Malware Targets macOS. Researchers have detected a new malware variant that targets macOS systems. The malware has been linked to the OceanLotus advanced persistent threat (APT) group, which has ties to the Vietnamese government. The malware spreads through malicious files included in phishing emails. Read more in:
New Zealand’s New Data Privacy Law Takes Effect December 1, 2020. New Zealand’s Privacy Act 2020 takes effect on December 1. Under the new law, organization are obligated to report data breaches that pose a “risk of harm.” The law applies to New Zealand-based organizations that handle data as well as organizations that conduct business and/or collect data about New Zealand residents. Read more in: New Zealand Privacy Act: Updated data breach legislation comes into effect tomorrow
Texas Governor’s Support Leads to 1,150 Students in 235 High Schools Discovering Their Level of Cybersecurity Talent and Vying for $2 Million in Scholarships. Texas Governor Abbott’s active support has enabled more than 1,000 high school students to use CyberStart America to discover their cyber aptitude in less than 30 days. Many participants are finding they are hooked on solving cybersecurity problems as “cyber protection agents,” even those who never took a computer science or networking or cybersecurity class. New Jersey’s Governor Murphy also promoted the program to students and New Jersey’s students are cutting into Texas’s lead. With 100 more days to go in CyberStart America and every high school student in every state eligible for the free program, at least 30,000 America high school students will be able to begin their professional journey toward a career in cybersecurity and/or computer science with $2 million in college scholarships available to those who do well.
Governor Abbott Announces Partnership With CyberStart America To Promote Cybersecurity Career Track For Texas High School Students
Governor Murphy Strongly Encourages High School Girls To Participate In Upcoming 2020 Girls Go CyberStart Competition
Leaderboard to see how students in your state are doing.
Site to Learn More and Sign Up for CyberStart America.
Pennsylvania County Pays $500,000 After Ransomware Attack. The government of Delaware County (Pennsylvania) paid $500,000 to regain access to their systems following a ransomware attack. The county took some of its systems offline after discovering the incident. Read more in:
Baltimore (Maryland) County Schools Suffers Ransomware Attack. The Baltimore County Public School (BCPS) system was forced to cancel classes and shut its offices on Wednesday, November 25 after its network was hit with ransomware. BCPS exhorted students and staff not to use district-issued Windows computers. District-issued Chromebooks were not affected. Read more in:
University of Vermont Medical Health Network Still Recovering from October Ransomware Attack. More than a month after a ransomware attack hit systems at the University of Vermont Medical Health Network (UVMHN), the organization is still working on restoring services. UVMHN comprises seven facilities in Vermont and New York State. Read more in:
AspenPointe Discloses September Data Breach. Colorado-based healthcare company AspenPointe has disclosed a data breach that affected nearly 300,000 patients. The attackers compromised both personal health information (PHI) and personally identifiable information (PII). The attackers had access to the system for 10 days in mid-September 2020. Read more in: Healthcare provider AspenPointe data breach affects 295K patients
Advantech Confirms Ransomware Attack. Advantech, a Taiwan-based company that manufactures chips used in Internet of Things (IoT) devices, has confirmed that its systems were hit with a ransomware attack. The threat actors have posted some Advantech documents online; they are reportedly demanding 750 Bitcoins for ransom. Read more in:
Microsoft Teams No Longer Supports Internet Explorer. As of Monday, November 30, Microsoft Teams no longer supports Internet Explorer 11. If users log into the web version of Microsoft Teams with IE 11, they will see a message reminding them that the browser is no longer supported and recommending that they use the desktop client instead. The withdrawal of support is one in a series of changes Microsoft is implementing to encourage users to move to their Edge browser. Read more in:
Spamhaus Says 50+ Dormant Domains Springing Back to Life is Suspicious. According to Spamhaus, more than 50 networks sprung back to life after being dormant for some time. The networks, all of which are in the North American region, were revived at the same time; each of the networks was introduced by autonomous system numbers that have also been dormant. Spamhaus has placed most of the suspect networks on its DROP list “until their owners clarify the situation.” Read more in:
TrickBot Botnet Comes Creeping Back. The TrickBot botnet appears to be re-emerging after Microsoft and US Cyber Command efforts to disrupt it earlier this fall. Both organizations targeted the botnet’s command-and-control servers. The newest iteration of TrickBot uses a clever obfuscation technique to sneak the payload past detection tools. Read more in:
US Supreme Court Hears Arguments in CFAA Case. The US Supreme Court is hearing appeal arguments in a case that is likely to determine how broadly or narrowly the Computer Fraud and Abuse Act (CFAA) is interpreted. The case seeks to overturn the conviction of a Georgia police officer who used his legitimate access to a license plate database to search for information at the request of an individual who turned out to be an undercover FBI agent. Read more in:
Microsoft Defender for Identity Can Detect Zerologon Exploits. Microsoft Defender for Identity, a cloud-based security product, is now capable of detecting attacks that exploit the Zerologon. Microsoft says that customers “will be able to identify the device that attempted the impersonation, the domain controller, the targeted asset, [and] whether the impersonation attempts were successful.” Read more in:
