Posts

Cyber attackers are targeting your child’s school and it’s costing us millions

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


ST. LOUIS COUNTY, Mo. – If you have a website, you are at risk. You don’t have to click on a malicious link to let the criminal inside. Just like your home, cybercriminals are looking for unlocked windows, a weak door, or that key you’ve hidden under a rock.

“It is what keeps people in my position up at night,” Jason Rooks said. He’s Parkway School District’s Chief Information Officer.

“It’s not if you get attacked – it’s when you get attacked,” he said.

Rooks says school districts are now one of the biggest targets.

“In the past month, two school districts in the state of Missouri have had to close multiple days due to ransomware attacks,” he said.

The Affton School District was recently hit with ransomware. Cybercriminals said they had personal information and demanded money for its return. Affton said it didn’t pay, but Maryville University Associate Professor of Cybersecurity Brian Gant says some districts do.

“One in four school districts is experiencing ransomware currently. Right now, K-12, we’re talking about millions and millions of dollars being lost,” he said.

Gant teaches student how to defend our computer systems. A video wall in their cyber fusion center shows active attacks being stopped—live—in real time. Gant says we don’t have enough experts to stop the attacks.

“The gap that we’ve been experiencing is vast,” he said. “In 2023, they’re expecting it to be a million-job gap between those with the skills necessary to fill it, and higher education is one of those vehicles in which we can get people into the pipeline to fill those gaps.”

Student Hunter Myles already has a job lined up where he will fight to defend our virtual borders.

“Nothing is secure. No company is safe,” he said. “Major national government agencies were attacked. National corporations with billions of dollars in security funding were attacked. It always takes one open door for these attackers to get in.”

In class, he’s working with school districts like Parkway to tighten their security.

“And the great thing is they don’t charge school districts for these services,” Rooks said….

Source…

Facebook Blocks PA-Connected Hacking Ring Targeting Journalists, Activists

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


(The Media Line) In a report released Wednesday, Facebook detailed its actions against two hacker groups from the Palestinian territories that made use of the Facebook platform to spy on Palestinians.

According to the report, the first group targeted journalists, human rights activists and government opposition, among others, and used malware to access phones and computers for spying. This group is connected to the Palestinian Authority’s Preventive Security Service (PSS), an intelligence agency tasked with internal security.

The second group, named Arid Viper, directed its efforts at Fatah members, PA officials and members of security forces, hinting at a possible connection to Fatah-rival Hamas. This second group employed a variety of tactics, all aimed at accessing personal information on phones and computers.

A PSS spokesperson rejected these allegations, telling Reuters that “we respect the media, we work within the law that governs our work.”

Facebook took action against these groups by blocking their accounts, as well as internet domains connected to them. The company also notified the attackers’ targets as well as “industry partners.”

If the allegations are true, the attacks are in keeping with the PA’s suppression of dissidents and critics. Both the PA and Hamas have been harshly criticized by human rights organizations for their employment of suppressive measures. A 2020 report by Amnesty International said that both Hamas, which controls the Gaza Strip, and Fatah, the organization heading the PA, arrested dozens of protesters, opposition members, activists and journalists throughout the year.

The 2020 annual report of MADA, the Palestinian Center for Development and Media Freedoms, noted a decline in the number of attacks on journalists in the Palestinian territories. Yet the report attributes the smaller numbers to lockdown measures enforced because of COVID-19, which lowered the number of interactions between journalists and potential attackers. “The state of media freedoms in Palestine has not witnessed any real positive and tangible developments that would serve to move away from the path of practices and trends that prevailed during the preceding…

Source…

Facebook Blocked PA-Connected Hacking Ring Targeting Journalists, Activists

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


Acting from the West Bank, the group – allegedly connected to Palestinian intelligence – used ‘low-sophistication malware’ to spy on its targets

In a report released Wednesday, Facebook detailed its actions against two hacker groups from the Palestinian territories that made use of the Facebook platform to spy on Palestinians.

According to the report, the first group targeted journalists, human rights activists and government opposition, among others, and used malware to access phones and computers for spying. This group is connected to the Palestinian Authority’s Preventive Security Service (PSS), an intelligence agency tasked with internal security.

The second group, named Arid Viper, directed its efforts at Fatah members, PA officials and members of security forces, hinting at a possible connection to Fatah-rival Hamas. This second group employed a variety of tactics, all aimed at accessing personal information on phones and computers.

A PSS spokesperson rejected these allegations, telling Reuters that “we respect the media, we work within the law that governs our work.”

Facebook took action against these groups by blocking their accounts, as well as internet domains connected to them. The company also notified the attackers’ targets as well as “industry partners.”

If the allegations are true, the attacks are in keeping with the PA’s suppression of dissidents and critics. Both the PA and Hamas have been harshly criticized by human rights organizations for their employment of suppressive measures. A 2020 report by Amnesty International said that both Hamas, which controls the Gaza Strip, and Fatah, the organization heading the PA, arrested dozens of protesters, opposition members, activists and journalists throughout the year.

The 2020 annual report of MADA, the Palestinian Center for Development and Media Freedoms, noted a decline in the number of attacks on journalists in the Palestinian territories. Yet the report attributes the smaller numbers to lockdown measures enforced because of COVID-19, which lowered the number of interactions between journalists and potential attackers. “The state of media freedoms in Palestine has not witnessed any real positive…

Source…

Hackers are actively targeting flaws in these VPN devices. Here’s what you need to do

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


Hackers are actively exploiting a newly discovered flaw in Pulse Connect Secure VPN products, alongside some older flaws that some customers have yet to patch. 



a man sitting in front of a window: Young women using computer, Cyber security concept.


© Getty Images/iStockphoto

Young women using computer, Cyber security concept.


Cybersecurity firm FireEye reported it has been investigating multiple incidents of compromises of the devices that use a bug tracked as CVE-2021-22893 that was discovered in April. It’s an significant vulnerability with a severity score of 10 out of a possible 10 and the malware being deployed is designed to bypass two-factor authentication. 

The vulnerability includes an authentication bypass that can “allow an unauthenticated user to perform remote arbitrary file execution on the Pulse Connect Secure gateway,” according to Pulse Secure’s advisory. 

Loading...

Load Error

SEE: VPN: Picking a provider and troubleshooting tips (free PDF) (TechRepublic)

FireEye’s incident response unit Mandiant says it is tracking 12 malware families linked to attacks on Pulse Secure VPN appliances that use this bug in combination with older bugs affecting the software. 

FireEye has attributed the activity to a group it labels UNC2630, a suspected China state-sponsored hacking group that has allegedly targeted the US Defense industry and European organizations. 

US-based IT asset management firm Ivanti has released the Pulse Connect Secure Integrity Tool and other mitigations for the bug that’s under attack. 

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA)  said the attacks on this VPN product began in June 2020: other bugs the attackers have used include CVE-2019-11510, CVE-2020-8260, and CVE-2020-8243, which allow them to install web shells to gain persistence on the device. 

As ZDNet reported last August, attackers have been scanning the internet for Pulse Secure VPN servers with these flaws since June because the VPNs are used by staff to remotely access internal apps. 

“The threat actor is using this access to place web shells on the Pulse Connect Secure appliance for further access and persistence. The known web shells allow for a variety of functions, including authentication bypass,…

Source…