Thanks to assistance from Banbreach and Huffington Post reporter Rachna Khaira in India, a leak of thousands of children’s names and grades, and their parents’ names and email addresses has finally been secured. But it really shouldn’t have been so difficult to accomplish. Back in August, I was contacted by one of a few researchers who…
How a Russian firm helped catch an alleged NSA data thief
Fascinating reporting by Kim Zetter on Politico. The 2016 arrest of a former National Security Agency contractor charged with a massive theft of classified data began with an unlikely source: a tip from a Russian cybersecurity firm that the U.S. government has called a threat to the country. Moscow-based Kaspersky Lab turned Harold T. Martin…
SingHealth breach review recommends remedies that should already be basic security policies
Eileen Yu reports: A culmination of bad system management and undertrained IT staff, amongst other gaps, had resulted in Singapore’s most severe cybersecurity breach last July, according to the committee formed to review the events leading up to the SingHealth incident. […] The 454-page report published today outlined 16 recommendations the committee said were made…
NC: Arrest Made in ‘Sextortion’ Scam Involving More Than 40 Women, Including UNCG Students: Police
Fox8 reports: A man was arrested by UNC-Greensboro police after a three-month “sextortion” investigation, according to the university. Kevin Kerney, 31, of Denton, is accused of pretending to be a modeling agent to solicit photos and extort social media accounts of young women. UNCG reports the man offered the women the opportunity to become a…
Thedarkoverlord releases more 9/11 files, KickAss Forum seized by law enforcement?
Updated: After this post was published, other information became available suggesting that law enforcement may not have taken down KickAss and that the seizure notice placed on that url may have either been placed by KickAss or by some third party or parties. See updates at the bottom of this post. This is obviously a…
New tool automates phishing attacks that bypass 2FA
Catalin Cimpanu reports: A new penetration testing tool published at the start of the year by a security researcher can automate phishing attacks with an ease never seen before and can even blow through login operations for accounts protected by two-factor authentication (2FA). Named Modlishka –the English pronunciation of the Polish word for mantis– this…