Ionut Ilascu reports: Hackers accessed the internal network of Czech cybersecurity company Avast, likely aiming for a supply chain attack targeting CCleaner. Detected on September 25, intrusion attempts started since May 14. Following an investigation, the antivirus maker determined that the attacker was able to gain access using compromised credentials via a temporary VPN account….
UKIP leader suspended over data theft allegations
BBC reports: UKIP has suspended its leader and three other members after they were accused of stealing data from the party. An email to all members from chairman Kirstan Herriot said she was “forced to take serious action” against Richard Braine, Tony Sharp, Jeff Armstrong and Mark Dent. This included reporting them to Action Fraud…
Russian cyberattack unit ‘masqueraded’ as Iranian hackers, UK says
Helen Warrell in London and Henry Foy report: A Russian cyber espionage unit has hacked Iranian hackers to lead attacks in more than 35 countries, a joint UK and US investigation has revealed. The so-called Turla group, which has been linked with Russian intelligence, allegedly hijacked the tools of Oilrig, a group widely linked to the…
The Untold Story of the 2018 Olympics Cyberattack, the Most Deceptive Hack in History
Andy Greenberg reports: Just before 8 pm on February 9, 2018, high in the northeastern mountains of South Korea, Sang-jin Oh was sitting on a plastic chair a few dozen rows up from the floor of Pyeongchang’s vast, pentagonal Olympic Stadium. He wore a gray and red official Olympics jacket that kept him warm despite the…
Leaky Autoclerk database exposes info on travelers, including military and gov’t personnel
Teri Robinson reports: A leak at Autoclerk, a reservations management system recently acquired by the Western Hotel & Resorts Group, exposed personal and travel information on hotel guests, including members of the U.S. government, military and Department of Homeland Security. […] Even after contacting the United States Computer Emergency Readiness Team (CERT) on Sept. 13…
Everything’s broken, Monday edition (medical data leaks)
It seems that every week I hear from researchers who find patient data or medical data exposed. And I know some of them spend inordinate amounts of time trying to contact entities to get them to secure their unsecured sensitive data. Some of these researchers do this for no pay and no expectation or hope…