Kimberly Goody, Jeremy Kennelly, Jaideep Natu, Christopher Glyer write: FireEye is tracking a set of financially-motivated activity referred to as TEMP.MixMaster that involves the interactive deployment of Ryuk ransomware following TrickBot malware infections. These operations have been active since at least December 2017, with a notable uptick in the latter half of 2018, and have…
Category: Commentaries and Analyses
SingHealth breach review recommends remedies that should already be basic security policies
Eileen Yu reports: A culmination of bad system management and undertrained IT staff, amongst other gaps, had resulted in Singapore’s most severe cybersecurity breach last July, according to the committee formed to review the events leading up to the SingHealth incident. […] The 454-page report published today outlined 16 recommendations the committee said were made…
Shutdown delays TSA data-security efforts
Adam Mazmanian reports: The Transportation Security Administration is looking to consolidate contracts and streamline technology in the system used to protect key elements of the air travel infrastructure from terrorist infiltration. But the ongoing shutdown is preventing TSA from moving ahead with a planned $230 million procurement. TSA’s Technology Procurement Division was scheduled to host…
thedarkoverlord experiments with its approach to amassing BTC
I’ve probably reported more on the blackhats known as thedarkoverlord (TDO) than other journalists, and I’ve probably spent more time chatting with them about their work than any other journalist. But despite my considerable investment of time, there are times when I simply do not understand why they are doing what they are doing. As…
Growing Pains: As HackerOne has grown, is it harming what it intended to help? Part 2.
This is Part 2. Part 1 can be found here. HackerOne’s Managed Triage From what I understand of HackerOne’s managed triage, “Finders” (researchers) submit their findings to HackerOne, whose triagers/analysts review the submissions before the program it is written for ever sees anything. There is a clear potential for conflict and corruption in the system…
Growing Pains: As HackerOne has grown, is it harming what it intended to help? Part 1.
This is Part 1. Part 2 can be found here. In November, Catalin Cimpanu reported that Russian researcher, Sergey Zelenyuk, had publicly disclosed a VirtualBox 0day instead of first disclosing the problem to Oracle or working through a bug bounty platform. Curious to see what Zelenyuk’s justification for his actions would be, I found that…