Dennis Fisher writes: The string of ransomware attacks against state and local government agencies that began to ramp up a couple years ago is continuing unabated, and the attackers in some incidents are becoming quite aggressive with their ransom demands. […] Data collected by security firm Barracuda on ransomware attacks shows that there were 55…
Category: Commentaries and Analyses
Andy Frain Services reports stolen laptop, but were they also hacked?
Andy Frain Services has reported a breach to the California Attorney General’s Office. The breach reportedly occurred on May 2, and their letter to those affected begins: We are writing with important information regarding a recent security incident. The privacy and security of the personal information we maintain is of the utmost importance to Andy Frain…
Security breach on Pepperfry exposes details of users; now plugged
Pranav Hegde reports: A major security flaw was detected on online furniture store Pepperfry’s website, which could have allowed users to sign in to another registered user’s account. Pepperfry has claimed that the bug was fixed within an hour of being detected. Security researcher Ehraz Ahmed found the bug on Pepperfry’s website, which could have…
Thousands of servers infected with new Lilocked (Lilu) ransomware
Catalin Cimpanu reports: Thousands of web servers have been infected and had their files encrypted by a new strain of ransomware named Lilocked (or Lilu). Infections have been happening since mid-July, and have intensified in the past two weeks, ZDNet has learned. Read more on ZDNet.
FTC Takes Tougher Data Security Stance After LabMD Fight
Sara Merken reports: The Federal Trade Commission is issuing specific data security requirements to companies as part of agency settlements, policing businesses more aggressively than before, attorneys and former staff said. Proposed settlements reached this year with LightYear Dealer Technologies LLC, ClixSense.com, Unixiz Inc, and D-Link Systems Inc. show what the FTC is expecting in…
Author of multiple IoT botnets pleads guilty
Catalin Cimpanu reports: A 21-year-old from Vancouver, Washington pleaded guilty today to creating and operating multiple iterations of DDoS botnets made up of home routers and other networking and Internet of Things (IoT) devices. Kenneth Currin Schuchman, known online as Nexus Zeta, rented access to these botnets to others, but he also used the botnets…