Thursday, October 1, 2020
Tripwire

Russian Gets 7 Years in Prison for Linkedin, Dropbox & Formspring Hacks

A Russian man received a seven-year prison sentence for having hacked into computers belonging to LinkedIn, Dropbox and Formspring. On September 30, Honorable William H. Alsup, U.S. District Judge for the Northern District of California, sentenced Yevgeniy Alexandrovich Nikulin,...
Tripwire

Bitcoin Exchange Owner Convicted for Role in Web Auction Fraud Scheme

A federal jury convicted the owner of a bitcoin exchange for his role in a multi-million dollar scheme involving online auction fraud. On September 28, a federal jury in Frankfort, Kentucky found Bulgarian national Rossen Iossifov, 53, guilty of...
Tripwire

Tyler Technologies Reveals Ransomware Affected Some Internal Systems

Tyler Technologies, Inc., revealed it suffered a ransomware attack that disrupted access to some of its internal systems. On September 26, Tyler Technologies published a statement on its website in which it disclosed that it had detected a security...
Tripwire

Mount Locker Ransomware Demanding Ransom Payments in the Millions

A new ransomware strain called “Mount Locker” is demanding that victims pay multi-million dollar ransom payments to recover their data. According to Bleeping Computer, the ransomware first began making the rounds in July 2020. The malicious actors responsible for...
Tripwire

Computer Programmer Pleads Guilty to Lying about Silk Road Involvement

A computer programmer pleaded guilty to making false statements about his involvement with the Silk Road underground web marketplace. On Setpember 21, Michael R. Weigand (also known as “Shabang”) surrendered himself and told U.S. District Judge William H. Pauley...
Tripwire

Scammers Impersonating Texas Gov’t Departments to Send Fake RFQs

Scammers are impersonating governmental departments within the State of Texas to send out fake Requests For Quotations (RFQs). On September 21, Abnormal Security revealed that it had spotted an attack email that impersonated the Texas Department of State Health...
Tripwire

German Hospital Hit by Ransomware, Patient Dies After Being Redirected

A patient died after being redirected to another medical facility as the result of a German hospital having suffered a ransomware infection. On September 17, the Associated Press reported that a woman who needed urgent medical attention died after...
Tripwire

Maze Gang Distributed Ransomware Payload Inside VM

The gang responsible for the Maze ransomware family conducted an attack in which they distributed their malware payload inside of a virtual machine (VM). Sophos’ Managed Threat Response (MTR) observed the technique in action while investigating an attack that...
Tripwire

New Smishing Campaign Using USPS as Its Disguise

A new SMS-based phishing (“smishing”) campaign is using the United States Postal Service (USPS) as a disguise to target mobile users. On September 15, SlickRockWeb CEO Eric JN Eliason tweeted out two examples of the operation. Both attack SMS...
Tripwire

Security Incident at VA Exposed 46K Veterans’ Information

The Office of Management at the U.S. Department of Veterans Affairs (VA) disclosed a security incident involving the personal data of 46,000 veterans. The VA detailed the data breach in a statement published on its website on September 14....
Tripwire

Over 18K COVID-19 Patients’ Data Mistakenly Exposed by NHS Trust

A National Health Service (NHS) Trust revealed that it had mistakenly uploaded the personal information of over 18,000 people who had previously tested positive for coronavirus 2019 (COVID-19). On September 14, Public Health Wales announced in a web statement...
Tripwire

CISA Warns Election-Related Entities to Be on Watch for Phishing Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned election-related entities to be on the lookout for phishing attacks. In an insight piece published on September 10, CISA highlighted malicious actors’ preference for phishing attacks in their efforts to...
Tripwire

O365 Phishing Attack Used Real-Time Validation against Active Directory

A phishing attack used real-time validation against an organization’s Active Directory in order to steal users’ Office 365 credentials. According to Armorblox, the phishing attack targeted an executive working at an American brand that was named one of the...
Tripwire

Pakistani Electric Supply Company Struck by Netwalker Ransomware

An electric supply company based in Karachi, Pakistan suffered a Netwalker ransomware infection that disrupted its billing and online services. Bleeping Computer learned of the attack through Ransom Leaks, a ransomware researcher who received word from a local Pakistani...
Tripwire

DoppelPaymer Gang Claims Responsibility for Newcastle University Issues

The DoppelPaymer ransomware gang claimed responsibility for a digital security incident that affected Newcastle University’s network and systems. In a news release published on its website, Newcastle University revealed that it had begun experiencing issues with several of its...

#DTXNOW: Managing Uncertainty to Build Lasting Resilience in Security Teams

#DTXNOW: Managing Uncertainty to Build Lasting Resilience in Security Teams IT and security teams must learn how to navigate to uncertain environments in order to build lasting resilience, according to Jordan Schroeder, deputy MD & managing CISO at Hefestis, speaking...

InterPlanetary Storm: Cross-platform P2P botnet infects computers and IoT devices

IoT botnets have come a long way since Mirai showed its devastating potential in 2016 with distributed denial-of-server attacks that exceeded in strength anything seen before then. Myriad malware programs now infect poorly secured or vulnerable routers, IP cameras,...
The Register

Huawei’s UK code reviewers say the company is still crap at basic software security

Last year telcos scrambled to plug 'critical user-facing vuln' in Chinese network kit UK.gov security researchers examining Huawei source code have so far verified just eight firmware binaries out of more than 60 used across Britain's mobile phone networks,...
ZDNet

With API attacks rising, Cloudflare launches a free API security tool

Claudflare launches API Shield, a new service to protect web APIs against attacks.
IBM Security

Integrating Security Awareness Training Into Employee Onboarding

Training your team on security awareness is an essential part of a successful security program. And, new employee onboarding is an optimal time to introduce your staff to your security best practices. This is in large part due to the...