CSS News Round-Up: Baltimore Hit With Second Ransomware Attack In a Year

News Round-Up – Get a Quick Rundown of What You Need to Know

 

The Converged Security News Round-Up looks into recent reports and journalism covering converged security threats and trends affecting all industries. You can suggest articles to us on LinkedIn and on Twitter at @ConvergedSecSol. Visit our services page to learn more about the CSS suite of services, including managed security services and end-to-end cyber-and-physical protection.

Baltimore Hit With Second Ransomware Attack In a Year

Baltimore’s city government fell victim to a ransomware attack, taking most servers offline besides emergency numbers, says The Baltimore Sun. This attack is the second, with another having taken place just last year. Attackers used the RobbinHood ransomware, which has been used on other municipalities as well, according to the article. The city has so far refused to pay the ransom of $17,600 demanded by the criminals and has cancelled a number of events including a public safety committee hearing as a result of their infected systems.

Cryptocurrency Exchange Hackers Steal $40.7 Million in Bitcoins

Binance, a massive cryptocurrency exchange, has lost 7,000 bitcoins that are worth $40.7 million total, according to Hack Read. The perpetrators hacked the exchange’s hot wallet to obtain the funds, but Binance’s insurance reserve will cover the loss. Additionally, the company is completing a security review of all systems despite the fact that no other wallets were affected, the article states. Users are advised to replace both their 2FA codes and API keys immediately. During the investigation period, no withdrawals and deposits can be made.

Over 1.9 Billion Records Exposed in First Three Months of 2019

According to Help Net Security, the first three months of 2019 saw a grand total of 1,918,766,088 records exposed. “The report finds that 67.6% of records compromised in Q1 were due to exposure of sensitive data on the internet,” the article states. It was also discovered, says the article, that businesses who find out via external sources that they’ve had a data breach report it a month sooner than those who find out from internal sources.

WhatsApp Vulnerability Allows Hackers to Install Spyware

A recently discovered vulnerability in WhatsApp, says Naked Security, will allow hackers to install spyware on users’ phones—gaining access by making a call to the user on the app. Once the spyware is installed, attackers can eavesdrop on phone calls, messages, and even activate the camera, the article states. NSO Group has been identified as the likely subject behind the spyware being installed. An update has since been released to resolve the issue, and users are advised to ensure it has been updated immediately.

Proposed Bill Would Implement Cybersecurity Training for Congress Members

As detailed by Security Week, a bill known as The Congressional Cybersecurity Training Resolution of 2019 has been proposed, sponsored by Representative John Katko and Representative Kathleen Rice. The bill would require cybersecurity training for members of the U.S. House in addition to the already required training of employees and officers. The training would be required within the first 30 days of service. The objective is to allow members to serve as positive examples of strong cybersecurity practices as well as help fight cybercrime.

Uniqlo’s Parent Company Hacked Exposing 460,000+ Records

Fast Retailing, the parent company of Japanese clothing stores such as Uniqlo Japan and GU Japan was hacked between April 23rd and May 10th, says Bank Info Security. As a result, over 460,000 customers’ accounts were accessed by the intruders, allowing them to see names, addresses, partial payment information, phone numbers, birth dates, clothing measurements, and more. The criminals gained access via credential stuffing. There is an ongoing investigation by the company and the Tokyo Metropolitan Police, the article states. Retailers continue to be a prime target due to their possession of massive amounts of payment information.

Converged Security Solutions provides our clients with measurable value by better quantifying, reducing, and managing security risk through assessments, remediation, and monitoring of IT and critical infrastructure. Our services span cyber and physical security to address the growing complexities in a world with internet enabled devices. Contact us to request quotes, learn more about the full catalog of services, or for a free initial consultation.