Motherboard: On-the-Run Hacker Who Allegedly Breached Federal Cop Database Arrested in Florida. “Nicholas Ceraolo, who faces years in prison for allegedly accessing a U.S. federal law enforcement database and other crimes, was still at large when authorities announced the charges against him.”
Bleeping Computer: Fruit giant Dole suffers ransomware attack impacting operations. “Dole Food Company, one of the world’ largest producers and distributors of fresh fruit and vegetables, has announced that it is dealing with a ransomware attack that impacted its operations.”
Ars Technica: GoDaddy says a multi-year breach hijacked customer websites and accounts. “GoDaddy said on Friday that its network suffered a multi-year security compromise that allowed unknown attackers to steal company source code, customer and employee login credentials, and install malware that redirected customer websites to malicious sites.”
Bleeping Computer: Florida hospital takes IT systems offline after cyberattack. “Tallahassee Memorial HealthCare (TMH) has taken its IT systems offline and suspended non-emergency procedures following a late Thursday cyberattack. While all its network systems were taken online, TMH says this attack only impacted some of them.”
Ars Technica: GitHub says hackers cloned code-signing certificates in breached repository. “GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom.”
Ars Technica: Ransomware victims are refusing to pay, tanking attackers’ profits. “Two new studies suggest that ransomware isn’t the lucrative, enterprise-scale gotcha it used to be. Profits to attackers’ wallets, and the percentage of victims paying, fell dramatically in 2022, according to two separate reports.”
TechCrunch: A hack at ODIN Intelligence exposes a huge trove of police raid files. “Detailed tactical plans for imminent police raids, confidential police reports with descriptions of alleged crimes and suspects, and a forensic extraction report detailing the contents of a suspect’s phone. These are some of the files in a huge cache of data taken from the internal servers of ODIN Intelligence, a tech company that provides apps and services to police departments, following a hack and defacement of its website over the weekend.”
University of Minnesota: Ransomware attacks on America’s health care systems more than doubled from 2016 to 2021, exposing the personal health information of millions. “The annual number of ransomware attacks on health care provider organizations more than doubled from 2016 to 2021, exposing the personal health information of nearly 42 million individuals.”
Washington State University: Fear can inspire remote workers to protect IT resources. “Fear of what could go wrong is the greatest motivator when it comes to getting remote workers to protect their employer’s information technology security, according to a recent study in Computers & Security. But it tends to work best when employees also have a solid understanding of the severity of potential security threats, including the knowledge of what to do when the worst happens.”
Iowa Capital Dispatch: Iowa counties’ records inaccessible in wake of suspected cyberattack. “Iowa’s county recorders maintain land records, issue marriage licenses and register births and deaths. They also issue titles and liens on boats, snowmobiles and ATVs. The biggest immediate effect of the apparent hack is that the public, as well as the recorders themselves, can’t currently access real estate records.”
WIRED: The Worst Hacks of 2022. “Here’s WIRED’s look back on the year’s worst breaches, leaks, ransomware attacks, state-sponsored hacking campaigns, and digital takeovers. If the first years of the 2020s are any indication, the digital security field in 2023 will be more bizarre and unpredictable than ever. Stay alert, and stay safe out there.”
Financial Times: Cyber attacks set to become ‘uninsurable’, says Zurich chief. “The chief executive of one of Europe’s biggest insurance companies has warned that cyber attacks, rather than natural catastrophes, will become ‘uninsurable’ as the disruption from hacks continues to grow.”
Government Accountability Office: As Cyberattacks Increase on K-12 Schools, Here Is What’s Being Done. “In recent years, cyberattacks on K-12 schools have increased. Not only do these attacks disrupt educational instruction and school operations, they also impact students, their families, and teachers. The scale and number of attacks increased during COVID-19 as more schools moved to remote learning and increased their reliance on IT services. Today’s WatchBlog post looks at the growing risks and impacts of cyberattacks on schools, and our work on federal efforts to assist K-12 schools.”
Engadget: LastPass reveals another security breach. “LastPass CEO Karim Toubba has revealed that the password manager has been breached again. Toubba said the company detected an unusual activity within a third-party cloud storage service that it shares with its parent company GoTo, which was formerly known as LogMeIn.” I’m a longtime customer of LastPass, but I’m going to have to think about that.
University of Michigan: Cyber vulnerability in networks used by spacecraft, aircraft and energy generation systems. “A new attack discovered by the University of Michigan and NASA exploits a trusted network technology to create unexpected and potentially catastrophic behavior.”
The ResearchBuzz Firehose is regular RB content presented as individual posts.
For digest-type posts a couple of times a day, please visit ResearchBuzz.
Want to know how to best use the Firehose for content discovery?
Check out this handy article.