Ethan Wolff-Mann reports: Equifax used the word “admin” as both password and username for a portal that contained sensitive information, according to a class action lawsuit filed in federal court in the Northern District of Georgia. The lawsuit, filed in January, went viral on Twitter Friday after Buzzfeed reporter Jane Lytvynenko came across the detail. Read more…
Category: Of Note
Mishandling of Veterans’ Sensitive Personal Information on VA Shared Network Drives — Audit by Veterans Affairs OIG
VA OIG 19-06125-218 | October 17, 2019 From the Executive Summary: The OIG team found that veterans’ sensitive personal information was left unprotected on two shared network drives, where it was accessible to VSO officers who did not represent those veterans. Senior Office of Information and Technology (OIT) representatives told the team that other authenticated…
Stealthy Russian Hacker Group Resurfaces With Clever New Tricks
Andy Greenberg reports: In the notorious 2016 breach of the Democratic National Committee, the group of Russian hackers known as Fancy Bear stole the show, leaking the emails and documents they had obtained in a brazen campaign to sway the results of the US presidential election. But another, far quieter band of Kremlin hackers was inside…
No Kremlin Link Found to Russian Hacker Awaiting Extradition in Israel; One of Top 100 Hackers in the World?
Josh Breiner, Bar Peleg and Liza Rozovsky report: The U.S. Secret Service did not find any links between Russian hacker Aleksey Burkov and Russian intelligence, or any other government officials, the special agent who led the investigation, Erik Rasmussen, told Haaretz. Burkov’s name never came up in security contexts, or in Russian involvement in the…
South Korean National and Hundreds of Others Charged Worldwide in the Takedown of the Largest Darknet Child Pornography Website, Which was Funded by Bitcoin
From the Department of Justice: FOR IMMEDIATE RELEASE Wednesday, October 16, 2019 South Korean National and Hundreds of Others Charged Worldwide in the Takedown of the Largest Darknet Child Pornography Website, Which was Funded by Bitcoin Dozens of Minor Victims Who Were Being Actively Abused by the Users of the Site Rescued Jong Woo Son,…
Phorpiex botnet made $115,000 in five months just from mass-spamming sextortion emails
Catalin Cimpanu reports: Researchers at cyber-security firm Check Point say they’ve tracked one of the sources of the recent rise in sextortion emails to a good ol’ friend — the Phorpiex spam botnet, also known as Trik. Check Point says that since April, they’ve seen the botnet send out multiple spam campaigns with a “sextortion” lure —…