Police have successfully infiltrated and disrupted the fraud platform “LabHost”, used by more than 2,000 criminals to defraud victims worldwide.
Read more in my article on the Tripwire State of Security blog.
Cybersecurity
Smashing Security podcast #368: Gary Barlow, and a scam turns deadly
Take That’s Gary Barlow chats up a pizza-slinging granny from Essex via Facebook, or does he? And a scam takes a sinister turn – for both the person being scammed and an innocent participant – in Ohio.
All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Who Stole 3.6M Tax Records from South Carolina?
For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state’s revenue department in 2012 and stealing tax and bank account information for 3.6 million people. The answer may no longer be a mystery: KrebsOnSecurity found compelling clues suggesting the intrusion was carried out by the same Russian hacking crew that stole of millions of payment card records from big box retailers like Home Depot and Target in the years that followed.
Crickets from Chirp Systems in Smart Lock Key Leak
The U.S. government is warning that smart locks securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The lock’s maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021. Meanwhile, Chirp’s parent company, RealPage, Inc., is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents.
Zambia arrests 77 people in swoop on “scam” call centre
Law enforcement officers in Zambia have arrested 77 people at a call centre company they allege had employed local school-leavers to engage in scam internet users around the world.
Read more in my article on the Hot for Security blog.
Why CISA is Warning CISOs About a Breach at Sisense
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA urged all Sisense customers to reset any credentials and secrets that may have been shared with the company, which is the same advice Sisense gave to its customers Wednesday evening.
East Central University suffers BlackSuit ransomware attack
The East Central University (ECU) of Ada, Oklahoma, has revealed that a ransomware gang launched an attack against its systems that left some computers and servers encrypted and may have also seen sensitive information stolen.
Read more in my article on the Hot for Security blog.
DragonForce ransomware – what you need to know
Learn more about the DragonForce ransomware – how it came to prominence, and some of the unusual tactics used by the hackers who extort money from companies with it.
Read more in my article on the Tripwire State of Security blog.
When a breach goes from 25 documents to 1.3 terabytes…
If 25 documents stolen is “very serious,” I’m not sure the words exist to describe the 1.3 terabytes of data that Leicester City Council now says it has had stolen by hackers.
Smashing Security podcast #367: WhatsApp at Westminster, unhealthy AI, and Drew Barrymore
MPs aren’t just getting excited about an upcoming election, but also the fruity WhatsApp messages they’re receiving, can we trust AI with our health, and who on earth is pretending to be a producer for the Drew Barrymore TV show?
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by John Hawes.