2021

DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized

Krebs on Security

The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills.

533 Million Facebook Account Records Posted to Forum

Data Breach Today

Facebook Says Data Comes from Previously Reported 2019 Incident A security researcher found more than 500 million Facebook records made available for free on the darknet, exposing basic user information including any phone numbers associated with accounts.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

MY TAKE: How consumer-grade VPNs are enabling individuals to do DIY security

The Last Watchdog

Historically, consumers have had to rely on self-discipline to protect themselves online. Related: Privacy war: Apple vs. Facebook. I’ve written this countless times: keep your antivirus updated, click judiciously, practice good password hygiene. Then about 10 years ago, consumer-grade virtual private networks, or VPNs, came along, providing a pretty nifty little tool that any individual could use to deflect invasive online tracking. Consumer-grade VPNs have steadily gained a large following.

B2C 168

A Closer Look at the DarkSide Ransomware Gang

Krebs on Security

The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe , stranding countless barrels of gasoline, diesel and jet fuel on the Gulf Coast.

The Unexpected Cost of Data Copies

This paper will discuss why organizations frequently end up with multiple data copies and how a secure "no-copy" data strategy enabled by the Dremio data lake service can help reduce complexity, boost efficiency, and dramatically reduce costs.

Whistleblower: Ubiquiti Breach “Catastrophic”

Krebs on Security

On Jan. 11, Ubiquiti Inc. NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials.

Cloud 285

More Trending

ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users

Krebs on Security

Someone is selling account information for 21 million customers of ParkMobile , a mobile parking app that’s popular in North America. The stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses.

Facebook Tries to 'Scrape' Its Way Through Another Breach

Data Breach Today

Social Network Attempts 'Not Hacking' Spin on Theft of 533 Million Users' Details Facebook has been attempting to dismiss the appearance of a massive trove of user data by claiming it wasn't hacked, but scraped.

IT 266

Three Top Russian Cybercrime Forums Hacked

Krebs on Security

Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked.

Can We Stop Pretending SMS Is Secure Now?

Krebs on Security

SMS text messages were already the weakest link securing just about anything online, mainly because there are tens of thousands of employees at mobile stores who can be tricked or bribed into swapping control over a mobile phone number to someone else.

Insights on Choosing an Identity Verification Solution Provider

Sort through today’s crowded identity verification solutions landscape with our guide, designed to help you choose the right provider based on your unique needs.

US Pulls Back Curtain on Russian Cyber Operations

Data Breach Today

Foreign Intelligence Service's Techniques, Partners Revealed While the Biden administration is betting that the latest round of sanctions aimed at Russia and its economy will help deter the country's cyber operations, several U.S.

IT 257

SolarWinds Hires Chris Krebs to Reboot Its Cybersecurity

Data Breach Today

Hacked Firm Also Taps Former Facebook CSO as It Responds to Supply Chain Attack As security software firm SolarWinds investigates the supply chain attack involving its Orion software and looks to rebuild its security processes and reputation, it's hired former U.S.

Sealed U.S. Court Records Exposed in SolarWinds Breach

Krebs on Security

The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S.

A Basic Timeline of the Exchange Mass-Hack

Krebs on Security

Sometimes when a complex story takes us by surprise or knocks us back on our heels, it pays to revisit the events in a somewhat linear fashion.

IT 263

Cassandra Data Modeling Guide to Best Practices

Are you a developer, database architect, or database administrator that's new to Cassandra but have been tasked with developing a Cassandra schema design? Learn the basic rules to keep in mind when designing your schema for Cassandra.

Patient Files Dumped on Darknet Site After Hacking Incidents

Data Breach Today

Data Appears to Come From 2 Healthcare Organizations in Florida, Texas The Conti cybercrime gang has reportedly leaked sensitive patient data, as well as employee records, on a darknet site following recent hacker attacks on a two healthcare organizations in Florida and Texas

262
262

Are You One of the 533M People Who Got Facebooked?

Krebs on Security

Ne’er-do-wells leaked personal data — including phone numbers — for some 553 million Facebook users this week. Facebook says the data was collected before 2020 when it changed things to prevent such information from being scraped from profiles.

Nigerian Gets 10-Year Sentence for BEC Scam

Data Breach Today

Prosecutors: Crime Operation Extorted $11 Million A Nigerian national has been sentenced to 10 years in prison after pleading guilty to taking part in a business email compromise operation that extorted $11 million from its victims, according to the U.S. Department of Justice

IT 256

Texas Man Charged With Planning to Bomb AWS Data Center

Data Breach Today

DOJ: Suspect Believed He Could Disrupt 70% of Internet Traffic A Texas man is facing a federal charge after he allegedly tried to buy explosives from an undercover FBI agent to bomb an AWS data center in Virginia, according to the Justice Department.

246
246

Use It, Save It, Or Lose It: Spring Cleaning for Information Governance

Speaker: Speakers Michelle Kirk of Georgia Pacific, Darla White of Sanofi, & Scott McVeigh of Onna

As an organization’s most valuable asset, data should be cared for and integrated, managed, archived, and deleted as appropriate. Join Onna, Georgia Pacific, and Sanofi for this on-demand webinar as they discuss proactive, practical steps for kicking off your organization's own digital cleanup.

Defining and Refining Next-Gen AML

Data Breach Today

David Stewart of SAS on the Tools and Technologies Deployed to Fight Financial Crimes As the financial payments landscape shifts, and as fraudsters employ new technologies and techniques, institutions are deploying a next generation of anti-money laundering defenses.

IT 260

Experian API Exposed Credit Scores of Most Americans

Krebs on Security

Big-three consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned.

Analysis: 2020 Health Data Breach Trends

Data Breach Today

Ransomware, Phishing Incidents, Vendor Hacks Prevail Hacking incidents, including ransomware and phishing attacks, as well as security incidents involving vendors dominated the federal tally of major health data breaches in 2020

A Tale of 3 Data 'Leaks': Clubhouse, LinkedIn, Facebook

Data Breach Today

Confusion Over Hacking, Scraping and Amassing Highlights Data Lockdown Imperative Criminals love to amass and sell vast quantities of user data, but not all such data sets necessarily pose a fresh risk to users.

Risk 244

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

Biden Inauguration: Defending Against Cyberthreats

Data Breach Today

Experts Warn of an Elevated Risk of Attack From Domestic, Foreign Actors As thousands of National Guard troops pour into Washington to provide security for the Jan.

Colonial Pipeline Starts Recovery from Ransomware

Data Breach Today

Report: DarkSide Ransomware Gang Infected Fuel Supplier Colonial Pipeline Company has restored smaller pipelines that ship fuels to the U.S. East Coast after a ransomware incident, but its larger ones are still offline as it assesses safety. Citing U.S.

No, I Did Not Hack Your MS Exchange Server

Krebs on Security

New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name. Let’s just get this out of the way right now: It wasn’t me.

Attackers Using Malicious Doc Builder Called 'EtterSilent'

Data Breach Today

Report: Builder Allows Cybercriminals to Create Specialized Office Documents Cybercriminal gangs are using a newly uncovered malicious document builder called "EtterSilent" to create differentiated and harder-to-discover malicious documents that can be deployed in phishing attacks.

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

President Biden Orders SolarWinds Intelligence Assessment

Data Breach Today

New Administration Signals Importance of Cybersecurity to National Security Agenda The new Biden administration has pledged to hold Russia accountable for its recent "reckless and adversarial" actions and has ordered a full-scale intelligence review of the SolarWinds hack.

Iranian Nuclear Site Shut Down by Apparent Cyberattack

Data Breach Today

Report: Israeli Government Involved Israeli public media outlet Kan, citing intelligence sources, says an Israeli government cyberattack was responsible for the shutdown of an Iranian nuclear power facility on Sunday in what Iran describes as an act of "sabotage

FBI: DarkSide Ransomware Used in Colonial Pipeline Attack

Data Breach Today

Company Moves Into Remediation Phase; White House Monitoring Incident The FBI and White House confirmed Monday that the DarkSide ransomware variant was used in the Friday attack that caused disruptions at Colonial Pipeline Co., which operates a pipeline that supplies fuel throughout the eastern U.S.