September 2022 - Page 3 of 5 - Cyber Security Minute

Russian Cyberspies Targeting Ukraine Pose as Telecoms Providers

Issued by: Security Week

Newly identified staging infrastructure overlaps with tactics, techniques, and procedures (TTPs) previously attributed to the group and shows that the threat actor continues its attacks on Ukrainian targets likely in support of Russia’s military actions in Ukraine. UAC-0113 has been linked by the Computer Emergency Response Team of Ukraine (CERT-UA) to the advanced persistent threat…

Malware & Threats

New York Emergency Services Provider Says Patient Data Stolen in Ransomware Attack

Issued by: Security Week

Founded in 1985 and located in Yonkers, the organization provides emergency transportation services, as well as emergency and non-emergency response services to hospitals, private care facilities, and correctional institutions. Empress EMS has more than 200 employees. In a data breach notice posted on its website, Empress EMS reveals that on July 14, 2022, it identified…

Quantifying ROI in Cybersecurity Spend

Issued by: Security Week

You cannot separate cost and value in business: value is used to justify cost. Business value is measured by the return on investment (ROI) from cost. By understanding current ROI it is easier to justify future cost because you know the value. But this is a problem: how do you measure or quantify ROI in…

Malware & Threats

LastPass Found No Code Injection Attempts Following August Data Breach

Issued by: Security Week

The GoTo-owned company announced on August 25 that unknown intruders had gained access to the LastPass development environment and stole “portions of source code and some proprietary LastPass technical information”. At the time, the company posted a notice online, saying that no user data or master passwords were compromised in the incident, and that its…

Malware & Threats

Free Decryptor Available for LockerGoga Ransomware Victims

Issued by: Security Week

The LockerGoga ransomware has been around since at least 2019, when it was used in attacks targeting several industrial organizations, including Norwegian metals and energy giant Norsk Hydro and US-based chemical companies Hexion and Momentive. The individual who operated LockerGoga is believed to be part of a cybercrime ring that also used the MegaCortex ransomware…

Software Security

Industry Reactions to Govt Requiring Security Guarantees From Software Vendors

Issued by: Security Week

Building on the cybersecurity executive order signed by President Joe Biden in May 2021, a memorandum from the OMB requires federal agencies to comply with NIST guidance — for secure software development and supply chain security — when using third-party software. In order to ensure compliance, agencies will have to at least obtain a self-attestation…

Network Security

US Agencies Publish Security Guidance on Implementing Open RAN Architecture

Issued by: Security Week

A general-purpose document titled Open Radio Access Network Security Considerations, the guidance is based on current knowledge and recommended practices and should apply to a variety of industries. “Open RAN is the industry term for the evolution of traditional RAN architecture to open interoperable interfaces, virtualization, and big data and AI-enabled intelligence,” the document reads….

Malware & Threats

FBI Warns of Cyberattacks Targeting Healthcare Payment Processors

Issued by: Security Week

As part of such attacks, threat actors rely on publicly-available personally identifiable information (PII) and social engineering to impersonate victims and access payment information, healthcare portals, and more. “Recent reporting indicates cyber criminals will continue targeting healthcare payment processors through a variety of techniques, such as phishing campaigns and social engineering, to spoof support centers…

Network Security

EU Wants to Toughen Cybersecurity Rules for Smart Devices

Issued by: Security Week

The EU said a ransomware attack takes place every 11 seconds, and the global annual cost of cybercrime is estimated at 5.5 trillion euros in 2021. In Europe alone, cyberattacks cost between 180 and 290 billion euros each year, according to EU officials. The European Commission said an increase of cyberattacks was witnessed during the…

Malware & Threats

Malware Infects Magento-Powered Stores via FishPig Distribution Server

Issued by: Security Week

Specialized in Magento optimizations and Magento-WordPress integrations, FishPig offers various Magento extensions that have gathered over 200,000 downloads. On Tuesday, FishPig warned of an intrusion to its extension license system, which resulted in a threat actor injecting malicious PHP code into the Helper/License.php file. “This file is included in most FishPig extensions so it is…