School districts continue to be low-hanging fruit for threat actors. While Grief threat actors hacked and then dumped data from Clover Park School District in Washington, Booneville School District in Mississippi, and Lancaster ISD in Texas, Vice Society hacked and then dumped data from Whitehouse ISD, also in Texas. On June 28, DataBreaches.net emailed Whitehouse…
Category: Commentaries and Analyses
Dutch ethical hackers on a mission to fix the internet
AFP has a nice piece on Victor Gevers and the Dutch Institute for Vulnerability Disclosure. No, DIVD are not new kids on the block. They have been around for years, quietly and responsibly disclosing vulnerabilities, which is why some of us were appalled — and furious — when Victor was falsely accused of lying about…
Microsoft, Google, Citizen Lab blow lid off zero-day bug-exploiting spyware sold to governments
Iain Thomson reports: Software patches from Microsoft this week closed two vulnerabilities exploited by spyware said to have been sold to governments by Israeli developer Candiru. On Thursday, Citizen Lab released a report fingering Candiru as the maker of the espionage toolkit, an outfit Microsoft code-named Sourgum. It is understood the spyware, code-named DevilsTongue by Microsoft, exploited…
94% Of Organizations Have Suffered Insider Data Breaches, So Why Aren’t These a Bigger Worry?
Sometimes, 2+2 does not = 4, it seems. When employees falling for phishing attempts represent one of the two biggest preludes to a ransomware attack, why are 28% of IT leaders in a recent survey more concerned about malicious insiders than human error? Why are only 21% of those surveyed most concerned about human error?…
Is REvil really gone? Lots of speculation, no confirmation of anything yet.
The “Happy Blog” leak site belonging to the Sodinokibi threat actors known as “REvil” (“Are Evil”) is offline, and their spokesperson “Unknown” has been silent for a few days. Lawrence Abrams of Bleeping Computer says all of REvil’s sites are down, including the payment site. So have they folded? REvil’s “Unknown” consistently said they would…
Follow-up: Forensic audit didn’t reveal any unauthorized access to customer data: Mobikwik
Mint reports: Payments firm One Mobikwik Systems Ltd on Monday, in its draft IPO prospectus, said that a forensic audit conducted by an independent expert did not reveal any unauthorized access to its customer database in March. The alleged data breach came to light in March after unknown actors claimed they were selling Mobikwik’s data on the…