Jeremiah Fowler of Security Discovery tackles a common problem researchers and journalists experience all too frequently: There is a growing trend among organizations and companies to simply deny that live production data is real. As a security researcher I often hear that everyone is a small start-up and all data is test data, or it…
Category: Commentaries and Analyses
Imperva blames data breach on stolen AWS API key
Catalin Cimpanu reports: Cyber-security firm Imperva published today a detailed post-mortem report of a security breach the company disclosed two months ago, in August. The company blamed the security breach on an Amazon Web Services (AWS) API key a hacker stole from an internal system that was left accessible from the internet. Read more on ZDNet.
Hook, line and sinker: How I fell victim to phishing attacks – again and again
Charlie Osborne bravely discloses all the ways she fell for phishing attacks — even though she is clearly more knowledgeable and sophisticated than the average person. And if it can happen to her, it can happen to you. Or worse, me. 🙂 Read her article on ZDNet.
DHS cyber unit wants to subpoena ISPs to identify vulnerable systems
Zack Whittaker reports: Homeland Security’s cybersecurity division is pushing to change the law that would allow it to demand information from internet providers that would identify the owners of vulnerable systems, TechCrunch has learned. Sources familiar with the proposal say the Cybersecurity and Infrastructure Security Agency (CISA), founded just less than a year ago, wants the…
Muhstik Ransomware Victim Hacks Back, Releases Decryption Keys
Yes, I know law enforcement always publicly advises against hacking back, but sometimes you just want to cheer when hacking back thwarts the bad guys. Lawrence Abrams reports: A victim of the Muhstik Ransomware has hacked back against his attackers and released close to 3,000 decryption keys for victims along with a free decryptor to…
Taconic Biosciences settles lawsuit stemming from 2017 W-2 phishing breach (updated)
One of the victim companies of a W-2 phishing attack that this site reported in 2017 was a New York firm called Taconic Biocences. A copy of their notification to the Maryland Attorney General’s Office is still available online, here. Recently, News10 in New York reported that there has been a $2.7 million settlement in…