Links individual vulnerabilities to those known to have been used in ransomware operations, helping vulnerability management teams prevent potential cyber extortion events with VulnDB.

**NEW YORK, NY – November 9, 2022** **—** Flashpoint, the globally trusted leader in risk intelligence, announced today an industry-first ransomware prediction model that allows vulnerability management teams to improve remediation efforts and prevent cyber extortion events with VulnDB, the most comprehensive vulnerability database available on the market.

According to the U.S. Treasury Department, financial institutions filed $1.2B in ransomware-related costs in 2021, nearly double the amount reported by banks in 2020. In order to help organizations proactively prevent a ransomware attack, Flashpoint’s latest capability enables vulnerability management teams to identify the likelihood that a particular vulnerability could be used in a future ransomware attack.

“The risk of falling victim to a ransomware attack can be radically reduced with the right intelligence,” says Flashpoint General Manager Jake Kouns. “Our ransomware prediction algorithm, coupled with our vulnerability intelligence, is a must-have for security teams that want to remediate vulnerabilities that could help them get in front of a potentially destructive ransomware attack.”

VulnDB covers over 300,000 known vulnerabilities found in end-user software and third-party libraries and dependencies, including over 96,000 vulnerabilities missed by CVE and NVD. For each of those vulnerabilities, including newly disclosed issues, Flashpoint’s ransomware prediction model determines a Ransomware Likelihood rating that’s derived from a combination of factors, including exploit availability, attack type, impact, disclosure patterns, and other characteristics captured by VulnDB. This intelligence is critical to vulnerability management teams who often lack the resources and context they need to efficiently prioritize and patch tens of thousands of vulnerabilities disclosed every year.

To learn more about Flashpoint’s ransomware prediction model and VulnDB, reach out for a free trial.

****About Flashpoint****

Trusted by governments, commercial enterprises, and educational institutions worldwide, Flashpoint helps organizations protect their most critical assets, infrastructure, and stakeholders from security risks such as cyber threats, ransomware, fraud, physical threats, and more. Leading security practitioners—including physical and corporate security, cyber threat intelligence (CTI), vulnerability management, and vendor risk management teams—rely on the Flashpoint Intelligence Platform, comprising open source (OSINT) and closed intelligence, to proactively identify and mitigate risk and stay ahead of the evolving threat landscape. Learn more at flashpoint.io.

Flashpoint Releases Ransomware Prediction Model for Vulnerabilities

Technology consolidates Windows and Linux software risk together in one UI, helping teams manage vulnerabilities and comply with new regulatory standards.

**BE’ER SHEVA, Israel, (November 9, 2022) —** Rezilion, an automated software security platform, announced today the expansion of its Dynamic Software Bill of Materials (SBOM) capability to support Windows environments. Through this expansion, Rezilion will provide organizations with a first-of-its-kind toolset to efficiently manage software vulnerabilities and meet new regulatory standards, for the 56% of software today that’s built for Windows OS.

“We are seeing a widespread interest in adopting SBOMs as many organizations realize that their future security, risk, and compliance posture relies heavily on the need to see into their software supply chain,” said Liran Tancman, CEO, Rezilion. “A Dynamic SBOM that supports Windows environments widens the scope of possibility and gives the ability to a massive number of new customers to meet regulatory standards and detect and manage their software vulnerabilities strategically.”

While many tools exist for organizations to manage vulnerabilities in their software, the vast majority of these were initially built for use with Linux OS, resulting in gaps in functionality when they’re used for Windows. A dearth of “Windows-first” tooling also affects organizations’ preparedness to comply with new regulations such as the President’s Executive Order (EO) 14028, which will require teams to provide regulators with a thorough inventory of their software environments and related vulnerabilities.The market has been alarmingly slow to respond to this increasingly urgent need for better solutions. As evidence of this, Microsoft itself released its first, basic, open source “Windows-first” SBOM generation tool as recently as July of this year.

As a result of these gaps, for organizations with large, legacy Windows environments (including critical infrastructures), a new threat on the scale of the “Y2K” scare of the late 1990’s is emerging. Be it attackers or regulators, these organizations must modernize their security standards, or suffer consequences of looming risks ahead.

First released in May, Rezilion’s Dynamic SBOM can be deployed in all software environments – both Windows and Linux simultaneously – and provides a real-time versus static inventory of all software components in a single graphical UI. Rezilion’s solution also integrates dynamic runtime analysis to not only detect software vulnerabilities, but validate their actual exploitability, helping teams to clear away “false-positive” scan results and avoid wasteful patching work that shifts resources away from build activity.

Other key features and capabilities include:

*   **Dynamic Identification** – Instantly search and pinpoint vulnerable components such as Log4J across millions of files and on thousands of hosts, containers, and applications.
*   **Holistic Insight & Control** – View Windows and Linux risk side by side in one UI, to get a complete picture of your attack surface, manage risk efficiently and comply with auditors
*   **Tackle Legacy Vulnerability Backlogs Efficiently** – Aggregate detected vulnerabilities, filter out false-positives and prioritize what matters to address risks quickly and meet modern remediation SLAs as defined by CISA with a fraction of the effort

Learn more about Rezilion’s Dynamic SBOM at https://www.rezilion.com/platform/dynamic-sbom/.

Book a demo today to learn more about Rezilion’s Windows software security solutions a https://www.rezilion.com/lp/windows-security-demo/.

**About Rezilion**

Rezilion’s platform automatically secures the software you deliver to customers. Rezilion’s continuous runtime analysis detects vulnerable software components on any layer of the software stack and determines their exploitability, filtering out up to 95% of identified vulnerabilities. Rezilion then automatically mitigates exploitable vulnerabilities across the SDLC, reducing vulnerability backlogs and remediation timelines from months to hours while giving DevOps teams time to build.

Rezilion Expands Dynamic SBOM Capability to Support Windows Environments

Greater insight into attack paths and runtime visibility helps customers reduce risk and improve cloud security posture.

**San Jose, Calif., November 9, 2022 —** Lacework®, the data-driven cloud security company, today announced new cloud-native application protection platform (CNAPP) capabilities for the Polygraph® Data Platform that provide improved attack path analysis and agentless workload scanning for secrets and vulnerabilities. These capabilities provide better visibility into today’s increasingly complex security environment, enabling organizations to instantly understand what matters so they can triage and respond faster.

According to the latest Lacework Cloud Threat Report, attackers are rapidly increasing in sophistication, with a particular focus on infrastructure. Attackers constantly seek paths of least resistance to compromise a system, hiding in the complexity of seemingly disparate risks and exploiting them whenever possible. Despite cloud adoption becoming nearly ubiquitous across industries, many enterprises still lack the visibility needed to truly manage and understand these sophisticated vulnerabilities present or emerging in their own cloud environments. Even most modern security solutions fall short here, relying on rules-based approaches that don’t account for the dynamic uniqueness of each organization’s cloud environment.

“As cloud environments become more complex, it’s difficult for organizations to get a clear picture of what is happening across their critical infrastructure so they can work efficiently to scale security to manage risk with the speed of modern software development,” said Melinda Marks, Senior Analyst at ESG. “Lacework is a strong player in the CNAPP category because it combines visibility with a deep understanding of behaviors across a customer’s overall cloud environment.”

In response to these challenges, Lacework has introduced **attack path analysis**, which combines a visual representation of potential attack paths with deep runtime insight from the Polygraph Data Platform. These visual attack paths tie together different attack vectors, including vulnerabilities, misconfigurations, network reachability, secrets, and identity and access management (IAM) roles for every host in the environment. This is provided as an additional layer of context for every alert to clearly show which assets could be attacked and why. As cloud threats continue to grow in volume and sophistication, this critical context enables security teams to identify and prioritize remediation based on risk and actively watch for exploits before they become a problem, all from a single platform.

With the addition of **agentless workload scanning**, customers benefit from more flexibility to build layered security, broader coverage across environments, and faster time to value through vulnerability and secrets discovery in runtime environments without the use of agents. Customers can now assess vulnerabilities and exposed secrets in container images, hosts, and language libraries and deliver a software bill of materials for their runtime environment. This enables:

*   A better understanding of the cloud environment and potential risks with an up-to-date inventory of software components and information about vulnerabilities and exposed secrets in the production environment
*   The ability to scan more resources without an agent for more complete coverage of the runtime environment and to stay compliant with security standards and business needs
*   More flexibility and choice to build layered security with continuous monitoring

“We take security seriously and always consider it a critical factor when we build or deploy new services, “ says Charly Vitrano, Director of Security Operations at Medallia. “Lacework has given the market a new, better, and more secure option for agentless scanning — the privacy and least privilege elements were essential for us to deploy this solution across our environment.”

“In order to provide a complete, robust security solution, customers need both visibility into the risks to prioritize fixing across the entire cloud environment and deep insight into what’s actively happening across their environment so they can take action quickly to protect their business,” said Adam Leftik, VP of Product, Lacework. “We knew delivering only risk prioritization wasn’t good enough, which is why we’ve incorporated advanced visibility and protection from active attacks into our Polygraph Data Platform. Customers now have the context they need to ensure their environments stay safe even as threats continue to grow.”

Lacework is the only security platform that combines the ability to see potential risks from the lens of an attacker with the knowledge of what’s actively happening to uncover attacks without needing to write a single rule. This enables customers to prioritize mitigating the most impactful attack vectors and automatically detect if or when they are exploited.

Attack path analysis and agentless vulnerability scanning are now generally available to Lacework customers. Visit our website to get started today.

Additional Resources:

*   To learn more and to request a demo, please visit our website: www.lacework.com/
*   Check out our blog for more information on our new agentless scanning capabilities.

Read what Lacework customers have to say about the Lacework Polygraph Data Platform.

Lacework Extends CNAPP Capabilities With Attack Path Analysis and Agentless Workload Scanning

Risk-based vulnerability management solutions foster the convergence of risk management and vulnerability management. Andrew Braunberg explains what’s driving the emergence of RBVM.

A change is underway in the vulnerability management market. Traditional vulnerability management solutions are giving way or morphing into a new segment, called risk-based vulnerability management, or RBVM.

Addressing the scale of the vulnerability problem has been a growing concern, as first-generation vulnerability management tools have increasingly overwhelmed users with endless lists of vulnerable assets.

This version of alert fatigue led vendors to examine how a risk-based approach might inform better vulnerability prioritization and response. Instead of trying to figure out how to patch everything faster, RBVM vendors tackle the scale problem by calculating what to patch and what to ignore.

RBVM addresses more than just the scaling problem, however. For example, while legacy internal scanners remain important tools, many of today’s digital assets operate beyond the view of these tools. Similarly, the Common Vulnerability Scoring System (CVSS) is still of value but is now just one of many data points to consider when assessing and prioritizing risk. Modern RBVM solutions leverage what has worked traditionally, while introducing new capabilities, including advanced analytics, as needed, to advance the discipline.

**The Heart of RBVM**

The goal of better understanding and assessing risk is at the heart of RBVM solutions. Not surprisingly, these products are chiefly marketed as providing prioritized risk rankings for vulnerabilities, with the goal of identifying the risk posed by each and determining the next best action.

A related benefit of this risk-based approach is a recognition of which actions can be delayed or ignored altogether. For example, software vulnerabilities can be categorized based on the risk they pose to the organization; those deemed low risk can be put off and addressed as time allows, enabling security and IT operations teams to focus efforts on high-risk vulnerabilities. RBVM solutions, therefore, address both effectiveness and efficiency.

RBVM solutions are designed to leverage existing IT infrastructure. For example, IT service management (ITSM) deployments have become much more prevalent in the last decade and often support patch management features. For RBVM solutions, this means that integration with these existing legacy solutions is often more important than providing an end-to-end vulnerability management solution.

Hence, Omdia believes the most impactful RBVM solutions will not only foster convergence of risk management and vulnerability management but also easily complement and enhance both new and existing enterprise vulnerability management programs.

RBVM is part of a broader rethinking of cybersecurity that emphasizes a more proactive approach to the problems practitioners face. The goal with RBVM is to avoid breaches by eliminating high-risk vulnerabilities, and continuously reducing an organization’s attack surface.

While to be sure, legacy vulnerability management aimed to be proactive as well, RBVM attempts to be both more efficient and effective. RBVM is a topic that enterprises will hear much more about in the months to come.

_Note: Omdia Security Operations Intelligence Service subscribers may read Andrew Braunberg’s full report here: Fundamentals of Risk-Based Vulnerability Management._

Understanding the Rise of Risk-Based Vulnerability Management

The malicious package downloads an image from the Web, then uses a steganography module to extract and execute the code to download malware.

Check Point Research has detected a malicious open source code package that uses steganography to hide malicious code inside image files.

The malicious package was available on PyPI, a package index widely used by Python developers. After being notified of it, PyPI's maintainers have removed the malicious package.

The malicious package, apicolor, looks like one of many development packages available on PyPI. The header states the package is a "core lib for REST API." The package installation script for apicolor has instructions to download additional packages (requests and judyb), along with a picture from the Web. The script then uses the steganography capabilities in judyb to uncover and execute the malicious code hidden inside the image file. The malicious code downloads malware from the Web and installs it on the user's machine.

The impact seems minimal — Check Point Research found only three GitHub users including apicolor and judyb in their code, and a little over 80 projects containing the malicious packages. The infection method relies on people stumbling across these open source projects and installing them on their machines, "not knowing it brings in a malicious package import," the team said.

The more important takeaway? "These findings reflect careful planning and thought by a threat actor, who proves that obfuscation techniques on PyPI have evolved," Check Point Research wrote on the team's blog.

Attackers are no longer just relying on the strategy to copy and rename existing packages and hide malicious code inside. Instead, they are targeting certain type of users — often those working from home, and those using corporate machines for side projects, according to the research team.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Malicious Python Package Relies on Steganography to Download Malware

Hole-y software alert, Batman: Cybercriminal faves Citrix Gateway and VMware Workspace ONE have authentication-bypass bugs that could offer up total access to attackers.

Critical authentication-bypass vulnerabilities in Citrix and VMware offerings are threatening devices running remote workspaces with complete takeover, the vendors warned this week.

Admins should prioritize patching, given the history of exploitation that both vendors have. Both disclosures prompted CISA alerts on Wednesday.

**Citrix Gateway: A Perfect Avenue for Infesting Orgs**

As for Citrix, a critical bug tracked as CVE-2022-27510 (with a CVSS vulnerability-severity score of 9.8 out of 10) allows unauthenticated access to Citrix Gateway when the appliance is used as an SSL VPN solution. In that configuration, it gives access to internal company applications from any device via the Internet, and it offers single sign-on across applications and devices. In other words, the flaw would give a successful attacker the means to easily gain initial access, then burrow deeper into an organization's cloud footprint and wreak havoc across the network.

Citrix also noted in the advisory that its Application Delivery Controller (ADC) product, which is used to provide admin visibility into applications across multiple cloud instances, is vulnerable to remote desktop takeover (CVE-2022-27513, CVSS 8.3), and brute force protection bypass (CVE-2022-27516, CVSS 5.3).

Tenable researcher Satnam Narang noted that Citrix Gateway and ADC, thanks to how many parts of an organization they provide entrée into, are always favorite targets for cybercriminals, so patching now is important.

"Citrix ADC and Gateways have been routinely targeted by a number of threat actors over the last few years through the exploitation of CVE-2019-19781, a critical path traversal vulnerability that was first disclosed in December 2019 and subsequently exploited beginning in January 2020 after exploit scripts for the flaw became publicly available," he wrote in a Wednesday blog.

"CVE-2019-19781 has been leveraged by state-sponsored threat actors with ties to China and Iran, as part of ransomware attacks against various entities including the healthcare sector, and was recently included as part of an updated list of the top vulnerabilities exploited by the People’s Republic of China state-sponsored actors from early October," Narang continued.

Users should update ASAP to Gateway versions 13.1-33.47, 13.0-88.12, and 12.1-65.21 to patch the latest issues.

**VMware Workspace ONE Assist: A Trio of Cybercrime Terror**

VMware meanwhile has reported three authentication-bypass bugs, all in its Workspace ONE Assist for Windows. The bugs (CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687, all with CVSS 9.8) allow both local and remote attackers to gain administrative access privileges without the need to authenticate, giving them full run of targeted devices.

Workspace ONE Assist is a remote desktop product that's mainly used by tech support to troubleshoot and fix IT issues for employees from afar; as such, it operates with the highest levels of privilege, potentially giving remote attackers an ideal initial access target and pivot point to other corporate resources.

VMware also disclosed two additional vulnerabilities in Workspace ONE Assist. One is a cross-site scripting (XSS) flaw (CVE-2022-31688, CVSS 6.4), and the other (CVE-2022-31689, CVSS 4.2) allows a "malicious actor who obtains a valid session token to authenticate to the application using that token," according to the vendor's Tuesday advisory.

Like Citrix, VMware has a history of being targeted by cybercriminals. A critical vulnerability in Workspace ONE Access (used for delivering corporate applications to remote employees) tracked as CVE-2022-22954 disclosed in April was almost immediately followed by a proof-of-concept (PoC) exploit released on GitHub and tweeted out to the world. Unsurprisingly, researchers from multiple security firms started seeing probes and exploit attempts very soon thereafter — with the ultimate goal of infecting targets with various botnets or establishing a backdoor via Log4Shell.

Users should update to version 22.10 of Workspace ONE Assist to patch all of the most recently disclosed problems.

Patch ASAP: Critical Citrix, VMware Bugs Threaten Remote Workspaces With Takeover

Cyberattackers like IPFS because it is resilient to content blocking and takedown efforts.

As has happened with other Web technologies designed for legitimate use, the InterPlanetary File System (IPFS) peer-to-peer network for storing and accessing content in a decentralized fashion has become a potent new weapon for cyberattacks.

Researchers from Cisco Talos this week reported observing multiple malicious campaigns leveraging the IPFS to host phishing kits and malware payloads. For many attackers, the IPFS has become the equivalent of a bulletproof hosting provider that is mostly impervious to takedown efforts, Talos said. Complicating matters for defenders is the fact that the IPFS is often used for legitimate purposes. So, differentiating between benign and malicious IPFS activity is another challenge, the security vendor said.

"Organizations should become familiar with these new technologies and how they are being leveraged by threat actors to defend against new techniques that use them," Talos said in a report summarizing the threat.

**Growing Threat**

This marks at least the second time in recent months that researchers have sounded the alarm on IPFS becoming a hotbed of cybercrime activity.

In July, Trustwave's SpiderLabs noted how its researchers had identified more than 3,000 emails with phishing URLs hosted in the IPFS in a three-month period. Phishing pages that it observed on the IPFS included those that spoofed Microsoft Outlook login pages, Google domains and cloud storage services such as Filebase.io and nftstorage.link. "Phishing techniques have taken a leap by utilizing the concept of decentralized cloud services using IPFS," Trustwave said. The growing use of IPFS by many file storage, Web hosting, and cloud service companies means that attackers have a lot more flexibility in creating new phishing URLs that cannot be easily blocked, the security vendor said.

IPFS is a peer-to-peer file sharing system that Protocol Labs launched in 2015. The network is designed to allow decentralized storage of content. Content stored in the IPFS is mirrored across multiple nodes, or systems that participate in the network. Individuals and others can use IPFS to store different types of data including webpages, files, NFTs, and documents.

Resources stored on the IPFS are assigned unique identifiers. Users can employ the identifier to access the content via IPFS clients or gateways, which are like gateways for accessing content on the Tor network. Because content is mirrored on IPFS, it is always available even if one node goes down.

This has made the IPFS an attractive option for hosting phishing kits and malware for cybercriminals. Because content on the IPFS does not have a static IP address, it cannot be blocked using standard IP blocking and blacklisting mechanisms. Similarly, taking down a node containing phishing pages and malware does little to neutralize a threat because the content is mirrored across multiple nodes. There is also no central authority on the IPFS that law enforcement or security vendors can contact to take down a phishing or malware distributing site.

In an example of how attackers are abusing IPFS, Talos pointed to a phishing campaign in which victims receive an email with an attached PDF that purports to be associated with the DocuSign document signing service. When a user clicks on the "Review Document" link, they are directed to a webpage that appears to be a legitimate Microsoft authentication page but is really a credential-harvesting page hosted on the IPFS network.

In situations where an IPFS gateway might recognize the resource being requested as malicious and block access, attacker simply change the IPFS gateway that is used to retrieve the content, Talos said.

**Phishing Not the Only Threat**

Phishing pages are not the only threat. A growing number of attackers are also leveraging the peer-to-peer network to distribute malicious payloads.

In one campaign that Talos researchers observed, the attacker sent victims a phishing email with a ZIP attachment containing a malware dropper in the form of a PE32 executable. When run, the downloader would reach out to an IPFS gateway and retrieve a second-stage malware payload hosted on the peer-to-peer network. The attack chain ended with the Agent Tesla remote-access Trojan getting dropped on the victim's system.

Talos researchers also found a destructive, disk-wiping malware tool and a full-featured information-stealer called Hannabi Grabber hosted in IPFS nodes.

"Many new Web3 technologies have emerged recently, attempting to provide valuable functionality to users," Talos said in the report. "As these technologies have continued to see increased adoption for legitimate purposes, they have begun to be leveraged by adversaries as well."

The researchers expect the trend to gain momentum as more threat actors realize the IPFS is resilient to content moderation and takedown efforts.

"Organizations should be aware of how these newly emerging technologies are being actively used across the threat landscape and evaluate how to best implement security controls to prevent or detect successful attacks in their environments," the vendor said.

InterPlanetary File System Increasingly Weaponized for Phishing, Malware Delivery

The stalling of federal legislation and the continued expansion of data brokers are fueling a phishing epidemic.

It's been over four years since the EU implemented its groundbreaking General Data Protection Regulation. The GDPR became the model for personal data privacy laws in many other countries, and for the California Consumer Privacy Act (CCPA), which took effect in 2020. New data privacy laws are set to take effect in four more US states in 2023, and six states are actively working on bills.

But in four years' time, little progress has been made at the federal level. The latest discussion draft of the American Data Privacy and Protection Act, released on June 6, has several unresolved issues that will likely stand in the way of bipartisan support. This lack of federal privacy regulation is costing US businesses money in ways they don't even realize.

Regulatory uncertainty and the lack of a single compliance standard is obviously costly, though the amount can be difficult to quantify. What's less obvious but more quantifiable is the explosion in crimes against businesses, specifically business email compromise (BEC) and ransomware. These crimes are being fueled by the widespread availability of very detailed, legally collected personal data. If the government won't act, it would behoove businesses to take steps to help employees protect their personal data and, in the process, protect themselves.

According to data from the IC3, the FBI's Internet Crime Complaint Center, BEC attacks cost businesses $2.4 billion in 2021, up from $1.8 billion in 2020. Furthermore, they dwarf all other types of cybercrime against businesses, accounting for 34% of 2021 losses from all types of cybercrime. Ransomware schemes cost businesses $49 billion in 2021, the IC3 says, more than doubling from $20 billion in 2020.

Those costs only reflect direct losses. According to research from the Ponemon Institute, the cost of loss productivity and remediation of compromised credentials and systems associated with these crimes can more than double the tab.

Working from home, where computing environments are less secure, has been a factor in the rise in these crimes. But so has the increase in the amount and variety of personal data available on the Internet.

Data fuels phishing, which is the gateway for these crimes. Phishing is typically done via email but also via text or instant messaging, social media, and even collaboration platforms. Criminals use data to pose as a trusted source communicating in one of these channels and convince the victim to click on a malicious link. That can lead to the installation of malware or ransomware, as well as the collection of login credentials or other sensitive data.

**Phishing for Business**

This can have devastating consequences for individuals, but phishing attacks are increasingly being used to gain entry to government and corporate systems. The IC3 received 323,972 phishing complaints in 2021, up from 25,344 such complaints in 2017 — a stunning 120% increase. According to Verizon's "2020 Mobile Security Index," 2% of employees click on a phishing link every day.

Once they gain access, bad actors can lurk inside company systems, studying workflows, monitoring communications, and waiting for an opportunity. Let's say an employee posts on social media while away on vacation. That's the opening a bad actor has been waiting for. They hop into the vacationing employee's email account, which contains a thread with a vendor's accounts payable department discussing payment of an invoice. The bad actor adds another message to the thread: "Can you also update our bank account and send the payment to the new account." According to the IC3 report, the average loss for a successful BEC attack like this was $120,000 in 2021.

**Data Brokers Don't Help**

Phishing is becoming ever more effective due to all the data criminals have to customize their communications. They don't even have to steal the data. They can get it on any one of about 150 people search sites, which is a segment of the data broker industry that has been growing both in size and in the type of information they collect.

These sites, which are largely unregulated, started out by collecting publicly available data, such as names, addresses, and phone numbers. Now they collect an even wider variety of data gleaned from a much wider variety of sources. Information such as a person's political views, dietary preferences, pets, and even a person's Amazon wish list can be easily found for a small monthly subscription fee. And it's all currently legal.

Personal data is a very sensitive tool that cybercriminals use to cause real harm to people whose data is publicly available on the Internet. But it's not just individuals who suffer. The payday from crimes against businesses can dwarf gains from crimes against individuals, making them especially attractive targets. Businesses are only as safe as their most digitally vulnerable employees.

It may be years before we have comprehensive federal legislation to protect data privacy. That is why organizational efforts to prevent cybercrime must include working with employees to reduce and remove their personal information from the Internet. That will make it more difficult for malicious actors to obtain employee data to leverage in their attacks.

How US Businesses Suffer From the Lack of Personal Data Privacy Laws

Suffolk County had to hand deliver voting databases with ballot results to the county election headquarters.

Lingering effects of a September ransomware attack delayed midterm vote tabulation in Suffolk County, which encompasses eastern Long Island in New York state.

Officials on Tuesday night said that 450,000 election night results would be significantly held up for state, federal, and local races thanks to an unexpected Wi-Fi outage related to the attack. Republican Party chairman Jesse Garcia told local outlet Newsday that the outage had prevented officials from uploading voting results — instead necessitating poll workers to bring 1,446 memory cards containing ballot results to election board headquarters.

Suffolk results began to be counted around 2:30 a.m. early Wednesday, according to the report.

The county is home to around 1.5 million people, and includes tony alcoves and summer destinations like the Hamptons and Fire Island, along with working and middle class neighborhoods. Long Island has been considered an important population bloc when it comes to deciding the fate of midterm election contenders in the Empire State — including the hotly contested governor's race between Democratic incumbent Kathy Hochul and Suffolk County resident and GOP rival Lee Zeldin (Hochul was declared winner on Wednesday).

The Sept. 8 cyberattack wreaked havoc in the area, forcing 911 operators to work with pen and paper, taking down police in-car computers, and even knocking out the real-estate titling system, among other issues. It's unclear what exactly affected the Wi-Fi, though Newsday reported an official speculating that "extra protections" implemented by the county could be to blame.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Long Island Midterm Votes Delayed Due to Cyberattack Aftereffects

Massachusetts Attorney General announced settlements across multiple states for damages from Experian's 2012 and 2015 breaches that violated consumer protection and notification laws.

Massachusetts Attorney General Maura Healey (now governor-elect) this week announced a one-two punch: Experian will pay $13.6 million in a multistate lawsuit settlement over its infamous data breaches in 2012 and 2015, which compromised personal information of millions of consumers nationwide; and T-Mobile will hand over $2.5 million for its customers who were affected by the 2015 breach at the credit-monitoring provider.

Some 15 million T-Mobile customer credit applications were exposed in the 2015 attack on Experian, which handled the processing of the mobile carrier's customer credit applications. Social Security numbers, birthdates, drivers' licenses, and passport information were among the exposed consumer data.

In addition to the settlement fees, both Experian and T-Mobile committed to taking steps to better secure data. Experian also must provide five years of free credit monitoring to people whose data was exposed — on top of the free services that had previously been provided to victims. T-Mobile also agreed to tighten up vendor oversight.

AG Healey helped lead the investigation into the 2012 data breach, working with attorneys general in Connecticut, Illinois, Indiana, Maryland, New Jersey, North Carolina, Texas, and Vermont, and also worked on the 2015 breach investigation, headed up by the attorneys general of Connecticut, Illinois, Maryland, Texas, and Washington, DC.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Source

DARKReading