Hacked government contractor shares breach details as investigation continues
The president of a hacked U.S. government contractor says a recent breach has cost his company $500,000 to $1 million in what he deemed a “learning experience” that should be shared with other organizations to raise their network defenses. “It could happen to anyone,” Sandesh Sharda, president of Arlington, Virginia-based Miracle Systems, told CyberScoop. “We keep hearing about all these hacks all the time, whether it’s Baltimore, whether it’s Texas, whether it’s Capital One, commercial or government.
Marketing Analytics Company Leaks Deep Profiles of Entire Ecuador Population
The entire population of Ecuador has been impacted by an open database on an unsecured server, housing a massive amount of personal information collected from public-sector sources by a marketing analytics company. The leaked database, which was found by vpnMentor’s research team, includes records for 20 million individuals, gleaned from Ecuadorian government registries, an automotive association called Aeade, and the Ecuadorian national bank.
Securing the 2020 Elections From Multifarious Threats
Special Counsel Robert Mueller indicted 13 Russian individuals and three Russian organizations for interfering in the 2016 elections. In recent months, both China and Iran have also been censured for attempting to use methods similar to the Russian approach to influence western public opinion. The question now is not whether there will be foreign attempts against the 2020 elections, but what can be done to protect the vote.
Emotet Revived with Large Spam Campaigns Around the World
Less than a month after reactivating its command and control (C2) servers, the Emotet botnet has come to like by spewing spam messages to countries around the globe. Malicious emails with Emotet's signature have been spotted Monday morning targeting Germany, the United Kingdom, Poland, and Italy. The spam campaign also hit the USA, targeting both individuals, business, and government entities.
BotSlayer tool can detect coordinated disinformation campaigns in real time
A new tool in the fight against online disinformation has been launched, called BotSlayer, developed by the Indiana University’s Observatory on Social Media. The software, which is free and open to the public, scans social media in real time to detect evidence of automated Twitter accounts – or bots – pushing messages in a coordinated manner, an increasingly common practice to manipulate public opinion by creating the false impression that many people are talking about a particular subject.
Former hacker warns against password reuse
Kyle Milliken is back from jail, and he has some advice for you. The 30-year-old hacker from Arkansas, according to his blog, at age 17 began phishing celebrity Myspace accounts and using them to send internet marketing spam. After earning $5,000 per week, he evolved to hack millions of email, forum, and social media accounts. Some of his largest thefts included Disqus (17.5 million), Kickstarter (5.2 million) and Imgur (1.7 million). He also claims to have hit Twitter and Pinterest among many others.
Webcam Security Snafus Expose 15,000 Devices
Researchers have discovered 15,000 private webcams around the globe which could be accessed by anyone with an internet connection, raising serious security and privacy concerns. Working for Wizcase, white hat Avishai Efrat located the exposed devices from multiple manufacturers including: AXIS net cameras; Cisco Linksys webcam; IP Camera Logo Server; IP WebCam; IQ Invision web camera; Mega-Pixel IP Camera; Mobotix; WebCamXP 5 and Yawcam.
Researchers uncover 125 vulnerabilities across 13 routers and NAS devices
In a cybersecurity study of network attached storage (NAS) systems and routers, Independent Security Evaluators (ISE) found 125 vulnerabilities in 13 IoT devices, reaffirming an industrywide problem of a lack of basic security diligence. The vulnerabilities discovered in the SOHOpelessly Broken 2.0 research likely affect millions of IoT devices.
Most Port Vulnerabilities Are Found in Three Ports
The vast majority of vulnerabilities in ports are found in just three, making it theoretically easier for organizations to defend them against attack, according to Alert Logic. The security vendor analyzed 1.3 petabytes of security data, over 2.8 billion IDS events, 8.2 million verified incidents, and common vulnerabilities for more than 700 SMB customers, in order to compile its Critical Watch Report for 2019.
