U.S. Government Seeks Information About Victims Of December 2017 EtherDelta Hack Conspiracy to defraud victims of cryptocurrency exchange platform resulted in theft of at least $1.4 million, prompting government to call for victims to come forward May 20 – SAN FRANCISCO – The Office of the United States Attorney and the United States Secret Service…
Category: Business Sector
Data of 100+ million Android users exposed via misconfigured cloud services
Ionut Ilascu reports: Security researchers discovered that personal data of more than 100 million Android users has been exposed due to various misconfigurations of cloud services. The data was found in unprotected real-time databases used by 23 apps with download counts ranging from 10,000 to 10 million and also includes internal developer resources. Read more…
Recruiter’s Cloud Snafu Exposes 20,000 CVs and ID Documents
Phil Muncaster reports: Tens of thousands of jobseekers have had their personal information exposed by a misconfigured cloud account, according to researchers. A team at Website Planet discovered the AWS S3 bucket left unprotected and unsecured by FastTrack Reflex Recruitment, now TeamBMS. The firm apparently specializes in recruitment for the building management systems sector, for projects including skyscrapers…
The Full Story of the Stunning RSA Hack Can Finally Be Told
Andy Greenberg reports: AMID ALL THE sleepless hours that Todd Leetham spent hunting ghosts inside his company’s network in early 2011, the experience that sticks with him most vividly all these years later is the moment he caught up with them. Or almost did. It was a spring evening, he says, three days—maybe four, time had…
Colonial Pipeline confirms it paid $4.4 million to hackers
Cathy Bussewitz of AP reports: The operator of the nation’s largest fuel pipeline confirmed it paid $4.4 million to a gang of hackers who broke into its computer systems. Colonial Pipeline said Wednesday that after it learned of the May 7 ransomware attack, the company took its pipeline system offline and needed to do everything…
Despite an alert from NYS DFS, some insurance companies with “instant quote” portals were victimized
On February 16, the NYS Department of Financial Services issued a cybersecurity fraud alert involving public-facing web sites where consumers could request “instant quotes” for car insurance or other products. The alert warned insurers that private information used to prefill requests was being stolen and misused for pandemic unemployment benefits fraud. At the time, they…