Russia, US mull fresh Putin-Biden meeting | Former NYPD cop pleads guilty to running international drug trafficking ring | Top cybersecurity stories | DOJ Reviewing Decision Not to Prosecute Agents in Nassar Case | Jan. 6 panel moves against Steve Bannon, sets contempt vote | Jan. 6 panel flexes its muscle
-Former NYPD cop who beat suspect in 2010 pleads guilty to running international drug trafficking ring https://t.co/VD3lhZsqSI
— Michael Novakhov (@mikenov) October 15, 2021
Russia, US mull fresh Putin-Biden meeting | Former NYPD cop pleads guilty to running international drug trafficking ring | Top cybersecurity stories | DOJ Reviewing Decision Not to Prosecute Agents in Nassar Case | Jan. 6 panel moves against Steve Bannon, sets contempt vote | Jan. 6 panel flexes its muscle
audio/mpeg The post DOJ Reviewing Decision Not to Prosecute Agents in Nassar Case – NBC New York first appeared on FBI Reform.
The post The Hill’s Morning Report – Presented by Altria – Jan. 6 panel flexes its muscle | TheHill – The Hill first appeared on FBI Reform.
“Trump Investigations” – Google News
 | submitted by /u/Mac_Hertz [link] [comments] |
Below are the top headlines we’ve been reporting this whole week on Cyber Security Headlines.
If you’d like to hear and participate in a discussion about them, the CISO Series does a live 20-minute show every Friday at 12:30pm PT/3:30pm ET. Each week we welcome a different cyber practitioner to offer some color to the week's stories. Our guest this week is Christopher Zell, CISO, Wendy’s.
If you want to get involved you can watch live and participate in the discussion on Crowdcast (register), or you can just subscribe to the Cyber Security Headlines podcast and get it into your feed.
Here are some of the stories we'll be covering.
Bank of America insider charged with money laundering for BEC scams
A U.S. District Court for the Eastern District of Virginia indictment alleges that three men infiltrated the corporate networks of small and large companies in the United States and across the globe, between January 2018 and March 2020. They accessed email servers and email accounts by phishing employee credentials, and via malware. One of the three, being a Bank of America and TD Bank employee, was opening bank accounts under his co-conspirators’ and victims’ names, and also falsified bank book entries. The three spent months intercepting communications and getting to learn about billing systems, style of communication, vendors, clients, and people responsible for transactions, in order to send requests for payment that mirrored real transactions.They made off with a total of $1.1 million.
Medtronic recalls insulin pump controllers over cyberattack risks
The company describes these as severe vulnerabilities that could lead to injury or death of the patients, since an attacker could exploit the vulnerabilities to modify the quantity of insulin that the pumps provide to the patient. The urgent medical device recall applies to the MiniMed™ brand remote controller, which uses a wireless radio frequency to communicate with the insulin pump. The company pointed out that to date, it has not received reports of any injuries resulting from this issue.
Navy warship’s Facebook page hacked to stream Age of Empires game
The official Facebook page of a destroyer-class Navy warship, the USS Kidd, was taken over by someone who wanted to stream the online multiplayer strategy game Age of Empires, and did so for an entire day between October 3 and 4 . Facebook is used by the US military as an official communication channel, particularly for family-readiness groups. Experts state that many official pages are managed using a shared login, and as a result, multifactor authentication (MFA) is not enabled.
Microsoft report details the changing cybercrime landscape
The company recently published its second annual Microsoft Digital Defense Report, providing insights collected across its trillions of security signals on the evolving state of ransomware, malicious email, and malware. The rise of ransomware-as-a-service operations was unsurprisingly discussed, with Microsoft finding that consumer, financial, and manufacturing sectors the most commonly targeted. The company also saw a surge of phishing emails steadily increasing from June 2020 to June 2021, with a large spike in November. In malware, Microsoft saw web shell-based exploits increase, with an average of 140,000 web shell threats on servers from August 2020 to January 2021, and an average of 180,000 encounters per month in 2021.
You got nuclear secrets in my peanut butter!
A Navy nuclear engineer and his wife were arrested for allegedly violating the Atomic Energy Act by attempting to sell nuclear warship data to what they believed to be an agent of a foreign power, but in reality was an FBI agent. Court filings indicate the couple mailed an unnamed foreign government on April 1, 2020 with instructions on how they should contact them using encrypted communications. An FBI's attaché in the foreign country gave this to the FBI, who made contact in December 2020 using encrypted ProtonMail email. The defendant agreed to handover documents at a dead drop in exchange for Monero cryptocurrency, with the SD card of information hidden in half a peanut butter sandwich. Eventually three data dead drops were made in total, in exchange for $70,000 in crypto.
Biden signs school cybersecurity act into law
Cybersecurity experts hailed the K-12 Cybersecurity Act this week after President Biden signed it into law on Friday. The law, which became one of the rare bills to pass in both the House and Senate, instructs CISA to examine threats facing the nation's schools and provide cybersecurity recommendations and toolkits. Recently, schools have faced a barrage of ransomware attacks alongside other incidents that leak sensitive data from students and staff, a problem which has worsened since adoption of remote learning during the COVID-19 pandemic. Michael Webb, CTO at Identity Automation, noted that while the bill will increase security awareness and offer guidance for schools to defend against cyber threats, he added, “Most districts lack the capability of managing digital identities, which is the cornerstone of a strong cybersecurity posture today.”
(ZDNet)
Student used zero-day for school prank
On April 30th this year, Illinois teenage Minh Duong and a group of friends were able to control all networked displays inside Indian Township High School District 214, playing Rick Astley’s memtastic “Never Gonna Give You Up” during a recess period. Minh published a step-by-step guide on how he did this, which started by analyzing log files for the security cameras in the school dating back to 2017. He eventually discovered two novel privilege escalation vulnerabilities in Exterity IPTV products that allowed him to gain access. Minh contacted the company to report them, but never heard back, and said they were still present in late 2020 updates to its software. He also filed a full report on how the attack was done with the school’s IT staff.
Microsoft and Nvidia reveal massive language model
The two companies created the Megatron-Turing Natural Language Generation model or MT-NLP which they call the "most powerful monolithic transformer language model trained to date". The companies say it is unmatched in its reading comprehension, commonsense reasoning and natural language inferences. The system should make it faster and less expensive to to train language models. The MT-NLP runs on 280 A100 GPUs, has 105 layers and 530 billion parameters. Both companies pledge to continually research how to reduce bias within the dataset that feeds MT-NLP, and any uses for the model must agree to work to minimize and mitigate any harms created to users.
DocuSign phishing campaign targets low-ranking employees
Phishing actors are following a new trend of targeting non-executive employees but who still have access to valuable areas within an organization. As reported by Avanan researchers, half of all phishing emails they analyzed in recent months impersonated non-executives, and 77% of them targeted employees on the same level. Some of these use a spoofed version of DocuSign to fulfill an employee request to update their direct deposit information for example, and which asks for the login password – something that a real DocuSign document would not do. Analysts say this is a direct result of senior executives becoming more vigilant and better protected.
[link] [comments]
The post Staten Island cop hit with murder charge in Brooklyn shooting of woman at ex’s home; victim, 24, was S.I.’er – SILive.com first appeared on My News Links.
The post Jan. 6 panel moves against Steve Bannon, sets contempt vote – OregonLive first appeared on My News Links.
Chinese President Xi Jinping will not attend the COP26 climate summit in person, British Prime Minister Boris Johnson has been told, The Times newspaper reported.
#News #Reuters #XiJinping #COP26
Subscribe: http://smarturl.it/reuterssubscribe
Reuters brings you the latest business, finance and breaking news video from around the globe. Our reputation for accuracy and impartiality is unparalleled.
Get the latest news on: http://reuters.com/
Follow Reuters on Facebook: https://www.facebook.com/Reuters
Follow Reuters on Twitter: https://twitter.com/Reuters
Follow Reuters on Instagram: https://www.instagram.com/reuters/?hl=en
Comments
Post a Comment