Martin Ricker reports: Jake Davis, the former hacker known as ‘Topiary’ and senior member of hacktivist groups Anonymous and Lulzsec has spoken about the scale of the ransomware challenge facing organisations today, and given his tips for staying secure. Speaking at Computing‘s recent Cyber Security Festival, Davis began by outlining his history as a hacktivist before…
Category: Commentaries and Analyses
Microsoft finds Netgear router bugs enabling corporate breaches
Sergiu Gatlan reports: Attackers could use critical firmware vulnerabilities discovered by Microsoft in some NETGEAR router models as a stepping stone to move laterally within enterprise networks. The security flaws impact DGN2200v1 series routers running firmware versions before v1.0.0.60 and compatible with all major DSL Internet service providers. They allow unauthenticated attackers to access unpatched routers’ management…
Western Digital to provide recovery services for hacked NAS drives
Western Digital has announced a new trade-in programme to help customers mitigate the effects of a mass malware attack that saw terabytes of data wiped from users’ NAS drives overnight. Those who lost data as a result of the hack will be able to benefit from Western Digital’s data recovery services, as well as a…
Still think you can negotiate with REvil and get your files back? Read this first.
The government and professionals involved in ransomware incident response have often advised victims not to pay the ransom because even if you pay, you may not get your data back, and you may not get your data deleted by criminals who pinky swear that they will delete it. Then, too, they may pinky swear that…
Hackers use zero-day to mass-wipe My Book Live devices
Lawrence Abrams reports that preliminary reports attributing a mass-wipe to a CVE from 2018 were not quite the whole story. Western Digital had originally told BleepingComputer that the attacks were being conducted through a 2018 vulnerability tracked as CVE-2018-18472, which was not fixed as the device has been out of support since 2015. It turns out that…
Data for 700M LinkedIn Users Posted for Sale in Cyber-Underground
Tara Seals reports: After 500 million LinkedIn enthusiasts were affected in a data-scraping incident in April, it’s happened again – with big security ramifications. A new posting with 700 million LinkedIn records has appeared on a popular hacker forum, according to researchers. Analysts from Privacy Sharks stumbled across the data put up for sale on…