NCSC warns of a surge in ransomware attacks on education institutions

Security Affairs

National Cyber Security Centre (NCSC) has issued an alert about a surge in ransomware attacks targeting education institutions. National Cyber Security Centre (NCSC), has issued an alert about a surge in ransomware attacks against education institutions. The U.K.

NEW TECH: DataLocker introduces encrypted flash drive — with key pad

The Last Watchdog

One sliver of the $90 billion, or so, companies are expected to spend this year on cybersecurity products and services is an estimated $85 million they will shell out for encrypted flash drives. DataLocker honed its patented approach to manufacturing encrypted portable drives and landed some key military and government clients early on; the company has continued branching out ever since. The encryption in our products is handled by a chip inside the actual hardware itself.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

GCHQ implements World War II cipher machines in encryption app CyberChef

Security Affairs

UK intelligence agency GCHQ released emulators for World War II cipher machines (Enigma, Typex and The Bombe) that can be executed in the encryption app CyberChef. UK intelligence agency GCHQ, as part of the celebration of its centenary , has released emulators for World War II cipher machines that can be executed in the encryption app CyberChef released for educational purposes. Breaking News Hacking Intelligence CyberChef encryption GCHQ Pierluigi Paganini Security Affair

Calculating the Benefits of the Advanced Encryption Standard

Schneier on Security

NIST has completed a study -- it was published last year, but I just saw it recently -- calculating the costs and benefits of the Advanced Encryption Standard. And I certainly agree that the benefits of a standardized encryption algorithm that we all trust and use outweigh the cost by orders of magnitude.

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Krebs on Security

The attacker also obtained free encryption certificates for escrow.com from Let’s Encrypt. We have taken steps across our technology, processes and employee education, to help prevent these types of attacks in the future.” A Little Sunshine Latest Warnings The Coming Storm Chris Ueland escrow.com godaddy.com Let's Encrypt Matt Barrie SecurityTrails

Hackers Release Student Data Following Ransomware Attack

Adam Levin

The school district was originally infected with a still unidentified strain of malware on August 27, It declined to pay the ransom demanded in return for access to the encrypted files. Data Security Cybersecurity featured ransomware nevada coronavirus covid-19 school education

Apple Battling with the Government Again Over Breaking iPhone Encryption of Mass Shooters: Data Privacy Trends

eDiscovery Daily

Remember back in 2016 when Apple with in a court battle with the Department of Justice over giving investigators access to encrypted data on the iPhone used by one of the San Bernardino shooters? Barr has also clashed with Facebook over encrypted messages, which he called “data-in-motion” on Monday. The comments highlight law enforcement’s frustration with encryption technologies that protect data so that neither Apple nor law enforcement can easily read it.

ICO Stresses Importance of Encryption for Data Security

Hunton Privacy

On August 28, 2013, on the UK Information Commissioner’s Office’s (“ICO’s”) blog, Simon Rice, Technology Group Manager for the ICO, discussed the importance of encryption as a data security measure. He stated that storing any personal information is “inherently risky” but encryption can be a “simple and effective means” to safeguard personal information and reduce the risk of security breaches. Selecting the Correct Encryption Method. Safeguarding the Encryption Key.

Free & Discounted Security Services Now Available for US Election Orgs

Dark Reading

Nonprofit Defending Digital Campaigns (DDC) offers security services for email, user education, mobile, and encrypted communications, to federal election committees

Personal data breaches in schools, to report or not to report?

IT Governance

Where data has been encrypted, such as on a laptop, mobile device, memory stick or email, the breach does not need to be reported, however sensitive the data is. BreachReady Education EU GDPR Data breaches education GDPR schoolsUnder the GDPR, all personal data breaches need to be recorded by the organisation and there should be a clear and defined process for doing so.

How situational analysis helps your school become #BreachReady

IT Governance

Introduce device encryption. Encrypting devices such as laptops, tablets, mobile phones and memory sticks protects the data they hold if they are lost or stolen. If staff use their own devices for school work, these should also be covered by the encryption policy, and you should also update the BYOD (bring your own device) policy. Education #BreachReady education GDPR

How to Keep Your Information Safe for Data Privacy Day 2020

Thales eSecurity

An extension of the celebration for Data Protection Day in Europe, Data Privacy Day functions as the signature event of the National Cyber Security Centre’s ongoing education and awareness efforts surrounding online privacy. Namely, they should implement encryption, key management and identity and access management (IAM) to help preserve the privacy of their stored data. Encryption. An organization’s digital security strategy would not be complete without encryption.

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. File encryption 2013 – 2015. It emerged in September 2013 and paved the way for hundreds of file-encrypting menaces that have splashed onto the scene ever since. This threat leveraged 2048-bit RSA encryption and stored the public-private key pair on its Command & Control (C2) server.

REvil Ransomware Gang Starts Auctioning Victim Data

Krebs on Security

” The FBI and multiple security firms have advised victims not to pay any ransom demands, as doing so just encourages the attackers and in any case may not result in actually regaining access to encrypted files. Backup key files and databases: Bear in mind that ransomware can encrypt any network or cloud-based files or folders that are mapped and have been assigned a drive letter.

Payroll Provider Gives Extortionists a Payday

Krebs on Security

19, Apex was alerted that its systems had been infected with a destructive strain of ransomware that encrypts computer files and demands payment for a digital key needed to unscramble the data. Ian Oxman , the company’s chief marketing officer, said the ransomware never touched customer data, but instead encrypted and disrupted everything in the company’s computer systems and at its off-site disaster recovery systems.

FTC Enters into Memorandum of Understanding with Dutch Data Protection Authority

Hunton Privacy

The Memorandum also discusses protective measures for transmitting information related to a request for assistance on a privacy-related matter, such as encryption or maintaining materials in secured, restricted locations. Federal Law Consumer Protection Cross-Border Data Flow Data Protection Authority Edith Ramirez Encryption Federal Trade Commission Information Commissioners Office Ireland Jacob Kohnstamm Netherlands United Kingdom

FBI issued a flash alert about Netwalker ransomware attacks

Security Affairs

and foreign government organizations, education entities, private companies, and health agencies by unidentified cyber actors.” The FBI has issued a security alert about Netwalker ransomware attacks targeting U.S. and foreign government organizations.

Cloud computing provider Blackbaud paid a ransom after data breach

Security Affairs

Blackbaud is a cloud computing provider that serves the social good community — nonprofits, foundations, corporations, education institutions, healthcare organizations, religious organizations, and individual change agents.

Multi-platform Tycoon Ransomware employed in targeted attacks

Security Affairs

The Tycoon ransomware was used in highly targeted attacks, its operators recently targeted small to medium-sized companies and institutions in the education and software industries. Attackers timestamped files with date timestamps of 11th April 2020, 15:16:22: Upon establishing a foothold onto the target network, the attackers executed the Java ransomware module, which encrypted the files on connected servers.

The state of European cybersecurity and lessons to learn

Thales eSecurity

Encryption, encryption, encryption. Encryption is one clear example of how organisations can be doing more with those fundamentals: as this recap of the event highlights, encryption remains core to building cyber-resilience and a core weakness in cyber-security efforts across the board. Only 27% of European organisations encrypt their data, leaving the door wide open to the likes of cyber-criminals and hacktivists.

Halloween: The curse of data

Thales eSecurity

How to survive – Rather than walking down that dark alley assuming they’ll be fine, businesses need to educate themselves on the threats out there and start taking a security first approach. This means implementing simple, but robust security protocols such as encryption and two-factor authentication. By encrypting data and securing access to it through authentication controls, any data that is stolen becomes useless to the hacker trying to obtain it.

Iranian hackers access unsecured HMI at Israeli Water Facility

Security Affairs

Experts noticed that the system still allows communications on port 502, which is used for Modbus protocol, that doesn’t require any authentication/encryption. This group also hit other American websites, including a governmental education website in Texas.

iNSYNQ Ransom Attack Began With Phishing Email

Krebs on Security

Because of the quick reaction we had, we were able to contain the encryption part” to roughly 50 percent of customer systems, he said. “For these infections hackers take sometimes days, weeks, or even months to encrypt your data.” It wasn’t clear from Luchansky’s responses to questions whether the cloud hosting firm was also considering any kind of employee anti-phishing education and/or testing service.

Security Affairs newsletter Round 282

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box.

Boosting Your Data Protection Strategy in 2019

Archive Document Data Storage

Use Encryption Software. You can protect your data from hackers by encrypting your data. Encryption software scrambles your emails and files, so only authorised end users with the encryption key can unlock and read them. Several software providers offer high-security encryption software. Schedule ongoing training sessions to educate your staff about evolving risks and data breach prevention strategies. 2018 was a banner year for data breaches in the UK.

Guy Fawkes Day – LulzSec Italy hit numerous organizations in Italy

Security Affairs

Included in the breaches were Italy’s National Research Center , The Institute for Education Technologies , the ILIESI Institute for the European Intellectual Lexicon , National Mining Office for Hydrocarbons and Geo-resources , Ministry of Economic Development , State Police Association , Fratelli D’Italia , Lega Nord Trentino , Partito Democratico Siena , TV Trentino , Technapoli Equitalia , State Archives S.I.A.S. National Association of Professional Educators.

The importance of computer identity in network communications: how to protect it and prevent its theft

Security Affairs

Hash encryption is used to ensure integrity and authentication. In a tipical network correspondence, the elements sent to the recipient are the original document in clear text and the hash value of the original document, encrypted with the private key of the signatory (digital signature).

It’s Clean Your Virtual Desktop Day: How Will You Celebrate?

InfoGoTo

When you forego firewalls, encryption and organized filing, you are leaving your virtual valuables out in the open for someone to take. Reiterating those cybersecurity concerns: If you are working in finance, insurance, education or healthcare, there are increasingly stringent regulations governing data storage. Remember when you first unboxed your laptop?

Cloud 56

FritzFrog cryptocurrency P2P botnet targets Linux servers over SSH

Security Affairs

The bot is written in Golang and implements wormable capabilities, experts reported attacks against entities in government, education, and finance sectors.

Mining 111

Records for 7.5 million users of the digital banking app Dave leaked online

Security Affairs

Unfortunately for some users, leaked data also includes encrypted payment card data and Social Security numbers. Digital banking app Dave.com discloses a security breach after the known threat actor ShinyHunters leaked 7 million user records on a crime forum.

UCSF paid a $1.14 Million ransom to decrypt files after Ransomware attack

Security Affairs

million to cybercriminals to recover data encrypted during a ransomware attack that took place on June 1. While we stopped the attack as it was occurring, the actors launched malware that encrypted a limited number of servers within the School of Medicine, making them temporarily inaccessible,” reads a statement published by the UCSF. The University of California San Francisco (UCSF) revealed that it paid roughly $1.14

Spotlight Podcast: Public Sector levels up to tackle Cyber Threats

The Security Ledger

In this Spotlight edition of the podcast, sponsored* by RSA Security, we go deep on public sector cyber risk with two interviews from the most recent RSA Conference: Kelvin Coleman, the Executive Director of the National Cyber Security Alliance (NCSA) and Sean McHenry, the CISO of the Utah State Board of Education. » Related Stories Episode 179: CISO Eye on the Virus Guy – Assessing COVID’s Cyber Risks Episode 178: Killing Encryption Softly with the EARN IT Act.

CyberSecurity Hall of Fame

Adam Shostack

Hoffman, Distinguished Research Professor of Computer Science, The George Washington University; Horst Feistel, Cryptographer and Inventor of the United States Data Encryption Standard (DES); Paul Karger, High Assurance Architect, Prolific Writer and Creative Inventor; Butler Lampson, Adjunct Professor at MIT, Turing Award and Draper Prize winner; Leonard J. Congratulations to the 2016 winners ! Dan Geer, Chief Information Security Officer at In-Q-Tel; Lance J.

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

As an example, we could use communications between systems that are not properly encrypted. Improper encryption. Hackers or other malicious sources can intercept poorly encrypted communications on the web.

IoT 92

SHARED INTEL: How digital certificates could supply secure identities for enterprise blockchains

The Last Watchdog

Hojjati outlined how digital certificates – and the long-establish public key infrastructure (PKI) encryption and authentication framework — could be the very thing to validate the identities of both companies and individuals in a much more granular way, something that will be needed as blockchain systems take root. Early adopters are trial-running Hyperledger blockchains in trade financing, in education and training programs and in supply chains for certain vertical industries.

New Bedford city infected with Ryuk ransomware, but did not pay $5.3M ransom

Security Affairs

RYUK encrypts, or renders inaccessible, the data stored on computer servers and workstations. In order to potentially unlock the encrypted data, the operator must then make a payment to acquire a decryption key from the attacker to access its data. RYUK has been implicated in attacks on government, education, and private sector networks around the nation and the world.”

Decrypting HiddenTear Ransomware for free with HT Brute Forcer

Security Affairs

In 2015, the Turkish security researchers Utku Sen published the HiddenTear ransomware, the first open source ransomware, for educational purposes. Click on the Browse Sample button and choose an encrypted PNG file. When the tool has found the encryption key, the decryptor will automatically decrypt the test file and ask the users to determine if it was correctly decrypted.

MY TAKE: Technologists, privacy advocates point to flaws in the Apple-Google COVID-19 tracing app

The Last Watchdog

The core idea is pretty simple,” says Ambuj Kumar, CEO of Fortanix , a supplier of advanced encryption systems. Unless the population is properly educated about this solution and the app is executed properly, the general population may be hesitant to opt in,” Gruenberg says. If the devastating health and economic ramifications weren’t enough, individual privacy is also in the throes of being profoundly and permanently disrupted by the coronavirus pandemic.

BEST PRACTICES: Mock attacks help local agencies, schools prepare for targeted cyber scams

The Last Watchdog

Last September, a ransomware purveyor succeeded in encrypting access to the computer systems of 22 small South Texas towns, demanding ransoms for a decryption key. Meanwhile, a report last October from security firm Armor showed 72 US school districts and individual educational institutions suffered ransomware attacks in the first nine months of 2019, with the total number of victimized schools ringing in at 1,040 up to that point.

New ‘PyXie’ Python RAT targets multiple industries

Security Affairs

“Analysts have observed evidence of the threat actors attempting to deliver ransomware to the healthcare and education industries with PyXie.” The threat actors behind PyXie were observed attempting to deliver ransomware to the healthcare and education industries with this new RAT. As part of the PyXie attacks, legitimate LogMeIn and Google binaries were used to sideload the first stage DLL, which then locates its encrypted payload.