Thomas Claburn reports: Infosec pros and hackers regularly abuse cloud service providers to conduct reconnaissance and attacks, despite efforts by cloud providers to limit such activity. In a recent research paper titled “Cloud as an Attack Platform” [PDF], five boffins from Texas Tech University – Moitrayee Chatterjee, Prerit Datta, Faranak Abri, Akbar Siami-Namin, and Keith…
Category: Commentaries and Analyses
If you’re despairing at staff sharing admin passwords, look on the bright side. That’s CIA-grade security
Shaun Nichols reports: The CIA was so focused on developing whizzbang exploit code, it left any thought of basic computer security principles on the kitchen counter before dashing off to work each morning. That oversight led to the super-agency inadvertently spilling its hacking tools ultimately into the hands of WikiLeaks, which duly disclosed details of the spies’…
North Korea’s state hackers caught engaging in BEC scams
Catalin Cimpanu reports: At the ESET Virtual World security conference on Tuesday, security researchers from Slovak antivirus maker ESET have disclosed a new operation orchestrated by the Pyongyang regime’s infamous state-sponsored hacker crews. Codenamed “Operation In(ter)ception,” this campaign targeted victims for both cyber-espionage and financial theft. Read more on ZDNet.
Warning issued over hackable security cameras
Amer Owaida reports: Around 3.5 million security cameras installed in homes and offices mainly in Asia and Europe have serious vulnerabilities that expose the gadgets’ owners to the risk that attackers will spy on them, steal their data or target other devices on the same networks, the United Kingdom’s consumer watchdog Which? has warned. “Brands with…
Lessons learned from the ANPR data leak that shook Britain
Ax Sharma reports: On April 28, 2020, The Register reported the massive Automatic Number-Plate Recognition (ANPR) system used by the Sheffield government authorities was leaking some 8.6 million driver records. An online ANPR dashboard responsible for managing the cameras, tracking license plate numbers and viewing vehicle images was left exposed on the internet, without any password or…
Minted hit with California data breach lawsuit after ShinyHunters hack
We anticipated a lot of lawsuits would be filed under California’s new law, the California Consumer Privacy Act (CCPA), as it imposes a data security duty on organizations. But will any of the complaints filed withstand early motions to dismiss? The CCPA requires complainants to give the organization 30 days to “cure” a violation and…