{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


linkedin facebook twitter instagram
Two weeks after ransomware attackers forced Travelex systems to go offline, the company says its recovery is underway now. Corporate technology provider Citrix is rushing to fix a big flaw. And the FBI is the latest government agency to warn about Iranian hacking. This is CyberScoop for Monday, January 13.

Travelex keeps (mostly) quiet as ransomware pain ripples

Travelex said it's making “good progress” in its recovery from a security incident that, on Dec. 31, forced the company to suspend online services, including its app and internal email systems. Ransomware attackers used a malicious software strain called Sodinokibi, or REvil, reportedly to demand a fee of $6 million (£4.6 million) to release the affected data. Now, Travelex said, it is restoring internal processes and issuing refunds to customers “where appropriate." Hackers previously said they were in negotiations with Travelex about the ransom payment. (Travelex did not respond to a request for comment from CyberScoop Monday.) Jeff Stone has the latest.

A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.

Citrix scrambles to fix a critical flaw

Citrix, provider of widely used corporate VPN services, is still working on a patch for a critical flaw in two of its products that could allow hackers control over an enterprise network. After releasing a stopgap security measure to help affected organizations, the company is testing patches that will be rolled out in the coming weeks. In the meantime, security experts are testing their own exploits to help organizations prepare for what they say is inevitable malicious abuse of the vulnerability.  “We have a working exploit, and it took us under a day to develop it,” TrustedSec’s Dave Kennedy told CyberScoop. “Attackers have the same capabilities.” Security analysts also disputed Citrix’s assertion that only a limited number of devices with the vulnerability were exploitable. Sean Lyngaas is following it all.

The FBI's warning on Iran

In an advisory to industry last week obtained by CyberScoop, the FBI said that it had observed Iranian hackers conducting more reconnaissance in the days since a U.S. airstrike killed Gen. Qassem Soleimani. The FBI assesses that the country could use “a range of computer network operations against U.S.-based networks in retaliation for last week’s strikes against Iranian military leadership,” the memo says. It highlights the point that Iran-linked hackers seem poised to leverage vulnerabilities in VPN apps to gain access to a target. U.S. government agencies, defense contractors, and nongovernmental organizations should be on alert for Iran’s computer operatives, the FBI said. Sean had the scoop.

FBI names new head of cyber, criminal branch

The FBI on Friday announced that Terry Wade, a 23-year veteran of the bureau, would be the new executive assistant director of the Criminal, Cyber, Response, and Services Branch. Wade replaces Amy Hess, who is leaving that post to become chief of public services in the City of Louisville, Kentucky. Wade’s post is one of the most senior positions at the FBI focusing on cybersecurity, charged with overseeing global cyber investigations and responding to hacks while helping victims. Find more details here

Crime doesn't pay. Seriously.

A 29-year-old London man who hacked the U.K.’s National Lottery has been sentenced to nine months of prison. Under the pseudonym Rosegold, the man, Anwar Batson, counseled other people on how to use Sentry MBA, a brute-forcing tool used to automatically guess passwords, against the lottery’s website. In all they only stole £13, of which Batson only got £5. The company that operates the lottery said it had spent £230,000 ($298,000) to address the hacks. Read the U.K.’s National Crime Agency notice for more.

TSA says it wants cybersecurity embedded in new equipment

The agency announced in a special notice this week 17 new cyber-related vendor requirements, the first of which is that they adopt a demonstrable culture of “cybersecurity by design” for security technology. “Sharing these requirements with industry and the public will: increase security levels, raise the bar of cybersecurity across screening solutions, provide vendors an opportunity to demonstrate their cybersecurity credentials, and provide an aligned approach across the industry — making it easier for vendors to adapt to end user requirements,” reads the notice. Vendors will also be required to implement “adequate” access control and account management practices that enable multi-level access to equipment and restrict users to required levels. Dave Nyczepir has more at FedScoop.

Ransomware attacks struck Albany's airport

Albany's International Airport announced last week that hackers infected its administrative computers on Christmas Day, making data inaccessible until executives paid the fee. The airport paid a $100,000 ransomware fee, according to StateScoop's Benjamin Freed. That decision contrasted with the Daily Gazette, a newspaper in Schenectady, New York, which also was infected but restored its data from backups. Local news outlets are all over it.

Tweet Of The Day


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}