Welcome to this week's Security and Compliance Weekly Roundup.
This is a weekly series of posts highlighting some of the most read or interesting security and compliance news stories as well as those that peaked the interest of the staff here at Omni in the past week.
Dallas area Police Department losses digital evidence because of ransomware
The Cockrell Hill Police Department lost video evidence and a cache of digital documents after hackers invaded the department’s computer system last month.
Stephen Barlag, Cockrell Hill's police chief, said the incident was not the work of hackers, but acknowledged that the incident included a computer-generated ransom demand.
Tax Season Triggers Wave of W-2 Business Email Compromise Attacks
Campbell County Health is the latest victim of a W-2 business email compromise attack, which has resulted in the tax information of 1,457 hospital employees being disclosed to a scammer.
The Gillette, WY-based healthcare system discovered Wednesday that an employee had responded to an email request for the W-2 form data of hospital employees. As is common in these scams, the attacker impersonated a hospital executive and requested W-2 information for all employees who had taxable earnings in 2016.
Yahoo under SEC investigation for keeping the lid on data breaches for years
TheNextWeb, 23 Jan 2017: Yahoo may have just gotten a new name, but its past mistakes keep coming back to haunt its future. The Wall Street Journal reports the company is currently under investigation by the Securities and Exchange Commission for delaying its massive data breach announcements for years.
Protected US military server poked via army recruitment website
TheRegister, 23 Jan 2017: Beads of sweat must have surely run down the face of one hacker who, while trying to score a bug bounty, inadvertently infiltrated an "internal US Department of Defense website that requires special credentials to access." The unnamed hacker used exploited a pair of vulnerabilities to gain access to the US Army network via an unpatched website and a misconfigured proxy.
'Bluff' ransomware is on the up
TheRegister, 24 Jan 2017: Two in five large UK businesses have fallen victim to a "bluff" ransomware attack, according to a new survey. "Bluff" ransomware attacks involve cybercriminals falsely claiming that malicious software has successfully infected an organization’s network before demanding an extortionate payment in return for the "encryption key" supposedly needed to access data.
Cyber probes gain traction on the Hill
FCW, 26 Jan 2017: Congress has come under fire from industry, government officials and its own members for having piecemeal oversight of cyber. That could change with the introduction of a Senate resolution to create a Select Committee on Cybersecurity.
Malware Hidden in Fake Banking Emails Steals Your Data and Bitcoins
Softpedia, 27 Jan 2017: A new malware has been discovered, targeting bank customers, which seeks to steal passwords and Bitcoin from crypto-currency wallets. The discovery was made by security vendor Cyren who considers this to be a massive outbreak of malware.
Omni can help with your cybersecurity and compliance needs.
Visit our Cybersecurity and Compliance page to learn about how Omni can help you protect your company from ever growing cyber threats.