Hackers proclaiming to be pro-ISIS defaced 10 Ohio government websites on Sunday as well as the government websites for Howard County, Maryland, and Brookhaven, Long Island.“Hacked by Team System DZ,” the defacements read. “Anti: Govt all word.”The pro-ISIS message continued:
You will be held accountable Trump, you and all your people for every drop of blood flowing in Muslim countries. I Love Islamic state.
Ohio Department of Rehabilitation and Corrections via Ohio Treasurer Josh Mandel
A screenshot of the defaced Ohio Department of Rehabilitation and Corrections website was posted on Facebook and Twitter by Ohio Treasurer Josh Mandel. He added, “OH Dept of Corrections website right now, this is what you see. Wake up freedom-loving Americans. Radical Islam infiltrating the heartland.”To read this article in full or to leave a comment, please click here
Hackers proclaiming to be pro-ISIS defaced 10 Ohio government websites on Sunday as well as the government websites for Howard County, Maryland, and Brookhaven, Long Island.“Hacked by Team System DZ,” the defacements read. “Anti: Govt all word.”The pro-ISIS message continued:
You will be held accountable Trump, you and all your people for every drop of blood flowing in Muslim countries. I Love Islamic state.
Ohio Department of Rehabilitation and Corrections via Ohio Treasurer Josh Mandel
A screenshot of the defaced Ohio Department of Rehabilitation and Corrections website was posted on Facebook and Twitter by Ohio Treasurer Josh Mandel. He added, “OH Dept of Corrections website right now, this is what you see. Wake up freedom-loving Americans. Radical Islam infiltrating the heartland.”To read this article in full or to leave a comment, please click here
At the IEEE Symposium on Security and Privacy 2017, researchers from the College of Management Academic Studies in Israel presented an interesting paper on bad password reset processes, “The Password Reset MitM Attack” (pdf). It explains how a weak attacker could take over accounts by exploiting vulnerabilities in password reset procedures.They dubbed the attack: password reset man-in-the-middle (PRMitM). The researchers said Google is “extremely vulnerable” to PRMitM, but Facebook, Yahoo, LinkedIn, Yandex and other sites and email services are also vulnerable as well as mobile apps like Whatsapp, Snapchat and Telegram.To read this article in full or to leave a comment, please click here
At the IEEE Symposium on Security and Privacy 2017, researchers from the College of Management Academic Studies in Israel presented an interesting paper on bad password reset processes, “The Password Reset MitM Attack” (pdf). It explains how a weak attacker could take over accounts by exploiting vulnerabilities in password reset procedures.They dubbed the attack: password reset man-in-the-middle (PRMitM). The researchers said Google is “extremely vulnerable” to PRMitM, but Facebook, Yahoo, LinkedIn, Yandex and other sites and email services are also vulnerable as well as mobile apps like Whatsapp, Snapchat and Telegram.To read this article in full or to leave a comment, please click here
We frequently hear that we can’t have privacy and security; sadly, that is often still the case as an audit of over 1,000 top websites analyzed for security and privacy practices showed an alarming trend for the third year in a row. The Online Trust Alliance said, “Sites either qualify for the Honor Roll or fail the Audit. In other words, sites increasingly either take privacy and security seriously and do well in the Audit, or lag the industry significantly in one or more critical areas.”There is good news and bad news coming out of the audit (pdf). The good news is that 52 percent of websites, the highest percent in nine years of the annual analysis, qualified for the OTA’s Honor Roll. The flipside is that 46 percent of the websites failed the audit; of those, bank did the worst.To read this article in full or to leave a comment, please click here
We frequently hear that we can’t have privacy and security; sadly, that is often still the case as an audit of over 1,000 top websites analyzed for security and privacy practices showed an alarming trend for the third year in a row. The Online Trust Alliance said, “Sites either qualify for the Honor Roll or fail the Audit. In other words, sites increasingly either take privacy and security seriously and do well in the Audit, or lag the industry significantly in one or more critical areas.”There is good news and bad news coming out of the audit (pdf). The good news is that 52 percent of websites, the highest percent in nine years of the annual analysis, qualified for the OTA’s Honor Roll. The flipside is that 46 percent of the websites failed the audit; of those, bank did the worst.To read this article in full or to leave a comment, please click here
You’d think if someone had amassed personal information on nearly every registered US voter, and stored that information on an Amazon S3 storage bucket, that it would at least be protected with a password. But thanks to a misconfigured server, personal data of 198 million Americans voters could be downloaded by anyone who happened across it. It is believed to be the largest leak of voter records to have ever occurred anywhere in the world.That giant oops caused by Deep Root Analytics, a data analytics firm contracted to compile the information for the Republican National Committee, contained names, birthdates, home and mailing addresses, phone numbers, party affiliations, suspected ethnicities and religions, as well as analytics on who people would likely vote for and their stance on hot-button issues such as gun control and abortion.To read this article in full or to leave a comment, please click here
You’d think if someone had amassed personal information on nearly every registered US voter, and stored that information on an Amazon S3 storage bucket, that it would at least be protected with a password. But thanks to a misconfigured server, personal data of 198 million Americans voters could be downloaded by anyone who happened across it. It is believed to be the largest leak of voter records to have ever occurred anywhere in the world.That giant oops caused by Deep Root Analytics, a data analytics firm contracted to compile the information for the Republican National Committee, contained names, birthdates, home and mailing addresses, phone numbers, party affiliations, suspected ethnicities and religions, as well as analytics on who people would likely vote for and their stance on hot-button issues such as gun control and abortion.To read this article in full or to leave a comment, please click here
We keep seeing a common theme when it comes to spyware sold exclusively to governments, surveillance spyware which is marketed as lawful tools to help governments fight crime and terrorism; those remote intrusion solutions are increasingly used to spy on people who the governments consider to be a threat because those people are revealing the truth to the public. The latest example comes from Mexico, showing how powerful spyware was used to target journalists investigating high-level official corruption and human rights defenders investigating government-sponsored human rights abuses.The surveillance spyware Pegasus (pdf), sold by the Israel-based NSO Group, is meant to remotely take complete control of mobile phones. While this isn’t the first time the stealthy Pegasus has been abused by governments for purposes other than preventing and investigating crimes, Citizen Lab said it is the first time a minor has been targeted with infection attempts using governmental spyware. Why target a kid? To spy on his mother.To read this article in full or to leave a comment, please click here
We keep seeing a common theme when it comes to spyware sold exclusively to governments, surveillance spyware which is marketed as lawful tools to help governments fight crime and terrorism; those remote intrusion solutions are increasingly used to spy on people who the governments consider to be a threat because those people are revealing the truth to the public. The latest example comes from Mexico, showing how powerful spyware was used to target journalists investigating high-level official corruption and human rights defenders investigating government-sponsored human rights abuses.The surveillance spyware Pegasus (pdf), sold by the Israel-based NSO Group, is meant to remotely take complete control of mobile phones. While this isn’t the first time the stealthy Pegasus has been abused by governments for purposes other than preventing and investigating crimes, Citizen Lab said it is the first time a minor has been targeted with infection attempts using governmental spyware. Why target a kid? To spy on his mother.To read this article in full or to leave a comment, please click here
We keep seeing a common theme when it comes to spyware sold exclusively to governments, surveillance spyware which is marketed as lawful tools to help governments fight crime and terrorism; those remote intrusion solutions are increasingly used to spy on people who the governments consider to be a threat because those people are revealing the truth to the public. The latest example comes from Mexico, showing how powerful spyware was used to target journalists investigating high-level official corruption and human rights defenders investigating government-sponsored human rights abuses.The surveillance spyware Pegasus (pdf), sold by the Israel-based NSO Group, is meant to remotely take complete control of mobile phones. While this isn’t the first time the stealthy Pegasus has been abused by governments for purposes other than preventing and investigating crimes, Citizen Lab said it is the first time a minor has been targeted with infection attempts using governmental spyware. Why target a kid? To spy on his mother.To read this article in full or to leave a comment, please click here
We’ve heard a lot about Russians attackers attempting to hack the US election, but another hacking group also allegedly wanted to interfere with the election; they attempted to pivot from compromised school districts to state voting systems.The Miami Herald reported that MoRo, a group of hackers based in Morocco, penetrated “at least four Florida school district networks” and purportedly searched for a way “to slip into other sensitive government systems, including state voting systems.”To read this article in full or to leave a comment, please click here
We’ve heard a lot about Russians attackers attempting to hack the US election, but another hacking group also allegedly wanted to interfere with the election; they attempted to pivot from compromised school districts to state voting systems.The Miami Herald reported that MoRo, a group of hackers based in Morocco, penetrated “at least four Florida school district networks” and purportedly searched for a way “to slip into other sensitive government systems, including state voting systems.”To read this article in full or to leave a comment, please click here
Watch out for attacks by Hidden Cobra, aka North Korean government hackers, the DHS and the FBI warned in a joint technical alert. The US government didn’t tiptoe around the issue, instead pointing the finger of blame at North Korea for a series of cyberattacks dating back to 2009.Who the heck is Hidden Cobra? You probably already know about these cyber actors who are usually referred to as the Lazarus Group. Back in 2014 when the hackers targeted Sony Pictures Entertainment, the group was publicly referring to itself as Guardians of the Peace.To read this article in full or to leave a comment, please click here
Watch out for attacks by Hidden Cobra, aka North Korean government hackers, the DHS and the FBI warned in a joint technical alert. The US government didn’t tiptoe around the issue, instead pointing the finger of blame at North Korea for a series of cyberattacks dating back to 2009.Who the heck is Hidden Cobra? You probably already know about these cyber actors who are usually referred to as the Lazarus Group. Back in 2014 when the hackers targeted Sony Pictures Entertainment, the group was publicly referring to itself as Guardians of the Peace.To read this article in full or to leave a comment, please click here
Two security firms have released reports about the malware which was used in the December 2016 Ukraine power outage, warning that the partial power outage in Kiev may have been test run; the malware could be leveraged against other countries, including the US.The malware, dubbed Crash Override in the Dragos report (pdf) and Industroyer in the ESET report (pdf), has nothing to do with espionage and everything to do with cyber-sabotage.Crash Override, Dragos says, “is the first ever malware framework designed and deployed to attack electric grids.” It could be “leveraged at multiple sites simultaneously.” Dragos founder Robert M. Lee told Reuters, “The malware is capable of causing outages of up to a few days in portions of a nation's grid, but is not potent enough to bring down a country's entire grid.”To read this article in full or to leave a comment, please click here
Two security firms have released reports about the malware which was used in the December 2016 Ukraine power outage, warning that the partial power outage in Kiev may have been test run; the malware could be leveraged against other countries, including the US.The malware, dubbed Crash Override in the Dragos report (pdf) and Industroyer in the ESET report (pdf), has nothing to do with espionage and everything to do with cyber-sabotage.Crash Override, Dragos says, “is the first ever malware framework designed and deployed to attack electric grids.” It could be “leveraged at multiple sites simultaneously.” Dragos founder Robert M. Lee told Reuters, “The malware is capable of causing outages of up to a few days in portions of a nation's grid, but is not potent enough to bring down a country's entire grid.”To read this article in full or to leave a comment, please click here
Nayana, a web hosting company in South Korea, suffered a ransomware attack over the weekend which resulted in more than a hundred Linux servers and thousands of websites being infected with Erebus ransomware. The initial ransom amount was astronomically high.Yesterday, I came across the news that a South Korean web hosting company had been infected by ransomware, but it was extremely short on details. The ransomware was Erebus; the attack occurred on Saturday and thousands of sites were reportedly infected.Today, Aju Business Daily provided more details. Nayana reportedly said 153 of its Linux servers were infected with Erebus. In turn, about 3,400 sites on the web hosting company’s servers were also infected.To read this article in full or to leave a comment, please click here
Nayana, a web hosting company in South Korea, suffered a ransomware attack over the weekend which resulted in more than a hundred Linux servers and thousands of websites being infected with Erebus ransomware. The initial ransom amount was astronomically high.Yesterday, I came across the news that a South Korean web hosting company had been infected by ransomware, but it was extremely short on details. The ransomware was Erebus; the attack occurred on Saturday and thousands of sites were reportedly infected.Today, Aju Business Daily provided more details. Nayana reportedly said 153 of its Linux servers were infected with Erebus. In turn, about 3,400 sites on the web hosting company’s servers were also infected.To read this article in full or to leave a comment, please click here
With E3 (Electronic Entertainment Expo) starting this week, we can expect a flood of gaming news. It remains to be seen if the person or people trying to extort Polish game developer CD Projekt Red will choose this week to leak stolen Cyberpunk 2077 game files.Instead of staying quiet about an extortion attempt, CD Projekt Red, the developers behind The Witcher 3, got out ahead of any potential leak by tweeting:
An unidentified individual or individuals have just informed us they are in possession of a few internal files belonging to CD PROJEKT RED. Among them are documents connected to early designs for the upcoming game, Cyberpunk 2077.To read this article in full or to leave a comment, please click here