Chipotle has announced that it is working with law enforcement and cybersecurity experts to look into unauthorized activity on its credit card payment system. The company is investigating transactions from March 24 to April 18, and it will release details on the timeline and affected restaurants as the investigation continues.
Organizations that view cybersecurity as a cost drain and apply only minimal protections may be inviting a cybersecurity crisis, Sean Cassidy writes. These organizations can help avoid a catastrophe by keeping security at the core of its business and by implementing security measures across departments and technologies.
The nonprofit Midwest Cyber Center and the St. Louis Agency on Training and Employment have announced an apprenticeship program to prepare individuals to fill available cybersecurity jobs in the city's metro area. The program will connect candidates with area businesses for the paid 18-month apprenticeships.
Webinar: Malvertising targets and infects you Wednesday, May. 10 — 11am PT/ 2pm ET
Join speakers Anthony Aragues, VP, Security Research, Anomali and Jason Bickham, VP, Technical Operations, The Media Trust as they discuss how malvertising bypasses most traditional security defenses, including your threat intelligence strategies. Sign up
The federal government and private businesses need to open up conversations and explore regulations for the security of autonomous vehicles, National Institute of Standards and Technology fellow Ron Ross said. Without these discussions, connected vehicles are left vulnerable to distributed-denial-of-service attacks.
Hyundai said there was a bug in its Blue Link mobile app that allowed vehicles to be started remotely for three months before the vulnerability was discovered and fixed. The Department of Homeland Security said that there were "[n]o known public exploits," as a "high skill level" was needed to take advantage of the flaw.
File-encrypting ransomware Locky has returned after disappearing this year, cybersecurity researchers said. Ransomware found in phishing emails now use the Dridex botnet for greater chance of infection of critical files in systems, with attackers demanding bitcoins from their victims.
Foreign governments that use private criminal hackers leave themselves vulnerable, and the private hackers can be apprehended more easily than intelligence officers, said Adam Hickey of the Justice Department. "That matters because apprehending them ... can give us the human intelligence into state-sponsored hacking that can be very, very valuable and supplement the technical insight," Hickey said.