[The following was originally posted at PogoWasRight.org] As the world reels from daily cyber attacks, it’s more important than ever to understand how our online behavior can negatively impact our family and work. From storing usernames and passwords in the browser to using the same device for work, personal financial matters, and playing online games,…
Category: Of Note
WT1SHOP and WT1STORE Websites Selling Stolen Login Credentials and Other Personally Identifying Information is Seized and Its Operator Faces Federal Charges for Conspiracy and Trafficking in Unauthorized Access Devices
Greenbelt, Maryland – A website operating as a marketplace for over 5.85 million records of personally identifying information (PII) was seized today by Portuguese authorities and a federal criminal complaint charging the website’s alleged operator has been unsealed. Law enforcement in the U.S. has also seized four domains used by the website: “wt1shop.net,” “wt1store.cc,” “wt1store.com,”…
CSA Alert (AA22-249A) #StopRansomware: Vice Society
Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to…
URLs Are NOT Passwords, and Sadly, That Needed to Be Said (Stolowitz vs. Nuance Communications)
In 2014, Nuance Communications discovered that anyone could access protected health information on one of its platforms. After the situation persisted for years, a former employee decided to submit a whistleblower complaint to HHS. For his efforts, he spent more than one year fending off threatened federal hacking charges, even though no hacking was involved….
EvilProxy Phishing-As-A-Service With MFA Bypass Emerged In Dark Web
Seen on Resecurity’s blog: a reminder that our current defenses fall rapidly as nimble criminals find a work-around and that some developments enable second-tier or less sophisticated attackers to punch above their weight: Following the recent Twilio hack leading to the leakage of 2FA (OTP) codes, cybercriminals continue to upgrade their attack arsenal to orchestrate…
Medical billing service in Florida one of the latest victims of ransomware attacks
Add NCG Medical to business associates who a ransomware attack has compromised. The medical billing service in Florida was added to the Hive ransomware group’s leak site on August 31, with Hive claiming that they encrypted NCG’s files on August 19. The 12-day gap between encryption and publicly revealing the attack is a relatively short…