ATENTIONβΌ New - CVE-2016-1000282
π Read
via "National Vulnerability Database".
Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection.π Read
via "National Vulnerability Database".
π΄ No Sign of 'Material' Nation-State Actor Impact on 2018 US Midterms π΄
π Read
via "Dark Reading: ".
That's the conclusion of a classified postmortem report sent to the White House yesterday by Acting Attorney General and DHS Secretary.π Read
via "Dark Reading: ".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
π΄ Over 59K Data Breaches Reported in EU Under GDPR π΄
π Read
via "Dark Reading: ".
In addition, 91 reported fines have been imposed since the regulation went into effect last May.π Read
via "Dark Reading: ".
Darkreading
Over 59K Data Breaches Reported in EU Under GDPR
In addition, 91 reported fines have been imposed since the regulation went into effect last May.
π΄ Mitigating the Security Risks of Cloud-Native Applications π΄
π Read
via "Dark Reading: ".
While containers can create more secure application development environments, they also introduce new security challenges that affect security and compliance.π Read
via "Dark Reading: ".
Dark Reading
Mitigating the Security Risks of Cloud-Native Applications
While containers can create more secure application development environments, they also introduce new security challenges that affect security and compliance.
π΄ Cybercriminals Exploit Gmail Feature to Scale Up Attacks π΄
π Read
via "Dark Reading: ".
Criminals are taking advantage of Gmail's 'dots don't matter' feature to set up multiple fraudulent accounts on websites, using variations of the same email address, Agari says.π Read
via "Dark Reading: ".
Darkreading
Cybercriminals Exploit Gmail Feature to Scale Up Attacks
Criminals are taking advantage of Gmail's 'dots don't matter' feature to set up multiple fraudulent accounts on websites, using variations of the same email address, Agari says.
β IoT Scale Flaws Enable Denial of Service, Privacy Issues β
π Read
via "Threatpost | The first stop for security news".
Flaws in this connected smart scale might give the diet-challenged a legitimate reason to be nervous about using this vulnerable IoT device.π Read
via "Threatpost | The first stop for security news".
Threat Post
IoT Scale Flaws Enable Denial of Service, Privacy Issues
Flaws in this connected smart scale might give the diet-challenged a legitimate reason to be nervous.
π΄ Shellbot Crimeware Re-Emerges in Monero Mining Campaign π΄
π Read
via "Dark Reading: ".
New attack uses a repurposed version of the Trojan that spreads using Internet Relay Chat.π Read
via "Dark Reading: ".
Darkreading
Shellbot Crimeware Re-Emerges in Monero Mining Campaign
New attack uses a repurposed version of the Trojan that spreads using Internet Relay Chat.
<b>⌨ More Alleged SIM Swappers Face Justice ⌨</b>
<code>Prosecutors in Northern California have charged two men with using unauthorized SIM swaps to steal and extort money from victims. One of the individuals charged allegedly used a hacker nickname belonging to a key figure in the underground whoβs built a solid reputation hijacking mobile phone numbers for profit.</code><code>According to indictments unsealed this week, Tucson, Ariz. resident Ahmad Wagaafe Hared and Matthew Gene Ditman of Las Vegas were part of a group that specialized in tricking or bribing representatives at the major wireless providers into giving them control over phone numbers belonging to people they later targeted for extortion and theft.</code><code>Investigators allege that between October 2016 and May 2018, Hared and Ditman grew proficient at SIM swapping, a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims.</code><code>The Justice Department says Hared was better known to his co-conspirators as βwinblo.β That nickname corresponds to an extremely active and at one time revered member of the forum ogusers[.]com, a marketplace for people who wish to sell highly prized social media account names β including short usernames at Twitter, Instagram and other sites that can fetch thousands of dollars apiece.</code><code>Media</code><code>Winbloβs account on ogusers[.]com</code><code>Winblo was an associate and business partner of another top Oguser member, a serial SIM swapper known to Oguser members as βXzavyer.β In August 2018, authorities in California arrested a hacker by the same name β whose real name is Xzavyer Clemente Narvaez β charging him with identity theft, grand theft, and computer intrusion.
</code><code>Prosecutors allege Narvaez used the proceeds of his crimes (estimated at > $1 million in virtual currencies) to purchase luxury items, including a McLaren β a $200,000 high-performance sports car.</code><code>According to the indictments against Hared and Ditman, one of the men (the indictment doesnβt specify which) allegedly used his ill-gotten gains to purchase a BMW i8, an automobile that sells for about $150,000.</code><code>Investigators also say the two men stole approximately 40 bitcoins from their SIM swapping victims. Thatβs roughly $136,000 in todayβs conversion, but it would have been substantially more in 2017 when the price of a single bitcoin reached nearly $20,000.</code><code>Interestingly, KrebsOnSecurity was contacted in 2018 by a California man who said he was SIM swapped by Winblo and several associates. That victim, who asked not to be identified for fear of reprisals, said his Verizon mobile number was SIM hijacked by Winblo and others who used that access to take over his Twitter and PayPal accounts and then demand payment for the return of the accounts.</code><code>A computer specialist by trade, the victim said he was targeted because heβd invested in a cryptocurrency startup, and that the hackers found his contact information from a list of investors theyβd somehow obtained. As luck would have it, he didnβt have much of value to steal in his accounts.</code><code>The victim said he learned more about his tormentors and exactly how theyβd taken over his mobile number after they invited him to an online chat to negotiate a price for the return of his accounts.</code><code>βThey told me they had called a Verizon employee line [posing as a Verizon employee] and managed to get my Verizon account ID number,β said my victim source. βOnce they had that, they called Verizon customer service and had them reset the password. They literally just called and pretended to be me, and were able to get my account tied to another SIM card.β</code><code>The victim said his attackers even called his mom because the mobile account was in her name. Soon after that, his phone went dead.</code><code>βThe funny thing was, after I got my accountβ¦
<code>Prosecutors in Northern California have charged two men with using unauthorized SIM swaps to steal and extort money from victims. One of the individuals charged allegedly used a hacker nickname belonging to a key figure in the underground whoβs built a solid reputation hijacking mobile phone numbers for profit.</code><code>According to indictments unsealed this week, Tucson, Ariz. resident Ahmad Wagaafe Hared and Matthew Gene Ditman of Las Vegas were part of a group that specialized in tricking or bribing representatives at the major wireless providers into giving them control over phone numbers belonging to people they later targeted for extortion and theft.</code><code>Investigators allege that between October 2016 and May 2018, Hared and Ditman grew proficient at SIM swapping, a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims.</code><code>The Justice Department says Hared was better known to his co-conspirators as βwinblo.β That nickname corresponds to an extremely active and at one time revered member of the forum ogusers[.]com, a marketplace for people who wish to sell highly prized social media account names β including short usernames at Twitter, Instagram and other sites that can fetch thousands of dollars apiece.</code><code>Media</code><code>Winbloβs account on ogusers[.]com</code><code>Winblo was an associate and business partner of another top Oguser member, a serial SIM swapper known to Oguser members as βXzavyer.β In August 2018, authorities in California arrested a hacker by the same name β whose real name is Xzavyer Clemente Narvaez β charging him with identity theft, grand theft, and computer intrusion.
</code><code>Prosecutors allege Narvaez used the proceeds of his crimes (estimated at > $1 million in virtual currencies) to purchase luxury items, including a McLaren β a $200,000 high-performance sports car.</code><code>According to the indictments against Hared and Ditman, one of the men (the indictment doesnβt specify which) allegedly used his ill-gotten gains to purchase a BMW i8, an automobile that sells for about $150,000.</code><code>Investigators also say the two men stole approximately 40 bitcoins from their SIM swapping victims. Thatβs roughly $136,000 in todayβs conversion, but it would have been substantially more in 2017 when the price of a single bitcoin reached nearly $20,000.</code><code>Interestingly, KrebsOnSecurity was contacted in 2018 by a California man who said he was SIM swapped by Winblo and several associates. That victim, who asked not to be identified for fear of reprisals, said his Verizon mobile number was SIM hijacked by Winblo and others who used that access to take over his Twitter and PayPal accounts and then demand payment for the return of the accounts.</code><code>A computer specialist by trade, the victim said he was targeted because heβd invested in a cryptocurrency startup, and that the hackers found his contact information from a list of investors theyβd somehow obtained. As luck would have it, he didnβt have much of value to steal in his accounts.</code><code>The victim said he learned more about his tormentors and exactly how theyβd taken over his mobile number after they invited him to an online chat to negotiate a price for the return of his accounts.</code><code>βThey told me they had called a Verizon employee line [posing as a Verizon employee] and managed to get my Verizon account ID number,β said my victim source. βOnce they had that, they called Verizon customer service and had them reset the password. They literally just called and pretended to be me, and were able to get my account tied to another SIM card.β</code><code>The victim said his attackers even called his mom because the mobile account was in her name. Soon after that, his phone went dead.</code><code>βThe funny thing was, after I got my accountβ¦
β Digital signs left wide open with default password β
π Read
via "Naked Security".
One thing the world doesn't need: hackers who can broadcast to billboards of any size, be they PC monitor- or Godzilla-sized.π Read
via "Naked Security".
Naked Security
Digital signs left wide open with default password
One thing the world doesnβt need: hackers who can broadcast to billboards of any size, be they PC monitor- or Godzilla-sized.
β Just two hacker groups are behind 60% of stolen cryptocurrency β
π Read
via "Naked Security".
Chainalysis found that two groups, which it calls Alpha and Beta, are responsible for stealing around $1 billion in funds from exchanges.π Read
via "Naked Security".
Naked Security
Just two hacker groups are behind 60% of stolen cryptocurrency
Chainalysis found that two groups, which it calls Alpha and Beta, are responsible for stealing around $1 billion in funds from exchanges.
β Firefox 66 will silence autoplaying web audio β
π Read
via "Naked Security".
From Firefox 66 for desktop and Android, due in March, media autoplay of video or audio will be blocked by default.π Read
via "Naked Security".
Naked Security
Firefox 66 will silence autoplaying web audio
From Firefox 66 for desktop and Android, due in March, media autoplay of video or audio will be blocked by default.
β Jackβd dating app is showing usersβ intimate pics to strangers β
π Read
via "Naked Security".
A clear and present danger: Anyone with a web browser who knows where to look can access Jack'd users' photos, be they private or public.π Read
via "Naked Security".
Naked Security
Jackβd dating app is showing usersβ intimate pics to strangers
A clear and present danger: Anyone with a web browser who knows where to look can access Jackβd usersβ photos, be they private or public.
π΄ 7 Tips For Communicating With the Board π΄
π Read
via "Dark Reading: ".
The key? Rather than getting bogged down in the technical details, focus on how a security program is addressing business risk.π Read
via "Dark Reading: ".
Dark Reading
7 Tips For Communicating With the Board
The key? Rather than getting bogged down in the technical details, focus on how a security program is addressing business risk.
β Modern Cybercrime: It Takes a Village β
π Read
via "Threatpost | The first stop for security news".
Today's financial cyber-rings have corporate insider and management roles -- cybercrime is not just just for hackers and coders anymore.π Read
via "Threatpost | The first stop for security news".
Threat Post
Modern Cybercrime: It Takes a Village
Today's financial cyber-rings have corporate insider and management roles β cybercrime is not just just for hackers and coders anymore.
π 4 tips to keep your business safe online, according to Google π
π Read
via "Security on TechRepublic".
Most people still lack an understanding of best practices for passwords and other security measures, Google found.π Read
via "Security on TechRepublic".
TechRepublic
4 tips to keep your business safe online, according to Google
Most people still lack an understanding of best practices for passwords and other security measures, Google found.
π Data breaches, GDPR lead 54% of companies to increase IT security spending π
π Read
via "Security on TechRepublic".
One in three companies is still unprepared for many potential cybersecurity threats, according to an eSecurityPlanet.com report.π Read
via "Security on TechRepublic".
TechRepublic
Data breaches, GDPR lead 54% of companies to increase IT security spending
One in three companies is still unprepared for many potential cybersecurity threats, according to an eSecurityPlanet.com report.
β Microsoft Confirms Serious βPrivExchangeβ Vulnerability β
π Read
via "Threatpost | The first stop for security news".
The elevated privilege flaw exists in Microsoft Exchange and would allow a remote attacker to impersonate an administrator.π Read
via "Threatpost | The first stop for security news".
Threat Post
Microsoft Confirms Serious βPrivExchangeβ Vulnerability
The elevated privilege flaw exists in Microsoft Exchange and would allow a remote attacker to impersonate an administrator.
π΄ Serverless Computing: 'Function' vs. 'Infrastructure' as-a-Service π΄
π Read
via "Dark Reading: ".
How much do companies really gain from offloading security duties to the cloud? Let's do the math.π Read
via "Dark Reading: ".
Darkreading
Serverless Computing: 'Function' vs. 'Infrastructure' as-a-Service
How much do companies really gain from offloading security duties to the cloud? Let's do the math.
π 3 things businesses need to know about customer privacy expectations π
π Read
via "Security on TechRepublic".
After a data breach, 57% of consumers blame companies above everyone else, even hackers, for the event, according to an RSA Security report.π Read
via "Security on TechRepublic".
TechRepublic
3 things businesses need to know about customer privacy expectations
After a data breach, 57% of consumers blame companies above everyone else, even hackers, for the event, according to an RSA Security report.
β What are Data Manipulation Attacks, and How to Mitigate Against Them β
π Read
via "Threatpost | The first stop for security news".
Hackers don't always steal data. Sometimes the goal is to manipulate the data to intentionally trigger external events that can be capitalized on.π Read
via "Threatpost | The first stop for security news".
Threat Post
What are Data Manipulation Attacks, and How to Mitigate Against Them
Hackers don't always steal data. Sometimes the goal is to manipulate the data to intentionally trigger external events that can be capitalized on.