Tag Archive for: Address

TAD to hold emergency meeting Monday to address ransomware attack


The Tarrant Appraisal District will hold an emergency board meeting March 25 after a criminal ransomware attack disrupted the agency’s network March 21, causing the website to crash.

The district has taken steps to secure the network and is working with cybersecurity experts to investigate, respond and restore the network, it said in a press release.

The incident was reported to the Federal Bureau of Investigation and the Texas Department of Information Resources.

The website is now live again, but emails and phone lines remain down.

Appraisal board member Alan Blaylock, who is also a Fort Worth City Council member, said board members anticipate receiving more detailed information at the March 25 meeting.

“I think that the chief appraiser and the new team are going to great pains to communicate all they can as they are able,” Blaylock said, “and I expect that there will be significant communication coming forward early next week as investigations into what happened continue.”

This is the second criminal cyberattack on the appraisal district’s website. In October 2022, a security breach potentially exposed sensitive taxpayer information. However, the final report found that data was not stolen.

Ransomware attacks were on the rise in 2023, according to data from the FBI. More than 2,800 complaints about ransomware were reported last year, including 156 from government facilities.

Source…

Cybersecurity on the farm conference to address internet security


The farming sector is sometimes targeted by cybercriminals because of farming’s critical function — supplying the food and fiber that humans and animals depend upon.

The first of its kind Cybersecurity on the Farm Conference, offered by Iowa State University Extension and Outreach, will be held at the Iowa State University Alumni Center in Ames on Jan. 11, from 8:30 a.m. to 3:30 p.m.

In an era where technology is reshaping every industry, farming stands at the crossroads of innovation and tradition. This one-day conference is designed to address the unique intersection of today’s agriculture and cybersecurity.

For farmers, this workshop offers insights into the ever-evolving world of digital lending in farming and the shift toward online agricultural marketplaces. There will be critical discussions on the potential cyber threats that emerge when working in the agricultural sector. By the end of the day, farmers will be better equipped to navigate farming on the internet while keeping a keen eye on safety and security.

Source…

Google urges users to update Chrome to address zero-day vulnerability



Google has released Chrome version 112.0.5615.121 to address a vulnerability that can allow malicious code execution on Windows, Mac, and Linux systems.

Google has released an emergency Chrome security update to address a zero-day vulnerability targeted by an exploit, already in circulation on the internet, that can allow malicious code to be executed.
Google is urging users to upgrade Chrome to the new version, 112.0.5615.121, as soon as possible. The updated version addresses the vulnerability, which affects Windows, Mac, and Linux systems, and is listed as CVE-2023-2033 in the US’ National Vulnerability Database.
Meanwhile, the update will roll out in the coming weeks on Google’s stable desktop channel, the company said.
The high-severity vulnerability was described by Google as a “type confusion” issue in the V8 JavaScript engine. Google Chrome V8 is Google’s open source JavaScript and WebAssembly engine.

“Google is aware that an exploit for CVE-2023-2033 exists in the wild,” the company said in a statement on April 14.
NIST, the US Commerce Dept. agency that runs the National Vulnerability Database, went further in its CVE description about the vulnerability. “Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page,” NIST said.
Google is yet to release complete details on the vulnerability. “Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google said in the statement. 
To update Chrome, users can click the overflow menu on the right side of the menu bar and then go to Help and About Google Chrome. Chrome will automatically check for browser updates and, by default, update the browser. Once the update is complete, users need to restart the browser. 

Clement Lecigne of Google’s Threat Analysis Group identified the vulnerability and reported the issue on April 11. In addition to fixing CVE-2023-2033, the Chrome update also fixes a variety of issues detected during internal audits and other initiatives, the company said.
This is the first zero-day vulnerability…

Source…

‘TunnelCrack’ Vulnerabilities Identified; Updating VPN Should Address Security Issue – Forbes Advisor


Editorial Note: We earn a commission from partner links on Forbes Advisor. Commissions do not affect our editors’ opinions or evaluations.

A virtual private network can provide peace of mind by encrypting your activity on the internet and hiding your identity while you browse, which allows you to visit foreign websites and provides a more secure way to transmit private information.

But a new study has uncovered weaknesses that could allow your phone or computer to be tricked into leaking your online data input, known as “traffic,” before the traffic reaches the protected VPN tunnel.

In a paper presented at the USENIX Security Symposium on August 11, researchers from New York University, KU Leuven University in Belgium and NYU Abu Dhabi dubbed the VPN problem “TunnelCrack.”

And no matter what type of device you use, or what your VPN is, you could be at risk.

What Were the Findings?

“Our tests indicate that every VPN product is vulnerable on at least one device,” the researchers wrote. “We found that VPNs for iPhones, iPads, MacBooks, and macOS are extremely likely to be vulnerable, that a majority of VPNs on Windows and Linux are vulnerable, and that Android is the most secure with roughly one-quarter of VPN apps being vulnerable.”

The differences appear to have to do with the way the various operating systems are designed.

The testers confirmed their findings by running 248 experiments involving 67 VPN providers on Windows, macOS, iOS, Linux and Android.

Study co-author Mathy Vanhoef, a professor at KU Leuven, says researchers were able to run their tests without putting the public at risk. “We…used our own phones and own laptops, installed a lot of VPN apps you can find and then tested it,” he says, “and could basically attack ourselves in a lot of cases.”

Choose the VPN Plan that Works for You

Protect your Windows, Mac, iOS, Android, Linux devices, as well as gaming consoles, smart TVs, and routers with CyberGhost VPN.


Explore More

How Does TunnelCrack Work?

Two types of vulnerabilities were discovered: LocalNet attacks and ServerIP attacks.

LocalNet attacks involve traffic sent to and from…

Source…