Judge Says Insurance Company Must Pay for Ransomware Attack; Google Suspends Paid Chrome Extensions; Mozilla Bans Malicious Firefox Add-ons

A US federal judge in Maryland has ordered State Auto Property & Casualty Insurance to cover the costs one of its customers incurred as the result of a ransomware attack. National Ink & Stitch had sought $310,000 in damages from the State Auto following the late 2016 attack that forced the screen printing company to replace its computer system.

Read more in

All paid Chrome extensions have been suspended from being published or updated in the Google Chrome Web Store. Google cited a "significant increase in the number of fraudulent transactions involving paid Chrome extensions that aim to exploit users." The suspension is temporary while Google determines the best long-term solution to the issue.

Read more in

Mozilla has banned close to 200 Firefox add-ons over the past two weeks. The banned add-ons were found to be executing malicious code, stealing data, or hiding their source code. Not only have they been removed from Mozilla's add-on portal, they have also been disabled in browsers where they are already installed.

Read more in

A report from the US State Department's Office of Inspector General (OIG) noted that an "assessment of the Department's information security program identified numerous control weaknesses that affected program effectiveness and increased the Department's vulnerability to cyberattacks and threats." The report comes just a week after Senator Mark Warner (D-Virginia) asked Secretary of State Mike Pompeo what he has done to address the security problems identified in the earlier reports. In the letter, Warner expressed concerns about the State Department's abilities to address increasing "offensive cyber activity by Iran," and referenced risks noted in earlier OIG audit reports.

Read more in

The US Department of Homeland Security's (DHS's) Cybersecurity and Infrastructure Security Agency (CISA) has released an advisory warning about six critical vulnerabilities affecting GE CARESCAPE Telemetry Server, ApexPro Telemetry Server, CARESCAPE Central Station (CSCS) and Clinical Information Center (CIC) systems, CARESCAPE B450, B650, B850 monitors. GE is developing fixes for the vulnerabilities and has suggested mitigations to help protect vulnerable devices until the patches are available.

Read more in

According to a report from Recorded Future, hackers targeted systems at "a key organization in the European energy sector." The report says that the attack likely began in late fall 2019 and continues through the beginning of January, 2020. The hackers used the Pupy remote access Trojan (RAT) in the attack.

Read more in

Researchers from Trend Micro created a honeypot that imitates a factory environment. The honeypot, which was launched in May 2019, drew a variety of attacks, including cryptominers and ransomware. The report notes that "organizations should ensure that their equipment and the components of their ICSs are not exposed online... [and should implement] strict authentication policies to minimize the possibility of intrusions.

Read more in

Last week, Mitsubishi Electric disclosed that it was the victim of a cyber attack in June 2019. The attackers appear to have exploited a then-unknown vulnerability in TrendMicro OfficeScan antivirus; they stole 200MB of company files. TrendMicro patched the flaw in October 2019, noting at the time that it was being actively exploited.

Read more in

Cisco has released a fix for a vulnerability in its Webex video conferencing platform. The flaw could be exploited to access password protected meetings without authorization; attackers would need a valid meeting ID along with the Webex app on an Android or iOS device. Unauthorized attendees appear in the attendee list. The issue is fixed in Cisco Webex Meetings Suite sites version 39.11.5 and Cisco Webex Meetings Online sites version 40.1.3.

Read more in

New Federal Energy Regulatory Commission (FERC) rules for reporting cybersecurity incidents allow organizations to decide themselves whether or not an incident merits reporting. The president of the Utility Workers Union of America is concerned that utilities may place profits ahead of addressing cybersecurity issues. The new rules, which were introduced in June 2019, say that "Each responsible entity will be required to develop criteria for identifying an attempt to compromise a cyber asset and then apply those criteria during its cyber security incident identification process."

Read more in

The recently patched flaw in Citrix products is being exploited to infect systems with Sodinokibi ransomware.

Read more in

The hackers behind the ransomware attack on the Travelex international currency exchange have launched an attack against Gedia Automotive Group, a German automotive parts manufacturer, infecting its systems with the ransomware known as Sodinokibi. Gedia says it has shut down its IT systems and that its employees have been sent home. The hackers say they have taken data from Gedia's systems and plan to upload them if the company does not pay the ransom.

Read more in

Tillamook County in Oregon is reporting that it was hit with a ransomware attack that prompted the county to take its computer and telephone systems offline as a precaution.

Read more in

The Tampa Bay Times was hit with Ryuk ransomware last week. The company did not pay a ransom, and it is working to restore systems from backups and cleaning malware from its systems.

Read more in

Servers belonging to the city of Potsdam, Germany have been taken offline in the wake of a cyberattack.

Read more in

Since a December 2019 ransomware attack, systems at the California city of Galt are roughly 85 percent rebuilt and restored.

Read more in

The National Cybersecurity Center of Excellence (NCCoE) has released a National Institute of Standards and Technology (NIST) draft document aimed at helping "organizations detect and respond to data integrity events across multiple industries." NCCoE is accepting comments on Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events through February 26.

Read more in