Data from 900 Pulse Secure VPN enterprise servers -- including IP addresses, usernames and passwords, and administrator account information -- have been posted on the dark web. A security researcher noted that the breached servers were all running a firmware version that had a known vulnerability.
Tech firm Canon has been hit by Maze ransomware, with 10 terabytes of data reportedly stolen and more than 20 company-owned domains affected. Unlike the malware used in the recent attack on Garmin, the Maze ransomware exfiltrates data and encrypts files, and the hackers typically begin posting the data publicly if ransom demands are not met.
Cryptocurrency trading platform Bitfinex is offering up to approximately $400 million to anyone who can return up to 119,756 bitcoin -- now worth $1.335 billion -- that were stolen in 2016. The company is also offering 5% of the bitcoin recovered to anyone who puts them in contact with the hackers who stole the bitcoin.
The State Department is offering up to $10 million for information on persons or organizations working with foreign entities to interfere with US elections through illegal cyberactivities. The initiative covers attacks against election infrastructure, voting machines, US election officials, candidates and campaign staffers.
Five indicators can serve as red flags that a ransomware attack may be imminent, and information security executives should be alert for them, writes Peter Mackenzie. He lists several network scanners and hacking tools whose presence should prompt an investigation, including AngryIP, Advanced Port Scanner and MimiKatz.
The National Security Agency has warned that cellphone location tracking threatens security, and it has advised intelligence and military personnel on safe practices, including turning off apps' location-sharing features. Wearable devices also have the potential to be threats, the agency added, noting that users outside the Department of Defense also might benefit from its guidance.
Australia's sweeping 2020 Cyber Security Strategy, issued this week, would boost law enforcement's authority to actively defend critical infrastructure and go after cybercriminals on the dark web. It would also set up networks for sharing information with the private sector.