Saturday, July 20, 2019
Brian Krebs

QuickBooks Cloud Hosting Firm iNSYNQ Hit in Ransomware Attack

Cloud hosting provider iNSYNQ says it is trying to recover from a ransomware attack that shut down its network and has left customers unable to access their accounting data for the past three days. Unfortunately for iNSYNQ, the company...
Brian Krebs

Party Like a Russian, Carder’s Edition

“It takes a certain kind of man with a certain reputation To alleviate the cash from a whole entire nation…” KrebsOnSecurity has seen some creative yet truly bizarre ads for dodgy services in the cybercrime underground, but the following animated advertisement...
Brian Krebs

Meet the World’s Biggest ‘Bulletproof’ Hoster

For at least the past decade, a computer crook variously known as “Yalishanda,” “Downlow” and “Stas_vl” has run one of the most popular “bulletproof” Web hosting services catering to a vast array of phishing sites, cybercrime forums and malware...
Brian Krebs

Is ‘REvil’ the New GandCrab Ransomware?

The cybercriminals behind the GandCrab ransomware-as-a-service (RaaS) offering recently announced they were closing up shop and retiring after having allegedly earned more than $2 billion in extortion payments from victims. But a growing body of evidence suggests the GandCrab...
Brian Krebs

FEC: Campaigns Can Use Discounted Cybersecurity Services

The U.S. Federal Election Commission (FEC) said today political campaigns can accept discounted cybersecurity services from companies without running afoul of existing campaign finance laws, provided those companies already do the same for other non-political entities. The decision comes...
Brian Krebs

Patch Tuesday Lowdown, July 2019 Edition

Microsoft today released software updates to plug almost 80 security holes in its Windows operating systems and related software. Among them are fixes for two zero-day flaws that are actively being exploited in the wild, and patches to quash...
Brian Krebs

Who’s Behind the GandCrab Ransomware?

The crooks behind an affiliate program that paid cybercriminals to install the destructive and wildly successful GandCrab ransomware strain announced on May 31, 2019 they were terminating the program after allegedly having earned more than $2 billion in extortion payouts...
Brian Krebs

Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers

It might be difficult to fathom how this isn’t already mandatory, but Microsoft Corp. says it will soon force all Cloud Solution Providers (CSPs) that help companies manage their Office365 accounts to use multi-factor authentication. The move comes amid a...
Brian Krebs

Breach at Cloud Solution Provider PCM Inc.

A digital intrusion at PCM Inc., a major U.S.-based cloud solution provider, allowed hackers to access email and file sharing systems for some of the company’s clients, KrebsOnSecurity has learned. El Segundo, Calif. based PCM  is a provider of technology products,...
Brian Krebs

Tracing the Supply Chain Attack on Android

Earlier this month, Google disclosed that a supply chain attack by one of its vendors resulted in malicious software being pre-installed on millions of new budget Android devices. Google didn’t exactly name those responsible, but said it believes the...
Brian Krebs

Tracing the Supply Chain Attack on Android

Earlier this month, Google disclosed that a supply chain attack by one of its vendors resulted in malicious software being pre-installed on millions of new budget Android devices. Google didn’t exactly name those responsible, but said it believes the...
Brian Krebs

Collections Firm Behind LabCorp, Quest Breaches Files for Bankruptcy

A medical billing firm responsible for a recent eight-month data breach that exposed the personal information on nearly 20 million Americans has filed for bankruptcy, citing “enormous expenses” from notifying affected consumers and the loss of its four largest...
Brian Krebs

Microsoft Patch Tuesday, June 2019 Edition

Microsoft on Tuesday released updates to fix 88 security vulnerabilities in its Windows operating systems and related software. The most dangerous of these include four flaws for which there is already exploit code available. There’s also a scary bug affecting...
Brian Krebs

LabCorp: 7.7 Million Consumers Hit in Collections Firm Breach

Medical testing giant LabCorp. said today personal and financial data on some 7.7 million consumers were exposed by a breach at a third-party billing collections firm. That third party — the American Medical Collection Agency (AMCA) — also recently notified...
Brian Krebs

Report: No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware

For almost the past month, key computer systems serving the government of Baltimore, Md. have been held hostage by a ransomware strain known as “Robbinhood.” Media publications have cited sources saying the Robbinhood version that hit Baltimore city computers...

Cisco Patches Critical Flaw in Vision Dynamic Signage Director

Cisco this week released a security patch for the Vision Dynamic Signage Director, to address a Critical vulnerability that could allow attackers to execute arbitrary actions on the local system.  Tracked as CVE-2019-1917, the vulnerability was found in the REST...

The Great Hack: the film that goes behind the scenes of the Facebook data scandal

This week, a Netflix documentary on Cambridge Analytica sheds light on one of the most complex scandals of our time. Carole Cadwalladr, who broke the story and appears in the film, looks at the fallout – and finds ‘surveillance...
SecurityWeek

Scotland Yard Twitter and Emails Hacked

London's Metropolitan Police apologised Saturday after its Twitter, emails and news pages were targeted by hackers and began pumping out a series of bizarre messages. read more

Browser Extensions Scraped Data From Millions of People

Slack passwords, NSO spyware, and more of the week's top security news.
ZDNet

Hackers breach FSB contractor, expose Tor deanonymization project and more

SyTech, the hacked company, was working on research projects for the FSB, Russia's intelligence service.