Zack Whittaker reports: Security vulnerabilities in a popular Chinese-built GPS vehicle tracker can be easily exploited to track and remotely cut the engines of at least a million vehicles around the world, according to new research. Worse, the company that makes the GPS trackers has made no effort to fix them. Cybersecurity startup BitSight said…
Category: Commentaries and Analyses
CERT-MX suffers credibility #FAIL, accuses DataBreaches.net of disclosing unauthorized info.
Is Mexico’s CERT / Guardia Nacional suffering from heat exhaustion, bad AI, or political pressure? How else can we explain their bizarre attempt to take down this site? Long-time readers of this site know that over the past 16 years or so that I have been blogging, I have been the recipient of all kinds…
Over 670k cyber attack cases in India this year so far: Centre
Hindustan Times reports: Over 670,000 cases related to cyber security were reported in India till June this year, Union minister Ajay Kumar Mishra informed Lok Sabha on Tuesday. Mishra also said that over three million such cases were reported in the country since 2019 till last month. In a written reply to a question in…
Justice Department Seizes and Forfeits Approximately $500,000 from North Korean “Maui” Ransomware Actors and their Conspirators
The Justice Department today announced a complaint filed in the District of Kansas to forfeit cryptocurrency paid as ransom to North Korean hackers or otherwise used to launder such ransom payments. In May 2022, the FBI filed a sealed seizure warrant for the funds worth approximately half a million dollars. The seized funds include ransoms…
In yet another long gap to notification, a covered entity notifies patients of a May 2021 cyberattack
On May 5, 2021, Benson Health in North Carolina (formerly known as Benson Area Medical Center) discovered that it was the target of a cyberattack. According to their notification dated July 7, 2022, they immediately launched an investigation, engaged a law firm specializing in cybersecurity and data privacy, and engaged third-party forensic specialists to assist….
10,000 organisations targeted by phishing attack that bypasses multi-factor authentication
Graham Cluley writes: Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences. The attackers used AiTM (Attacker-in-The-Middle) reverse-proxy sites to pose as Office 365 login pages which requested MFA codes, and then use them…