Source: ClearSky

Unpatched VPN Servers Hit by Apparent Iranian APT Groups

Scott Ferguson • February 18, 2020

Unpatched Fortinet, Palo Alto and Pulse Secure VPN servers, as well as Citrix gateways, continue to be targeted by hackers, who are exploiting critical flaws to install backdoors inside corporate networks. Security firm ClearSky warns that apparent Iranian APT attackers are the latest to join the fray.

Cybercrime

Fraudsters Pose as Journalist in Phishing Campaign: Report

Latest

Application Security

Cybersecurity Plan for 2020 US Election Unveiled

Akshaya Asokan • February 17, 2020

The U.S. Cybersecurity Infrastructure and Security Agency has released its cybersecurity plan for the run-up to the 2020 presidential election, outlining the agency's role as a facilitator that will assist federal, state and local agencies in protecting critical election infrastructure.

Business Continuity Management / Disaster Recovery

IBM Exits RSA Conference 2020 Over Coronavirus Worries

Mathew J. Schwartz • February 17, 2020

With IBM and seven other sponsors withdrawing from next week's RSA Conference 2020 - as worries over the China-centered outbreak of the coronavirus continue - will others follow suit?

Governance

Senator Calls for Creation of Federal Online Privacy Agency

Apurva Venkat • February 14, 2020

U.S. Sen. Kirsten Gillibrand, D-N.Y., is proposing the creation of a new federal agency dedicated to protecting online privacy, taking that task away from the Federal Trade Commission.

Application Security

MIT Researchers: Online Voting App Has Security Flaws

Akshaya Asokan • February 14, 2020

MIT security researchers have published a paper that describes several security flaws in Voatz, a smartphone app used for limited online voting during the 2018 midterm elections. But the maker of the app contends the research is flawed.

Application Security

Analysis: Indictments in Equifax Hack

Nick Holland • February 14, 2020

The latest edition of the ISMG Security Report analyzes the indictments of four Chinese military officers in connection with the 2017 Equifax data breach. Also featured: Advice on implementing NIST's new privacy framework; lessons learned in a breach disclosure.

Events

RSA Conference 2020: ISMG Spotlights Security Leaders

Scott Ferguson • February 14, 2020

Information Security Media Group, a premier media partner at the annual RSA Conference, will conduct over 200 video interviews at this year's event with cybersecurity thought leaders, executives, CISOs and sponsors.

Business Continuity Management / Disaster Recovery

Ransomware Hit a Florida Voting System in 2016

Akshaya Asokan • February 13, 2020

Election officials in Palm Beach County, Florida, revealed this week that its voter registration system was hit by ransomware in the weeks leading up to the 2016 presidential election.

Business Continuity Management / Disaster Recovery

After Malware Attack, Doctor Network Had Widespread Outage

Marianne Kolbasuk McGee • February 13, 2020

Hundreds of pediatric healthcare providers in Massachusetts were still unable to access their electronic health record systems Thursday after a malware attack earlier this week on a large physician network affiliated with Boston Children's Hospital. What can others learn from the incident?

Cyberwarfare / Nation-State Attacks

US Has Evidence of Huawei Backdoor: Report

Ishita Chigilli Palli • February 13, 2020

As the U.S. ramps up pressure on its allies to ban equipment from Chinese manufacturer Huawei from their 5G networks, U.S. officials now say they have evidence that the firm has created a backdoor that allows it to access mobile phone networks around the world, the Wall Street Journal reports.

Events

RSA 2020: The Show Must Go On

Scott Ferguson • February 13, 2020

While public health concerns over the spread of the coronavirus are leading to the cancellation of some international events, the RSA Conference 2020 will proceed as scheduled in San Francisco Feb. 24-28.

Encryption & Key Management

CIA Secretly Owned Swiss Encryption Firm for Years: Reports

Scott Ferguson • February 12, 2020

Intelligence agencies in the United States and West Germany secretly owned a controlling stake in Swiss firm Crypto AG for decades and used their access to the company's encrypted communications equipment to spy on over 100 countries, including friends and foes alike, according to news reports.

Cyberwarfare / Nation-State Attacks

US Counterintelligence Outlines 5 Key Priorities

Ishita Chigilli Palli • February 12, 2020

The agency that leads counterintelligence efforts for the U.S. has listed five key priorities for the year ahead that go far beyond protecting government secrets. Here's what's on the list.