Breach Notification , Incident & Breach Response , Security Operations Seller of 99 Million Customers’ Stolen Data Calls Firm ‘Incompetent,’ but Stops Sale Mathew J. Schwartz (euroinfosec) • April 1, 2021 A broker of breached data claims via dedicated .onion leak site to have deleted 8TB of stolen MobiKwik customer data that the…
Application Security & Online Fraud , Cybercrime , Fraud Management & Cybercrime NY Officials: Fraudsters Continue to Probe Sites for Security Weaknesses Prajeet Nair (@prajeetspeaks) • April 2, 2021 New York state officials are warning CISOs and other executives in the banking and insurance industries that fraudsters continue to probe for security weaknesses…
Governance & Risk Management , Identity & Access Management , IT Risk Management Discussion Tackles Critical Risk Management Issues Anna Delaney (annamadeline) • April 1, 2021 Clockwise, from top left: Suparna Goswami, Anna Delaney, Mathew Schwartz and Tom Field Four editors at Information Security Media…
UK Cyber Security Council Officially Launches as Independent Body | IT Security News Sponsors Endpoint Cybersecurity www.endpoint-cybersecurity.com – Consulting in building your security products– Employee awareness training– Security tests for applications and pentesting… and more. Daily Summary Categories CategoriesSelect Category(ISC)2 Blog (323)(ISC)2 Blog infosec (13)(ISC)² Blog (334)2020-12-08 – Files for an ISC diary (recent Qakbot activity) (1)2020-12-11 – Quick…
The US Department of Justice has indicted today a Kansas man on charges of hacking into the computer system of a local water utility and trying to sabotage water processing operations with the intent to harm the local public. According to court documents, the incident took place on March 27, 2019, and involved Wyatt Travnichek,…
Greg Woolf of FiVerity Discusses a Federal Reserve Initiative to Better Define the Crime Nick Holland (@nickster2407) • April 2, 2021 Greg Woolf, CEO and founder, FiVerity Synthetic identity fraud (SIF) is a pervasive yet ill-defined crime. Greg Woolf of FiVerity discusses a recent initiative by the…
Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Malware as-a-Service Google: Attackers Leverage Social Media Accounts Akshaya Asokan (asokan_akshaya) • April 2, 2021 Screenshot of the fake “SecuriElite” website (Source: Google TAG) A North Korean government-backed threat group that was detected targeting security researchers in January is once again staging a…
Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Malware as-a-Service Google: Attackers Leverage Social Media Accounts Akshaya Asokan (asokan_akshaya) • April 2, 2021 Screenshot of the fake “SecuriElite” website (Source: Google TAG) A North Korean government-backed threat group that was detected targeting security researchers in January is once again staging a…
A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.
Company Called Out by Whistleblower for Attack Response Doug Olenick (DougOlenick) • April 2, 2021 Internet of things vendor Ubiquiti revealed in a security notice Wednesday that an attacker had attempted to extort money from the company following a December 2020 cyber incident – a fact not mentioned in the company’s Jan. 11…
