How GitHub untangled itself from the 'Octopus' malware that infected 26 software projects
For GitHub, not all reports about malicious software on its platform are of equal importance. The company behind the popular software repository, where developers often share code rather than building it from scratch, revealed this week that attackers were trying to exploit the open-source nature of the site to distribute malware. A hacking tool was designed to spread through software projects, then leave a "backdoor" that could offer hackers persistent access to the software. READ MORE...
Amtrak Discloses Security Incident Involving Guest Reward Accounts
U.S. passenger railroad service Amtrak last week started informing some customers that their personal information may have been compromised as a result of unauthorized access to Guest Reward accounts. A data breach notice shared by Amtrak with authorities reveals that the incident was discovered on April 16. The company determined that hackers gained access to some customers' Guest Reward accounts using compromised usernames and passwords. READ MORE...
NTT Communications Data Breach Affects Customers, Threatens Supply Chain
Japan-based systems integrator NTT Communications has disclosed a recent data breach that it said impacted hundreds of customers. The total affected comes to as many as 621 customers, the company said, but security experts worry about the impacts of the data breach due to the company's positioning as a systems integrator, which could create widespread ramifications for its supply-chain partners. READ MORE...
Krebs on Security - Career Choice Tip: Cybercrime is Mostly Boring
When law enforcement agencies tout their latest cybercriminal arrest, the defendant is often cast as a bravado outlaw engaged in sophisticated, lucrative, even exciting activity. But new research suggests that as cybercrime has become dominated by pay-for-service offerings, the vast majority of day-to-day activity needed to support these enterprises is in fact mind-numbingly boring and tedious, and that highlighting this reality may be a far more effective way to combat cybercrime. READ MORE...
New Yorker Indicted for Stealing Card Data via SQL Injection Attacks
The United States Department of Justice (DoJ) this week announced that a New York City man was charged for his participation in a cybercrime scheme involving the theft and trafficking of payment card data. The man, Vitalii Antonenko, 28, who was arrested in March 2019, was indicted for conspiring to gain unauthorized access to computer networks and traffic in unauthorized access devices. READ MORE...
Steganography Anchors Pinpoint Attacks on Industrial Targets
A targeted series of attacks on suppliers of equipment and software for industrial enterprises is playing out globally, researchers said, hinging on phishing and a steganography tactic to hide malware on public, legitimate image resources. According to Kaspersky ICS CERT, the attacks seem bent on stealing Windows credentials in order to lay the groundwork for lateral movement inside a target network and follow-on activity. READ MORE...
Ransomware locks down the Nipissing First Nation
The Nipissing First Nation administration stopped a ransomware attack in its tracks but not soon enough to prevent disruption of communications. The attack was discovered on May 8 and affected all departments of the administration but most of the network remained unaffected. First Nations is a term for describing people that are original inhabitants of the land that is now Canada. READ MORE...
Bank of America Security Incident Affects PPP Applicants
Bank of America has disclosed a security incident in which some data belonging to Paycheck Protection Program (PPP) applicants was exposed to SBA-authorized lenders and their vendors. The bank has been working with the US Treasury and Small Business Administration to process more than 305,000 PPP loan applications as part of a program intended to provide relief to small businesses. READ MORE...
- ...in 1779, the court-martial of Benedict Arnold convenes in Philadelphia, PA.
- ...in 1812, President Madison asks Congress to declare war on England.
- ...in 1958, During a French political crisis over the military and civilian revolt in Algeria, Charles de Gaulle is called out of retirement to head a new emergency government.
- ...in 1980, CNN (Cable News Network), the world's first 24-hour television news network, makes its debut.
