⚠ Apple sued for ‘forcing’ 2FA on accounts ⚠

Time is money, baby: Jay Brodsky claims that Apple's 2FA "intermeddling" takes minutes out of his day, causing "economic loss."

📖 Read

via "Naked Security".

⚠ Russian ISPs plan internet disconnection test for entire country ⚠

Russia’s major ISPs plan to temporarily disconnect servers from the internet, effectively cutting the country off from the outside world.

📖 Read

via "Naked Security".

<b>&#9000; Email Provider VFEmail Suffers ‘Catastrophic’ Hack &#9000;</b>

<code>Email provider VFEmail has suffered what the company is calling “catastrophic destruction” at the hands of an as-yet unknown intruder who trashed all of the company’s primary and backup data in the United States. The firm’s founder says he now fears some 18 years’ worth of customer email may be gone forever.</code><code>Founded in 2001 and based in Milwaukee, Wisc., VFEmail provides email service to businesses and end users. The first signs of the attack came on the morning of Feb. 11, when the company’s Twitter account started fielding reports from users who said they were no longer receiving messages. VFEmail’s Twitter account responded that “external facing systems, of differing OS’s and remote authentication, in multiple data centers are down.”</code><code>Media</code><code>Two hours later, VFEmail tweeted that it had caught a hacker in the act of formatting one of the company’s mail servers in The Netherlands.</code><code>“nl101 is up, but no incoming email,” read a tweet shortly thereafter. “I fear all US based data my be lost.”</code><code>“At this time, the attacker has formatted all the disks on every server,” wrote VFEmail. “Every VM [virtual machine] is lost. Every file server is lost, every backup server is lost. Strangely, not all VMs shared the same authentication, but all were destroyed. This was more than a multi-password via ssh exploit, and there was no ransom. Just attack and destroy.”</code><code>In an update posted to the company’s Web site, VFEmail owner Rick Romero wrote that new email was being delivered and that efforts were being made to recover what user data could be salvaged.</code><code>“At this time I am unsure of the status of existing mail for US users,” Romero wrote. “If you have your own email client, DO NOT TRY TO MAKE IT WORK. If you reconnect your client to your new mailbox, all your local mail will be lost.”</code><code>Reached by KrebsOnSecurity on Tuesday morning, Romero said he was able to recover a backup drive hosted in The Netherlands, but that he fears all of the mail for U.S. users may be irreparably lost.</code><code>“I don’t have very high expectations of getting any U.S. data back,” Romero said in an online chat.</code><code>John Senchak, a longtime VFEmail user from Florida who also has been a loyal reader and commenter at this blog, told KrebsOnSecurity that the attack completely wiped out his inbox at the company — some 60,000 emails sent and received over more than a decade.</code><code>“I have a account with that site, all the email in my account was deleted,” Senchak said.</code><code>Asked if he had any clues about the attackers or how they may have broken in, Romero said the intruder appeared to be doing his dirty work from a server based in Bulgaria (94.155.49[9], username “aktv.”)</code><code>“I haven’t done much digging yet on the actors,” he said. “It looked like the IP was a Bulgarian hosting company. So I’m assuming it was just a virtual machine they were using to launch the attack from. There definitely was something that somebody didn’t want found. Or, I really pissed someone off. That’s always possible.”</code><code>This isn’t the first time criminals have targeted VFEmail. I wrote about the company in 2015 after it suffered a debilitating distributed denial-of-service (DDoS) attack after Romero declined to pay a ransom demand from an online extortion group. Another series of DDoS attacks in 2017 forced VFEmail to find a new hosting provider.</code><code>In December 2018, Romero tweeted that service had been disrupted by a DDoS attack that he attributed to “script kiddies,” a derisive reference to low-skilled online hooligans.</code><code>“After 17 years if I was planning it shut it down, it’d be shut down by me – not script kiddies,” Romero wrote on Dec. 8.</code><code>Attacks that seek to completely destroy data and servers without any warning or extortion demand are not as common…

🕴 2019 Security Spending Outlook 🕴

Cybersecurity and IT risk budgets continue to grow. Here's how they'll be spent.

📖 Read

via "Dark Reading: ".

🕴 Black Hat Asia Business Hall Sessions Offer New Cybersecurity Insights 🕴

Don’t overlook these promising Business Hall Sessions in Singapore next month. They’re short, sweet, and open to all Black Hat Asia 2019 passholders.

📖 Read

via "Dark Reading: ".

⚠ Linux container bug could eat your server from the inside – patch now! ⚠

Crooks could take over your network thanks to a critical bug in a popular Linux containerisation toolkit... here's what you need to know.

📖 Read

via "Naked Security".

❌ Adobe Fixes 43 Critical Acrobat and Reader Flaws ❌

Overall, Adobe patched 75 important and critical vulnerabilities - including a flaw that could allow bad actors to steal victims’ hashed password values.

📖 Read

via "Threatpost | The first stop for security news".

🕴 Identifying, Understanding & Combating Insider Threats 🕴

Your organization is almost certainly on the lookout for threats from outside the company. But are you ready to address threats from within?

📖 Read

via "Dark Reading: ".

🕴 Symantec Acquires Luminate to Build on Cloud Security 🕴

Luminate Security, which specializes in software-defined perimeter technology, will extend Symantec's integrated defense platform.

📖 Read

via "Dark Reading: ".

🕴 'Picnic' Passes Test for Protecting IoT From Quantum Hacks 🕴

Researchers from DigiCert, Utimaco, and Microsoft Research gives thumbs-up to a new algorithm for implementing quantum hacking-proof digital certificates.

📖 Read

via "Dark Reading: ".

🔐 Have tech companies taken two-factor authentication too far? 🔐

Apple is facing a lawsuit from a user claiming that two-factor authentication is a "waste of their personal time." Here's why businesses shouldn't ignore the security measure.

📖 Read

via "Security on TechRepublic".

❌ Xiaomi M365 Electric Scooter Hacked and Remotely Controlled ❌

Hackers up to 100 meters away could take over Xiaomi M365 scooters to brake or accelerate them.

📖 Read

via "Threatpost | The first stop for security news".

❌ Major Container Security Flaw Threatens Cascading Attacks ❌

A fundamental component of container technologies like Docker, cri-o, containerd and Kubernetes contains an important vulnerability that could cause cascading attacks.

📖 Read

via "Threatpost | The first stop for security news".

🕴 Cybersecurity and the Human Element: We're All Fallible 🕴



📖 Read

via "Dark Reading: ".

❌ Attackers Completely Destroy VFEmail’s Secure Mail Infrastructure ❌

"Every file server is lost, every backup server is lost.”

📖 Read

via "Threatpost | The first stop for security news".

❌ Critical WordPress Plugin Flaw Allows Complete Website Takeover ❌

Users of the popular plugin, Simple Social Buttons, are encouraged to update to version 2.0.22.

📖 Read

via "Threatpost | The first stop for security news".

🕴 Devastating Cyberattack on Email Provider Destroys 18 Years of Data 🕴

All data belonging to US users-including backup copies-have been deleted in catastrophe, VMEmail says.

📖 Read

via "Dark Reading: ".

❌ Microsoft Patches Zero-Day Browser Bug Under Active Attack ❌

In its February Patch Tuesday bulletin Microsoft patches four public bugs and one that under active attack.

📖 Read

via "Threatpost | The first stop for security news".

❌ Double-Stuffed: Dunkin’ Hit by Another Credential-Stuffing Attack ❌

Dunkin’ Donuts may have just launched its first double-filled doughnut, but another doubling up is not quite as tasty. The chain has suffered its second credential-stuffing attack in three months. Like the first incident, the attack targeted pastry aficionados that have DD Perks accounts, which is Dunkin’s loyalty program. Names, email addresses, 16-digit DD Perks […]

📖 Read

via "Threatpost | The first stop for security news".

🕴 Microsoft, Adobe Both Close More Than 70 Security Issues 🕴

With their regularly scheduled Patch Tuesday updates, both companies issued fixes for scores of vulnerabilities in their widely used software.

📖 Read

via "Dark Reading: ".

🕴 Up to 100,000 Reported Affected in Landmark White Data Breach 🕴

Australian property valuation firm Landmark White exposed files containing personal data and property valuation details.

📖 Read

via "Dark Reading: ".