Ionut Ilascu reports: Hackers accessed the internal network of Czech cybersecurity company Avast, likely aiming for a supply chain attack targeting CCleaner. Detected on September 25, intrusion attempts started since May 14. Following an investigation, the antivirus maker determined that the attacker was able to gain access using compromised credentials via a temporary VPN account….
Category: Of Note
Russian cyberattack unit ‘masqueraded’ as Iranian hackers, UK says
Helen Warrell in London and Henry Foy report: A Russian cyber espionage unit has hacked Iranian hackers to lead attacks in more than 35 countries, a joint UK and US investigation has revealed. The so-called Turla group, which has been linked with Russian intelligence, allegedly hijacked the tools of Oilrig, a group widely linked to the…
The Untold Story of the 2018 Olympics Cyberattack, the Most Deceptive Hack in History
Andy Greenberg reports: Just before 8 pm on February 9, 2018, high in the northeastern mountains of South Korea, Sang-jin Oh was sitting on a plastic chair a few dozen rows up from the floor of Pyeongchang’s vast, pentagonal Olympic Stadium. He wore a gray and red official Olympics jacket that kept him warm despite the…
Equifax used ‘admin’ as username and password for sensitive data: lawsuit
Ethan Wolff-Mann reports: Equifax used the word “admin” as both password and username for a portal that contained sensitive information, according to a class action lawsuit filed in federal court in the Northern District of Georgia. The lawsuit, filed in January, went viral on Twitter Friday after Buzzfeed reporter Jane Lytvynenko came across the detail. Read more…
Mishandling of Veterans’ Sensitive Personal Information on VA Shared Network Drives — Audit by Veterans Affairs OIG
VA OIG 19-06125-218 | October 17, 2019 From the Executive Summary: The OIG team found that veterans’ sensitive personal information was left unprotected on two shared network drives, where it was accessible to VSO officers who did not represent those veterans. Senior Office of Information and Technology (OIT) representatives told the team that other authenticated…
Stealthy Russian Hacker Group Resurfaces With Clever New Tricks
Andy Greenberg reports: In the notorious 2016 breach of the Democratic National Committee, the group of Russian hackers known as Fancy Bear stole the show, leaking the emails and documents they had obtained in a brazen campaign to sway the results of the US presidential election. But another, far quieter band of Kremlin hackers was inside…