Cybersecurity Weekly: Ransomware denial, addressing the gender skills gap, audio deepfakes

Category: Security awareness
September 9, 2019

A Massachusetts city declines a $5.3 million ransomware demand, opting to restore from backup instead. An Irish staffing company works to close the cybersecurity skills gap for migrant women. The first known case of successful financial scamming via audio deepfakes. All this, and more, in this week’s edition of Cybersecurity Weekly.

1. $5.3 million ransomware demand: Massachusetts city says no thanks

After a ransomware attack slapped a hefty payout demand of $5.3 million on New Bedford, Massachusetts, the city announced that it is instead opting to restore from backups. As a result of “a combination of luck, skill and the architecture of the system,” only about 4% of its computers were affected by the attack.
Read more »

2. SMBs embracing cloud, but security remains a concern

A growing majority of SMBs are turning to cloud computing for their IT infrastructure, but at the same time, IT and security professionals struggle to understand the nuances of cloud security. Cloud infrastructure is becoming more complex, especially when managing a hybrid environment of private and public clouds.
Read more »

3. Careers in cybersecurity aren’t just a man’s game

As we travel further into the digital age, our systems continue to become more complex and more vulnerable and, in turn, there is a greater need for professionals who specialize in cybersecurity. Techfindr, an Irish IT staffing company, invests in the skills of migrant women to combat this challenge.
Read more »

4. What does good cyber resilience look like in 2019?

Some of the best cyber resilience planning in 2019 comes from simplicity, beginning with the NIST’s Cybersecurity Framework. After taking that first step, cybersecurity education is the next piece of the puzzle. If your organization is not receiving regular training, it’s time to sound the alarm.
Read more »

5. 8 ways to spot an insider threat

The good news and the bad news with insider threats? The good news is that most insider threats derive from negligence, not malicious intent. The bad news is that the frequency of negligence is already ahead of where it was in 2018. Compounding the problem is the fact there are more networks, devices and data to monitor and secure.
Read more »

6. CEO “deepfake” swindles company out of $243,000

In the first known case of successful financial scamming via audio deepfakes, cybercrooks were able to create a near-perfect impersonation of a chief executive’s voice – and then used the audio to fool his company into transferring $243,000 to their bank account. Security experts say that the incident sets a dangerous precedent.
Read more »

7. Google fined $170 million for violating kids’ privacy on YouTube

Google agreed to pay a $170 million fine to settle allegations by the FTC and the New York attorney general that its YouTube service earned millions by illegally harvesting personal information from children without their parents’ consent. The settlement requires Google to pay $136 million to the FTC and a $34 million fine to New York State.
Read more »

8. Leaky server exposes 419 million phone numbers of Facebook users

Phone numbers linked to the accounts of hundreds of millions of Facebook users have been found online on an insecure server in the latest privacy slip-up for the social media giant. The server, which lacked password protection, contained more than 419 million records over several databases and multiple countries.
Read more »

9. Over $37 million lost by Toyota boshoku subsidiary in BEC scam

Toyota Boshoku Corporation, a car components manufacturer member of the Toyota Group, announced today that one of its European subsidiaries lost more than $37 million following a business email compromise attack. Overall, BEC victims lost over $1.2 billion in 2018, according to an Internet Crime report issued in April 2019.
Read more »

10. Android flaws decline in 2019 as iOS malware rises

The number of security bugs affecting Android devices fell sharply in the first half of this year, although the proportion of these which are deemed “critical” increased. Meanwhile, Apple’s iOS saw a 25% rise in detected vulnerabilities compared to 2018. 155 were found in the first six months of the year — almost double the amount found in the Android OS.
Read more »

Ready to be inspired? Join us in Chicago for Infosec Inspire19

The Infosec IQ user conference designed for you — two days packed with actionable education, industry best practices, IQ sneak peeks and networking.