Georgia Tech Sued Over Alleged False Cybersecurity Reports To Win Dod Contracts
The U.S. government has intervened in a whistleblower lawsuit against Georgia Tech and its affiliate, Georgia Tech Research Corporation (GTRC), accusing them of falsifying cybersecurity compliance reports to secure Department of Defense (DoD) contracts. Whistleblowers claim the entities failed to implement required NIST cybersecurity controls, fabricated assessment scores, and neglected essential security measures, particularly in the Astrolavos Lab, from 2019 to 2021. The lawsuit, filed under the False Claims Act, could result in significant financial penalties for Georgia Tech and GTRC if proven true.
Sonicwall Warns Of Critical Access Control Flaw In Sonicos
SonicWall’s SonicOS contains a critical access control vulnerability (CVE-2024-40766) with a CVSS score of 9.3, potentially allowing attackers unauthorized access to resources or causing firewall crashes. The flaw impacts Gen 5, Gen 6, and Gen 7 SonicWall devices running older firmware versions, with security patches now available for download. Administrators unable to apply these updates should immediately restrict firewall management access to trusted sources to mitigate potential exploitation, as SonicWall devices have been frequent targets for cyberattacks, including those by state-sponsored actors.
Chrome-Stored Passwords Targeted By Notorious Ransomware Group
Qilin ransomware has escalated its tactics by targeting passwords stored in Google Chrome, posing a severe threat to network security. In a recent attack, Qilin used compromised VPN credentials and a new script, IPScanner.ps1, to steal credentials across multiple endpoints, resulting in significant credential theft from Chrome browsers. This development signals a potentially dangerous trend in cybercrime, where attackers not only compromise network assets but also harvest user credentials, greatly complicating the task for defenders.
India’S Critical Infrastructure Suffers Spike In Cyberattacks
India’s critical infrastructure sectors, including finance, government, manufacturing, and healthcare, are experiencing a sharp increase in cyberattacks, with financial institutions facing significant threats as they digitize. The Reserve Bank of India (RBI) has highlighted cybersecurity as a major challenge, citing a jump from 53,000 incidents in 2017 to 16 million in 2023, urging banks and financial institutions to strengthen their defenses. Public sector systems are also under heavy attack, with geopolitical tensions exacerbating the issue, while experts call for updated cybersecurity legislation to address the growing risks.
Seattle-Tacoma Airport IT Systems Down Due To A Cyberattack
A suspected cyberattack has led to a significant IT systems outage at Seattle-Tacoma International Airport, affecting check-in processes, flight information displays, and causing flight delays. The Port of Seattle isolated critical systems to contain the attack, while the airport advised passengers to check in online, travel light, and confirm gate details directly with airlines. The incident has prompted an FBI investigation, with no estimated time for full system restoration yet.
500K Impacted By Texas Dow Employees Credit Union Data Breach
Texas Dow Employees Credit Union (TDECU) is notifying over 500,000 individuals that their personal data was compromised in a large-scale breach linked to the MOVEit Transfer software, exploited by the Cl0p ransomware group in May 2023. The breach, part of a broader attack affecting over 2,700 organizations and 96 million individuals, exposed sensitive information such as Social Security and bank account numbers. TDECU is offering affected members 12 months of free credit monitoring, emphasizing that its internal network was not breached, and urging vigilance against potential fraud.
American Radio Relay League Paid $1 Million To Ransomware Gang
The American Radio Relay League (ARRL) paid $1 million to a ransomware gang following a May 2024 attack that compromised both on-site and cloud-based systems, encrypting key infrastructure. The attackers infiltrated ARRL’s networks weeks before deploying ransomware, leveraging dark web-purchased information for the breach. Although ARRL managed to restore most systems by July, it acknowledged that the personal data of 150 employees was likely exposed, prompting ongoing infrastructure enhancements.
Patelco Credit Union Says Breach Impacts 726K After Ransomware Gang Auctions Data
Patelco Credit Union has reported a significant data breach affecting 726,000 individuals, involving personal details such as Social Security numbers and driver’s license information, after a ransomware attack by the RansomHub group. The breach, which was discovered on June 29, compromised data over a period from May 23 to June 29, and the stolen information is now being auctioned by the cybercriminals. Patelco is offering affected individuals two years of free identity protection services and has notified relevant authorities, including California’s Department of Financial Protection and Innovation.
Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.