CSO Online

Las Vegas UPS Store makes risk adjustments due to DEF CON

LAS VEGAS - The UPS Store in Caesars Palace is preparing to host thousands of hackers this weekend by issuing a warning to hotel guests who are looking for printing services – no USB printing and no links.

“Due to the DEF CON Hacking Convention, we will be accepting email print jobs with attachments only. We will not accept USB prints or any links. We apologize for the inconvenience.”

The message, which is posted on the desk at the UPS Store within the DEF CON hotel, is a clear example of the balance between risk and operations.

To read this article in full or to leave a comment, please click here

Categories: CSO Online

Configuration errors blamed for sensitive data exposed via Google Groups

CSOOnline - Salted Hash - Top Security News - Mon, 07/24/2017 - 12:00pm

Researchers at RedLock, working within the Cloud Security Intelligence team, say they've discovered hundreds of organizations exposing sensitive data via Google Groups, pinning the cause on basic configuration issues.

"A customer-controlled configuration error in the Google Groups sharing settings has led to the exposure of sensitive data such as personally identifiable information (PII), including employee salary compensation details, sales pipeline data, customer passwords, names, email addresses and home addresses at hundreds of companies," an advisory shared with Salted Hash explains.

To read this article in full or to leave a comment, please click here

Categories: CSO Online

Scammers demand Bitcoin in DDoS extortion scheme, deliver empty threats

CSOOnline - Salted Hash - Top Security News - Wed, 07/19/2017 - 1:00pm

The FBI has issued an advisory to businesses over a recent string of DDoS extortion attempts. The perpetrators are claiming to be affiliated with Anonymous or Lizard Squad, and their demands threaten sustained attacks unless a Bitcoin payment is made.

Between April and May of 2017, the FBI says at least six companies received emails claiming to be from “Anonymous” or “Lizard Squad” making threats of DDoS attacks within 24-hours unless the company paid a ransom demand in Bitcoin.

“The email stated the demanded amount of Bitcoin would increase each day the amount went unpaid. No victims to date have reported DDoS activity as a penalty for non-payment,” the FBI alert goes on to explain.

To read this article in full or to leave a comment, please click here

Categories: CSO Online

A Blue Team's reference guide to dealing with Ransomware

CSOOnline - Salted Hash - Top Security News - Wed, 07/05/2017 - 1:46pm

Ransomware has been around since 2013, but it was the success of CryptoLocker that spawned a booming vertical market for criminals. Last week, as June came to a close, criminals leveraged the fear associated with the Petya Ransomware family to create chaos across the globe.

Last week's attack, dubbed NotPetya, masqueraded as a Ransomware attack, but that wasn't the real goal. While the funds collected by the criminals have been retrieved, experts have determined that chaos was the ultimate goal.

To read this article in full or to leave a comment, please click here

Categories: CSO Online