The Life Cycle of a Breached Database
Every time there is another data breach, we are asked to change our password at the breached entity. But the reality is that in most cases by the time the victim organization discloses an incident publicly the information has...
PlugwalkJoe Does the Perp Walk
Joseph “PlugwalkJoe” O’Connor, in a photo from a paid press release on Sept. 02, 2020, pitching him as a trustworthy cryptocurrency expert and advisor.
One day after last summer’s mass-hack of Twitter, KrebsOnSecurity wrote that 22-year-old British citizen Joseph “PlugwalkJoe”...
Serial Swatter Who Caused Death Gets Five Years in Prison
A 18-year-old Tennessee man who helped set in motion a fraudulent distress call to police that lead to the death of a 60-year-old grandfather in 2020 was sentenced to 60 months in prison today.
60-year-old Mark Herring died of a...
Spam Kingpin Peter Levashov Gets Time Served
Peter Levashov, appearing via Zoom at his sentencing hearing today.
A federal judge in Connecticut today handed down a sentence of time served to spam kingpin Peter “Severa” Levashov, a prolific purveyor of malicious and junk email, and the creator of...
Don’t Wanna Pay Ransom Gangs? Test Your Backups.
Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they’d had proper data backups. But the ugly...
Microsoft Patch Tuesday, July 2021 Edition
Microsoft today released updates to patch at least 116 security holes in its Windows operating systems and related software. At least four of the vulnerabilities addressed today are under active attack, according to Microsoft.
Thirteen of the security bugs quashed...
Spike in “Chain Gang” Destructive Attacks on ATMs
Last summer, financial institutions throughout Texas started reporting a sudden increase in attacks involving well-orchestrated teams that would show up at night, use stolen trucks and heavy chains to rip Automated Teller Machines (ATMs) out of their foundations, and...
Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software
Last week cybercriminals deployed ransomware to 1,500 organizations that provide IT security and technical support to many other companies. The attackers exploited a vulnerability in software from Kaseya, a Miami-based company whose products help system administrators manage large networks...
Microsoft Issues Emergency Patch for Windows Flaw
Microsoft on Tuesday issued an emergency software update to quash a security bug that’s been dubbed “PrintNightmare,” a critical vulnerability in all supported versions of Windows that is actively being exploited. The fix comes a week ahead of Microsoft’s...
Another 0-Day Looms for Many Western Digital Users
Some of Western Digital’s MyCloud-based data storage devices. Image: WD.
Countless Western Digital customers saw their MyBook Live network storage drives remotely wiped in the past month thanks to a bug in a product line the company stopped supporting in...
Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax
Financial services giant Intuit this week informed 1.4 million small businesses using its QuickBooks Online Payroll and Intuit Online Payroll products that their payroll information will be shared with big-three consumer credit bureau Equifax starting later this year unless...
We Infiltrated a Counterfeit Check Ring! Now What?
Imagine waking up each morning knowing the identities of thousands of people who are about to be mugged for thousands of dollars each. You know exactly when and where each of those muggings will take place, and you’ve shared...
MyBook Users Urged to Unplug Devices from Internet
Hard drive giant Western Digital is urging users of its MyBook Live brand of network storage drives to disconnect them from the Internet, warning that malicious hackers are remotely wiping the drives using a previously unknown critical flaw that...
How Cyber Sleuths Cracked an ATM Shimmer Gang
In 2015, police departments worldwide started finding ATMs compromised with advanced new “shimming” devices made to steal data from chip card transactions. Authorities in the United States and abroad had seized many of these shimmers, but for years couldn’t...
How Cyber Safe is Your Drinking Water Supply?
Amid multiple recent reports of hackers breaking into and tampering with drinking water treatment systems comes a new industry survey with some sobering findings: A majority of the 52,000 separate drinking water systems in the United States still haven’t...
Linux Kernel Security Done Right
Posted by Kees Cook, Software Engineer, Google Open Source Security TeamTo borrow from an excellent analogy between the modern computer ecosystem and the US automotive industry of the 1960s, the Linux kernel runs well: when driving down the highway,...
Raccoon Stealer Bundles Malware, Propagates Via Google SEO
An update to the stealer-as-a-service platform hides in pirated software, pilfers crypto-coins and installs a software dropper for downloads of more malware.
SAP Customer Survey Reveals False Sense of Security
Many SAP customers have a false sense of security, according to a new report from risk management consultancy Turnkey Consulting and business-critical application security firm Onapsis.
The SAP Security Survey Report 2021 is based on information from over 100 SAP...
BazarCaller – the malware gang that talks you into infecting yourself
Calling someone back feels safer than clicking an unknown link... but it isn't! Remind your friends and family.
‘DeadRinger’ Targeted Exchange Servers Long Before Discovery
Cyberespionage campaigns linked to China attacked telecoms via ProxyLogon bugs, stealing call records and maintaining persistence, as far back as 2017.
