Marco A. De Felice aka @amvinfe has begun a series of articles on the Blackbaud breach. He begins with Blackbaud’s initially inaccurate claims that no Social Security numbers, bank account data, or sensitive details had been accessed and exfiltrated. As most people know by now, Blackbaud had to issue an update to its original notification,…
Category: Commentaries and Analyses
A security flaw in Grindr let anyone easily hijack user accounts
Zack Whittaker writes: Grindr, one of the world’s largest dating and social networking apps for gay, bi, trans, and queer people, has fixed a security vulnerability that allowed anyone to hijack and take control of any user’s account using only their email address. Wassime Bouimadaghene, a French security researcher, found the vulnerability and reported the issue…
Hacker Uploads Own Fingerprints To Crime Scene In Dumbest Cyber Attack Ever
Davey Winder reports: Max Heinemeyer, director of threat hunting at Darktrace, thought it would be interesting to look back at the seven years since launching its AI-powered cybersecurity solution. Look back through the lens of some of the weirdest attacks that the AI cyber-brain had identified that is. You know what, he was right. I’ve…
Was OFAC’s Advisory an October Surprise or More of the Same?
Lee A. Casey and Theodore J. Kobus III of BakerHostetler comment on the recent OFAC advisory that made a lot of headlines this past week. As I had pointed out in my preface to coverage of the advisory, it was footnoted that the advisory does not have the force of law or change any regulations…
Hackers Take Advantage of India’s Loose Data Privacy Laws
SiliconIndia reports: India has some of the loosest data policy laws on the planet. Hackers have seen these loose data privacy laws as the opening they need to steal data and sell it on the black market. Regulations are changing, but many experts that are seeing the importance of data protection feel that they are not moving…
Attacks Aimed at Disrupting the Trickbot Botnet
Brian Krebs reports: Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot, an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying ransomware within compromised organizations. On Sept….