AFP has a nice piece on Victor Gevers and the Dutch Institute for Vulnerability Disclosure. No, DIVD are not new kids on the block. They have been around for years, quietly and responsibly disclosing vulnerabilities, which is why some of us were appalled — and furious — when Victor was falsely accused of lying about…
Microsoft, Google, Citizen Lab blow lid off zero-day bug-exploiting spyware sold to governments
Iain Thomson reports: Software patches from Microsoft this week closed two vulnerabilities exploited by spyware said to have been sold to governments by Israeli developer Candiru. On Thursday, Citizen Lab released a report fingering Candiru as the maker of the espionage toolkit, an outfit Microsoft code-named Sourgum. It is understood the spyware, code-named DevilsTongue by Microsoft, exploited…
Za: Bank account details stolen in major insurance hack in South Africa
Jan Vermeulen reports: An attack on debit order collection company Qsure has impacted several South African insurers who use its services, including Hollard and Guardrisk. Australian security researcher Troy Hunt recently posted a notice from Ooba to its clients saying that although they do not yet know if any Guardrisk and Ooba clients were affected,…
Rewards for Justice – Reward Offer for Information on Foreign Malicious Cyber Activity Against U.S. Critical Infrastructure
The following announcement is from the U.S. Department of State today: The U.S. Department of State’s Rewards for Justice (RFJ) program, which is administered by the Diplomatic Security Service, is offering a reward of up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the…
U.S. Government Launches First One-Stop Ransomware Resource at StopRansomware.gov
Press release from the Department of Justice today: Today, as part of the ongoing response, agencies across the U.S. government announced new resources and initiatives to protect American businesses and communities from ransomware attacks. The U.S. Department of Justice (DOJ) and the U.S. Department of Homeland Security (DHS), together with federal partners, have launched a…
Booneville and Lancaster school districts dealing with alleged cyberattacks
Clover Park School District in Washington state is only one of several k-12 districts recently attacked by threat actors calling themselves “Grief.” The same threat actors also attacked Booneville School District in Mississippi and Lancaster Independent School District in Texas. Note that DataBreaches.net has no information or confirmation to indicate whether either of the victims…