Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how a Trickbot attacked a school district’s networks and how infected cryptocurrency-mining containers target docker hosts with exposed APIs.
A school district in Ohio suspended classes on Monday, May 20, because of a Trickbot attack on its network and computers.
Part of adopting the IoT is anticipating what else the technology brings to the environments it is being applied to — not least of which are security concerns that can give rise to successful attacks on IoT systems and devices.
The graphic design website Canva was hacked in a data theft incident, which exposed usernames, email addresses, encrypted passwords, customer names and more.
A remote code execution vulnerability from May’s Patch Tuesday is particularly hard to ignore: CVE-2019-0725, an RCE vulnerability in Windows Dynamic Host Configuration Protocol (DHCP) Server, which doesn’t require user interaction and affects all versions of Windows Server.
Trend Micro discovered a new variant of Mirai that uses a total of 13 different exploits in a single campaign – the first Mirai variant to do so – and has backdoor and distributed denial-of-service (DDoS) capabilities.
Insurance giant First American Financial is facing a class action lawsuit for negligence after it left more than 885 million sensitive documents dating as far back as 2003 exposed online.
At first glance, the details for Linux kernel vulnerability CVE-2019-11815’s score from CVSS seem like a worst-case scenario but assessing a vulnerability’s potential impact goes beyond the attack vector, privileges, and CIA impact of the base score.
Flipboard, a news aggregator service and mobile news app, has started notifying users of a security incident during which hackers had access to internal systems for more than nine months.
By analyzing the logs and traffic data coming to and from a honeypot, Trend Micro found a container that came from a public and accessible Docker Hub repository named zoolu2 that contained images with the binary of a Monero cryptocurrency miner.
Almost a million systems are reportedly vulnerable to BlueKeep, a critical vulnerability in remote desktop services, but Microsoft’s Patch Tuesday for May already rolled out patches for BlueKeep and security advisories were released to help users address the vulnerability.
The United Kingdom has seen the number of data breach notifications more than quadruple since Europe’s GDPR privacy law went into full force a result of mandatory reporting driving better visibility
Where you surprised that a Trickbot attack could cause school districts to cancel classes? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.