I’ve reported on this concern before, but Tom Spring has a nice write-up on ThreatPost that begins: Recent attacks against insecure MongoDB, Hadoop and CouchDB installations represent a new phase in online extortion, born from ransomware’s roots with the promise of becoming a nemesis for years to come. “These types of attacks have grown from…
Category: Commentaries and Analyses
Third-party incidents continue to put patient ePHI at risk: Protenus
Protenus, Inc. has released its Breach Barometer for January. As they report, 2017 is starting out where 2016 left off: we are seeing an average of one breach per day involving health data. Protenus’s report, based on 31 incidents, reported that there were 388,307 breached records for the 26 incidents for which they had numbers. The single largest…
FBI Search Warrant That Fueled Massive Government Hacking Was Unconstitutional, EFF Tells Court
Boston—An FBI search warrant used to hack into thousands of computers around the world was unconstitutional, the Electronic Frontier Foundation (EFF) told a federal appeals court today in a case about a controversial criminal investigation that resulted in the largest known government hacking campaign in domestic law enforcement history. The Constitution requires law enforcement officers seeking a search warrant…
Hackers Using RDP Attacks to Install CRYSIS Ransomware
How many times do folks need to be told to disable Remote Desktop Protocol (RDP) if it’s not necessary and in use? As Ionut Arghire reports,here’s another reason if you still haven’t addressed the risks to your security. CRYSIS, a ransomware family that emerged last year, is being distributed via Remote Desktop Protocol (RDP) brute…
If you’ve been meaning to remind your employees not to fall for the W-2 phishing scam….
If you’ve been meaning to remind your employees not to fall for the W-2 phishing scam, but just haven’t managed to get around to it yet, consider this report yesterday from Wapack Labs about what they’re seeing in marketplaces on the darkweb: Wapack Labs has identified an actor in the Tor-based markets – we have labeled…
While investigating W-2 phishing scam, company discovers they were scammed last year, too (Updated)
The 2017 W-2 Phishing Victims List continues to grow, and I’m not posting most of them as individual reports, but one news story involving Monarch Beverage Company in Indianapolis deserves special mention because as CBS reports: While investigating this incident, the company discovered the same thing happened in April 2016. A scammer posing as the…