency to finance their national security operations. They’ll find an open door; because, as bad as overall cybersecurity is, the security of cryptocurrency is worse.

You only have to follow cryptocurrency news casually to be struck by the size and frequency of cryptocurrency security failures. That’s not your imagination, or press bias. Cryptocurrency really does have worse security than other digital technologies, and there’s a good chance it always will. 

Here’s why: In other parts of the digital economy, companies quickly patch security flaws, many of which have been found and responsibly disclosed by outside researchers. But as I’ll explain below, the “disclose-and-patch” cycle doesn’t work for cryptocurrency systems. There are ways to make disclose-and-patch work better for cryptocurrencies, but they will require compromises, institutional innovation, and maybe even new laws. That’s a tall order, but until it happens, cryptocurrency security will never match even the low security standard set by other digital technologies.

How Responsible Disclosure Works

Software security flaws like these are ubiquitous in digital products. Like writers who can’t see their own typos, most coders have trouble seeing how their software can be misused. The security flaws in their work are usually found by others, often years later. Indeed, security researchers are still finding serious holes in Windows today—30 years after it became the world’s dominant operating system.

Companies like Microsoft have improved their products’ security by making peace with those researchers. There was a time when…

Source…

Who Was Responsible For Hacking Both IBM & Stanford University?

/in


The threat detection experts at CloudSEK have used their XVigil Artificial Intelligence (AI) platform to identify a post made to a cyber crime forum, where a threat actor has taken credit for hacking exploits.

In a website post the company researchers describe how  an open source automation server platform known as ‘Jenkins’ is one of the channels used by an as yet unidentified  threat actor in attacks against both IBM and Stanford University. The post contained a sample screenshot as proof of their claimed access to a Jenkins dashboard. 

According to CloudSEK,  the hackers aim to deliver a module containing hidden desktop takeover capabilities by exploiting clicks on seeming innocuous advertisements posted on the Internet. 

CloudSEK say that the Jenkins dashboard bypass contains internal hosts and scripts, in addition to database credentials and logins. On the same forum, CloudSEK found that the actor admitted to targeting IBM, particularly via internal administrators’ scrips and firewall configurations. Then, a private script is deployed to conduct fuzzing and obtain vulnerable instances that are then exploited. 

According to further posts, the hacker say they also targeted IBM and claimed responsibility for hacking Jozef Safarik University in Slovakia and Stanford University.

Cyber security researchers claim that modules such as Jenkins can be used to deliver sophisticated ransomware attacks, making them particularly dangerous. Reports from XVigil suggested government access to the domains was discovered from multiple countries, including Ukraine, United Arab Emirates, Pakistan and Nepal.

CloudSEK researchers say they expect this malicious campaign to ramp up bot infection attempts.

CloudSEK:   TEISS:      Oodaloop:     Infosecurity Magazine:     IT Security Guru:    The Cybersecurity:     Inside

You Might Also Read: 

Lapsus$ Hackers Targeted T-Mobile:
 

« Cyber Attacks Cause Catastrophic Business Loss

Source…

Responsible Things To Do With Your Tax Refund

/in


The end of the financial year is upon us. As we all scramble to sort out our taxes and expenses for tax time, it’s easy to be swayed by some of the massive EOFY deals that pop up around about now to try and detach us from our hard earned tax returns. It’s a cliche to buy something fun, like a brand new 4K TV with your cash injection, but there are far more responsible ways that you can spend that money.

The items below are admittedly not the flashiest ways to spend your newfound cash, but they are definitely the safest things that you can do for yours and your family’s future. We’ve compiled a few of the most responsible things to do with your tax refund, so you can kick off the 2023 financial year in the right direction.

Make Big Work Related Purchases

Big-ticket work expenses like computers, tools and software are things that inevitably need to be replaced. In the Australian taxation system, work related items that cost you more than A$300 need to be depreciated over the “effective life” of the item. If you buy these items at the end of a financial year, the benefit on your next tax return will be very small. However, a trick that any accountant will tell you is that if you buy the item early in the year – July or August – that depreciation assessment will cover more time and this causes a bigger deduction on your next tax return.

Audit Your Internet Security

Regularly auditing your tech’s security is the best way to make sure you’re protected. As a work-related expense, a new financial year is the perfect time to get that done and put yourself on an annual security cycle. Whether you work from home or not, chances are you’re going to access some sensitive data on your personal devices. A holistic internet security suite such as PCMag Editors’ Choice Bitdefender Total Security is the simplest way to ensure all your bases are covered when it comes to the online safety of your household. It provides top of the line threat detection with minimal impact on your system’s performance, with some great features like camera/microphone security and an included VPN with a 200MB data allowance per day/device for safe browsing.

An important factor to…

Source…