Catalin Cimpanu reports: Cyber-security firm Imperva published today a detailed post-mortem report of a security breach the company disclosed two months ago, in August. The company blamed the security breach on an Amazon Web Services (AWS) API key a hacker stole from an internal system that was left accessible from the internet. Read more on ZDNet.
Category: Commentaries and Analyses
Hook, line and sinker: How I fell victim to phishing attacks – again and again
Charlie Osborne bravely discloses all the ways she fell for phishing attacks — even though she is clearly more knowledgeable and sophisticated than the average person. And if it can happen to her, it can happen to you. Or worse, me. 🙂 Read her article on ZDNet.
DHS cyber unit wants to subpoena ISPs to identify vulnerable systems
Zack Whittaker reports: Homeland Security’s cybersecurity division is pushing to change the law that would allow it to demand information from internet providers that would identify the owners of vulnerable systems, TechCrunch has learned. Sources familiar with the proposal say the Cybersecurity and Infrastructure Security Agency (CISA), founded just less than a year ago, wants the…
Muhstik Ransomware Victim Hacks Back, Releases Decryption Keys
Yes, I know law enforcement always publicly advises against hacking back, but sometimes you just want to cheer when hacking back thwarts the bad guys. Lawrence Abrams reports: A victim of the Muhstik Ransomware has hacked back against his attackers and released close to 3,000 decryption keys for victims along with a free decryptor to…
Taconic Biosciences settles lawsuit stemming from 2017 W-2 phishing breach (updated)
One of the victim companies of a W-2 phishing attack that this site reported in 2017 was a New York firm called Taconic Biocences. A copy of their notification to the Maryland Attorney General’s Office is still available online, here. Recently, News10 in New York reported that there has been a $2.7 million settlement in…
Switzerland stops information exchange with Bulgaria
Cristian Angeloni reports: The Swiss Federal Council has halted its automatic exchange of information (AEOI) agreement with Bulgaria. The move follows a problem with data security in the Eastern European country in July 2019, when a leak exposed financial account information of four million Bulgarians and foreign taxpayers. Although the Bulgarian National Revenue Agency was…