<b>⌨ Email Provider VFEmail Suffers ‘Catastrophic’ Hack ⌨</b>
<code>Email provider VFEmail has suffered what the company is calling “catastrophic destruction” at the hands of an as-yet unknown intruder who trashed all of the company’s primary and backup data in the United States. The firm’s founder says he now fears some 18 years’ worth of customer email may be gone forever.</code><code>Founded in 2001 and based in Milwaukee, Wisc., VFEmail provides email service to businesses and end users. The first signs of the attack came on the morning of Feb. 11, when the company’s Twitter account started fielding reports from users who said they were no longer receiving messages. VFEmail’s Twitter account responded that “external facing systems, of differing OS’s and remote authentication, in multiple data centers are down.”</code><code>Media</code><code>Two hours later, VFEmail tweeted that it had caught a hacker in the act of formatting one of the company’s mail servers in The Netherlands.</code><code>“nl101 is up, but no incoming email,” read a tweet shortly thereafter. “I fear all US based data my be lost.”</code><code>“At this time, the attacker has formatted all the disks on every server,” wrote VFEmail. “Every VM [virtual machine] is lost. Every file server is lost, every backup server is lost. Strangely, not all VMs shared the same authentication, but all were destroyed. This was more than a multi-password via ssh exploit, and there was no ransom. Just attack and destroy.”</code><code>In an update posted to the company’s Web site, VFEmail owner Rick Romero wrote that new email was being delivered and that efforts were being made to recover what user data could be salvaged.</code><code>“At this time I am unsure of the status of existing mail for US users,” Romero wrote. “If you have your own email client, DO NOT TRY TO MAKE IT WORK. If you reconnect your client to your new mailbox, all your local mail will be lost.”</code><code>Reached by KrebsOnSecurity on Tuesday morning, Romero said he was able to recover a backup drive hosted in The Netherlands, but that he fears all of the mail for U.S. users may be irreparably lost.</code><code>“I don’t have very high expectations of getting any U.S. data back,” Romero said in an online chat.</code><code>John Senchak, a longtime VFEmail user from Florida who also has been a loyal reader and commenter at this blog, told KrebsOnSecurity that the attack completely wiped out his inbox at the company — some 60,000 emails sent and received over more than a decade.</code><code>“I have a account with that site, all the email in my account was deleted,” Senchak said.</code><code>Asked if he had any clues about the attackers or how they may have broken in, Romero said the intruder appeared to be doing his dirty work from a server based in Bulgaria (94.155.49[9], username “aktv.”)</code><code>“I haven’t done much digging yet on the actors,” he said. “It looked like the IP was a Bulgarian hosting company. So I’m assuming it was just a virtual machine they were using to launch the attack from. There definitely was something that somebody didn’t want found. Or, I really pissed someone off. That’s always possible.”</code><code>This isn’t the first time criminals have targeted VFEmail. I wrote about the company in 2015 after it suffered a debilitating distributed denial-of-service (DDoS) attack after Romero declined to pay a ransom demand from an online extortion group. Another series of DDoS attacks in 2017 forced VFEmail to find a new hosting provider.</code><code>In December 2018, Romero tweeted that service had been disrupted by a DDoS attack that he attributed to “script kiddies,” a derisive reference to low-skilled online hooligans.</code><code>“After 17 years if I was planning it shut it down, it’d be shut down by me – not script kiddies,” Romero wrote on Dec. 8.</code><code>Attacks that seek to completely destroy data and servers without any warning or extortion demand are not as common…
<code>Email provider VFEmail has suffered what the company is calling “catastrophic destruction” at the hands of an as-yet unknown intruder who trashed all of the company’s primary and backup data in the United States. The firm’s founder says he now fears some 18 years’ worth of customer email may be gone forever.</code><code>Founded in 2001 and based in Milwaukee, Wisc., VFEmail provides email service to businesses and end users. The first signs of the attack came on the morning of Feb. 11, when the company’s Twitter account started fielding reports from users who said they were no longer receiving messages. VFEmail’s Twitter account responded that “external facing systems, of differing OS’s and remote authentication, in multiple data centers are down.”</code><code>Media</code><code>Two hours later, VFEmail tweeted that it had caught a hacker in the act of formatting one of the company’s mail servers in The Netherlands.</code><code>“nl101 is up, but no incoming email,” read a tweet shortly thereafter. “I fear all US based data my be lost.”</code><code>“At this time, the attacker has formatted all the disks on every server,” wrote VFEmail. “Every VM [virtual machine] is lost. Every file server is lost, every backup server is lost. Strangely, not all VMs shared the same authentication, but all were destroyed. This was more than a multi-password via ssh exploit, and there was no ransom. Just attack and destroy.”</code><code>In an update posted to the company’s Web site, VFEmail owner Rick Romero wrote that new email was being delivered and that efforts were being made to recover what user data could be salvaged.</code><code>“At this time I am unsure of the status of existing mail for US users,” Romero wrote. “If you have your own email client, DO NOT TRY TO MAKE IT WORK. If you reconnect your client to your new mailbox, all your local mail will be lost.”</code><code>Reached by KrebsOnSecurity on Tuesday morning, Romero said he was able to recover a backup drive hosted in The Netherlands, but that he fears all of the mail for U.S. users may be irreparably lost.</code><code>“I don’t have very high expectations of getting any U.S. data back,” Romero said in an online chat.</code><code>John Senchak, a longtime VFEmail user from Florida who also has been a loyal reader and commenter at this blog, told KrebsOnSecurity that the attack completely wiped out his inbox at the company — some 60,000 emails sent and received over more than a decade.</code><code>“I have a account with that site, all the email in my account was deleted,” Senchak said.</code><code>Asked if he had any clues about the attackers or how they may have broken in, Romero said the intruder appeared to be doing his dirty work from a server based in Bulgaria (94.155.49[9], username “aktv.”)</code><code>“I haven’t done much digging yet on the actors,” he said. “It looked like the IP was a Bulgarian hosting company. So I’m assuming it was just a virtual machine they were using to launch the attack from. There definitely was something that somebody didn’t want found. Or, I really pissed someone off. That’s always possible.”</code><code>This isn’t the first time criminals have targeted VFEmail. I wrote about the company in 2015 after it suffered a debilitating distributed denial-of-service (DDoS) attack after Romero declined to pay a ransom demand from an online extortion group. Another series of DDoS attacks in 2017 forced VFEmail to find a new hosting provider.</code><code>In December 2018, Romero tweeted that service had been disrupted by a DDoS attack that he attributed to “script kiddies,” a derisive reference to low-skilled online hooligans.</code><code>“After 17 years if I was planning it shut it down, it’d be shut down by me – not script kiddies,” Romero wrote on Dec. 8.</code><code>Attacks that seek to completely destroy data and servers without any warning or extortion demand are not as common…
🕴 2019 Security Spending Outlook 🕴
📖 Read
via "Dark Reading: ".
Cybersecurity and IT risk budgets continue to grow. Here's how they'll be spent.📖 Read
via "Dark Reading: ".
Darkreading
2019 Security Spending Outlook
Cybersecurity and IT risk budgets continue to grow. Here's how they'll be spent.
🕴 Black Hat Asia Business Hall Sessions Offer New Cybersecurity Insights 🕴
📖 Read
via "Dark Reading: ".
Dont overlook these promising Business Hall Sessions in Singapore next month. Theyre short, sweet, and open to all Black Hat Asia 2019 passholders.📖 Read
via "Dark Reading: ".
Dark Reading
Black Hat Asia Business Hall Sessions Offer New Cybersecurity Insights
Don't overlook these promising Business Hall Sessions in Singapore next month. They're short, sweet, and open to all Black Hat Asia 2019 passholders.
⚠ Linux container bug could eat your server from the inside – patch now! ⚠
📖 Read
via "Naked Security".
Crooks could take over your network thanks to a critical bug in a popular Linux containerisation toolkit... here's what you need to know.📖 Read
via "Naked Security".
Naked Security
Linux container bug could eat your server from the inside – patch now!
Crooks could take over your network thanks to a critical bug in a popular Linux containerisation toolkit… here’s what you need to know.
❌ Adobe Fixes 43 Critical Acrobat and Reader Flaws ❌
📖 Read
via "Threatpost | The first stop for security news".
Overall, Adobe patched 75 important and critical vulnerabilities - including a flaw that could allow bad actors to steal victims’ hashed password values.📖 Read
via "Threatpost | The first stop for security news".
Threat Post
Adobe Fixes 43 Critical Acrobat and Reader Flaws
Overall, Adobe patched 75 important and critical vulnerabilities - including a flaw that could allow bad actors to steal victims’ hashed password values.
🕴 Identifying, Understanding & Combating Insider Threats 🕴
📖 Read
via "Dark Reading: ".
Your organization is almost certainly on the lookout for threats from outside the company. But are you ready to address threats from within?📖 Read
via "Dark Reading: ".
🕴 Symantec Acquires Luminate to Build on Cloud Security 🕴
📖 Read
via "Dark Reading: ".
Luminate Security, which specializes in software-defined perimeter technology, will extend Symantec's integrated defense platform.📖 Read
via "Dark Reading: ".
Dark Reading
Symantec Acquires Luminate to Build on Cloud Security
Luminate Security, which specializes in software-defined perimeter technology, will extend Symantec's integrated defense platform.
🕴 'Picnic' Passes Test for Protecting IoT From Quantum Hacks 🕴
📖 Read
via "Dark Reading: ".
Researchers from DigiCert, Utimaco, and Microsoft Research gives thumbs-up to a new algorithm for implementing quantum hacking-proof digital certificates.📖 Read
via "Dark Reading: ".
Dark Reading
IoT recent news | Dark Reading
Explore the latest news and expert commentary on IoT, brought to you by the editors of Dark Reading
🔐 Have tech companies taken two-factor authentication too far? 🔐
📖 Read
via "Security on TechRepublic".
Apple is facing a lawsuit from a user claiming that two-factor authentication is a "waste of their personal time." Here's why businesses shouldn't ignore the security measure.📖 Read
via "Security on TechRepublic".
TechRepublic
Have tech companies taken two-factor authentication too far?
Apple is facing a lawsuit from a user claiming that two-factor authentication is a "waste of their personal time." Here's why businesses shouldn't ignore the security measure.
❌ Xiaomi M365 Electric Scooter Hacked and Remotely Controlled ❌
📖 Read
via "Threatpost | The first stop for security news".
Hackers up to 100 meters away could take over Xiaomi M365 scooters to brake or accelerate them.📖 Read
via "Threatpost | The first stop for security news".
Threat Post
Xiaomi M365 Electric Scooter Hacked and Remotely Controlled
Hackers up to 100 meters away could take over Xiaomi M365 scooters to brake or accelerate them.
❌ Major Container Security Flaw Threatens Cascading Attacks ❌
📖 Read
via "Threatpost | The first stop for security news".
A fundamental component of container technologies like Docker, cri-o, containerd and Kubernetes contains an important vulnerability that could cause cascading attacks.📖 Read
via "Threatpost | The first stop for security news".
Threat Post
Major Container Security Flaw Threatens Cascading Attacks
A fundamental component of container technologies like Docker, cri-o, containerd and Kubernetes contains an important vulnerability that could cause cascading attacks.
❌ Attackers Completely Destroy VFEmail’s Secure Mail Infrastructure ❌
📖 Read
via "Threatpost | The first stop for security news".
"Every file server is lost, every backup server is lost.”📖 Read
via "Threatpost | The first stop for security news".
Threat Post
Attackers Completely Destroy VFEmail’s Secure Mail Infrastructure
"Every file server is lost, every backup server is lost.”
❌ Critical WordPress Plugin Flaw Allows Complete Website Takeover ❌
📖 Read
via "Threatpost | The first stop for security news".
Users of the popular plugin, Simple Social Buttons, are encouraged to update to version 2.0.22.📖 Read
via "Threatpost | The first stop for security news".
Threat Post
Critical WordPress Plugin Flaw Allows Complete Website Takeover
Users of the popular plugin, Simple Social Buttons, are encouraged to update to version 2.0.22.
🕴 Devastating Cyberattack on Email Provider Destroys 18 Years of Data 🕴
📖 Read
via "Dark Reading: ".
All data belonging to US users-including backup copies-have been deleted in catastrophe, VMEmail says.📖 Read
via "Dark Reading: ".
Darkreading
Devastating Cyberattack on Email Provider Destroys 18 Years of Data
All data belonging to US users—including backup copies—have been deleted in catastrophe, VFEmail says.
❌ Microsoft Patches Zero-Day Browser Bug Under Active Attack ❌
📖 Read
via "Threatpost | The first stop for security news".
In its February Patch Tuesday bulletin Microsoft patches four public bugs and one that under active attack.📖 Read
via "Threatpost | The first stop for security news".
Threat Post
Microsoft Patches Zero-Day Browser Bug Under Active Attack
In its February Patch Tuesday bulletin Microsoft patches four public bugs and one that under active attack.
❌ Double-Stuffed: Dunkin’ Hit by Another Credential-Stuffing Attack ❌
📖 Read
via "Threatpost | The first stop for security news".
Dunkin’ Donuts may have just launched its first double-filled doughnut, but another doubling up is not quite as tasty. The chain has suffered its second credential-stuffing attack in three months. Like the first incident, the attack targeted pastry aficionados that have DD Perks accounts, which is Dunkin’s loyalty program. Names, email addresses, 16-digit DD Perks […]📖 Read
via "Threatpost | The first stop for security news".
Threat Post
Double-Stuffed: Dunkin’ Hit by Another Credential-Stuffing Attack
Dunkin’ Donuts’ loyalty program was hit with a credential stuffing attack that targeted names, email addresses, 16-digit DD Perks account numbers and DD Perks QR codes.
🕴 Microsoft, Adobe Both Close More Than 70 Security Issues 🕴
📖 Read
via "Dark Reading: ".
With their regularly scheduled Patch Tuesday updates, both companies issued fixes for scores of vulnerabilities in their widely used software.📖 Read
via "Dark Reading: ".
Darkreading
Microsoft, Adobe Both Close More Than 70 Security Issues
With their regularly scheduled Patch Tuesday updates, both companies issued fixes for scores of vulnerabilities in their widely used software.
🕴 Up to 100,000 Reported Affected in Landmark White Data Breach 🕴
📖 Read
via "Dark Reading: ".
Australian property valuation firm Landmark White exposed files containing personal data and property valuation details.📖 Read
via "Dark Reading: ".
Darkreading
Up to 100,000 Reported Affected in Landmark White Data Breach
Australian property valuation firm Landmark White exposed files containing personal data and property valuation details.
❌ Siemens Warns of Critical Remote-Code Execution ICS Flaw ❌
📖 Read
via "Threatpost | The first stop for security news".
The affected SICAM 230 process control system is used as an integrated energy system for utility companies, and as a monitoring system for smart-grid applications.📖 Read
via "Threatpost | The first stop for security news".
Threat Post
Siemens Warns of Critical Remote-Code Execution ICS Flaw
The affected SICAM 230 process control system is used as an integrated energy system for utility companies, and as a monitoring system for smart-grid applications.
ATENTION‼ New - CVE-2017-0938
📖 Read
via "National Vulnerability Database".
Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks.📖 Read
via "National Vulnerability Database".