Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to…
Category: Commentaries and Analyses
URLs Are NOT Passwords, and Sadly, That Needed to Be Said (Stolowitz vs. Nuance Communications)
In 2014, Nuance Communications discovered that anyone could access protected health information on one of its platforms. After the situation persisted for years, a former employee decided to submit a whistleblower complaint to HHS. For his efforts, he spent more than one year fending off threatened federal hacking charges, even though no hacking was involved….
EvilProxy Phishing-As-A-Service With MFA Bypass Emerged In Dark Web
Seen on Resecurity’s blog: a reminder that our current defenses fall rapidly as nimble criminals find a work-around and that some developments enable second-tier or less sophisticated attackers to punch above their weight: Following the recent Twilio hack leading to the leakage of 2FA (OTP) codes, cybercriminals continue to upgrade their attack arsenal to orchestrate…
SGF Urges Need To Curb Data Breaches In Nigeria
Jacob Segun Olatunji reports: The Secretary to the Government of the Federation, Boss Mustapha, has urged the need to curb the menace of data breaches in the country. He made the call when the National Commissioner of Nigeria Data Protection Bureau (NDPB), Dr Vincent Olatunji, led some staff of the Bureau on a visit to…
Bits ‘n Pieces (Trozos y Piezas)
Argentina: More than 14,000 Reports Last Year Between April 2020 and March 2021, the Specialized Cybercrime Prosecution Unit registered 14,583 reports of cases associated with cybercrime, a 465% increase over the previous year. The #DatosEnFuga project attempts to improve security and data protection. It is an initiative of the organizations Democracia en Red, Fundación Vía Libre…
‘I think Indonesia’s cybersecurity is run by 14-year olds’: Hackers
In July, DataBreaches published a piece highlighting the increasing number of breaches and leaks affecting Indonesians showing up on marketplaces where personal data is shared or sold. “Growing risk to Indonesian citizens’ privacy as breaches and leaks appear on marketplaces” included several recent examples found on the popular forum, Breached.to (Breach Forums). Now a new…