HackDig : Dig high-quality web security articles

Are You One of the 533M People Who Got Facebooked?

Ne’er-do-wells leaked personal data — including phone numbers — for some 553 million Facebook users this week. Facebook says the data was collected before 2020 when it changed things to prevent such information from being scraped from profiles. To my mind, this just reinforces the need to remove mobile phone numbers from all of your online
Publish At:2021-04-06 16:05 | Read:215 | Comments:0 | Tags:Data Breaches The Coming Storm Alon Gal Facebook breach Have

Ransom Gangs Emailing Victim Customers for Leverage

Some of the top ransomware gangs are deploying a new pressure tactic to push more victim organizations into paying an extortion demand: Emailing the victim’s customers and partners directly, warning that their data will be leaked to the dark web unless they can convince the victim firm to pay up. This letter is from the Clop ransomware gang, putting pr
Publish At:2021-04-05 19:30 | Read:251 | Comments:0 | Tags:Ransomware The Coming Storm Bleeping Computer Clop Emsisoft

Can We Stop Pretending SMS Is Secure Now?

SMS text messages were already the weakest link securing just about anything online, mainly because there are tens of thousands of employees at mobile stores who can be tricked or bribed into swapping control over a mobile phone number to someone else. Now we’re learning about an entire ecosystem of companies that anyone could use to silently intercept
Publish At:2021-03-16 20:36 | Read:238 | Comments:0 | Tags:Latest Warnings The Coming Storm Allison Nixon ALT-SPID Luck

Warning the World of a Ticking Time Bomb

Globally, hundreds of thousand of organizations running Exchange email servers from Microsoft just got mass-hacked, including at least 30,000 victims in the United States. Each hacked server has been retrofitted with a “web shell” backdoor that gives the bad guys total, remote control, the ability to read all email, and easy access to the victim&
Publish At:2021-03-09 20:54 | Read:310 | Comments:0 | Tags:The Coming Storm Time to Patch Allison Nixon Check My OWA Un

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

At least 30,000 organizations across the United States — including a significant number of small businesses, towns, cities and local governments — have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that’s focused on stealing email from victim organizations, multiple sources tell KrebsOnSecurity.
Publish At:2021-03-05 19:24 | Read:308 | Comments:0 | Tags:Latest Warnings The Coming Storm Time to Patch Hafnium Micro

Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails

Microsoft Corp. today released software updates to plug four security holes that attackers have been using to plunder email communications at companies that use its Exchange Server products. The company says all four flaws are being actively exploited as part of a complex attack chain deployed by a previously unidentified Chinese cyber espionage group. The
Publish At:2021-03-02 21:12 | Read:243 | Comments:0 | Tags:Latest Warnings The Coming Storm Time to Patch CVE-2021-2685

Is Your Browser Extension a Botnet Backdoor?

A company that rents out access to more than 10 million Web browsers so that clients can hide their true Internet addresses has built its network by paying browser extension makers to quietly include its code in their creations. This story examines the lopsided economics of extension development, and why installing an extension can be such a risky propositio
Publish At:2021-03-01 14:00 | Read:276 | Comments:0 | Tags:A Little Sunshine The Coming Storm chrome extensions chrome-

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Facebook, Instagram, TikTok, and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. The coordinated action seized hundreds of accounts the companies say have played a major role in facilitating the trade and often lucrative resale of compromised, highly sought-after usernames. At the
Publish At:2021-02-04 15:50 | Read:468 | Comments:0 | Tags:Ne'er-Do-Well News The Coming Storm Web Fraud 2.0 @H4CK @Tru

The Taxman Cometh for ID Theft Victims

The unprecedented volume of unemployment insurance fraud witnessed in 2020 hasn’t abated, although news coverage of the issue has largely been pushed off the front pages by other events. But the ID theft problem is coming to the fore once again: Countless Americans will soon be receiving notices from state regulators saying they owe thousands of dollar
Publish At:2021-01-29 17:00 | Read:453 | Comments:0 | Tags:Latest Warnings Tax Refund Fraud The Coming Storm 1099-G Kar

Hamas May Be Threat to 8chan, QAnon Online

In October 2020, KrebsOnSecurity looked at how a web of sites connected to conspiracy theory movements QAnon and 8chan were being kept online by DDoS-Guard, a dodgy Russian firm that also hosts the official site for the terrorist group Hamas. New research shows DDoS-Guard relies on data centers provided by a U.S.-based publicly traded company, which experts
Publish At:2021-01-05 15:48 | Read:542 | Comments:0 | Tags:A Little Sunshine The Coming Storm 8chan CoreSite ddos-guard

VMware Flaw a Vector in SolarWinds Breach?

U.S. government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets. According to sources, among those was a flaw in software virtualization platform VMware, which the U.S.
Publish At:2020-12-18 14:54 | Read:462 | Comments:0 | Tags:Data Breaches The Coming Storm APT 29 Ars Technica Cozy Bear

U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise

Communications at the U.S. Treasury and Commerce Departments were reportedly compromised by a supply chain attack on SolarWinds, a security vendor that helps the federal government and a range of Fortune 500 companies monitor the health of their IT networks. Given the breadth of the company’s customer base, experts say the incident may be just the firs
Publish At:2020-12-14 13:24 | Read:536 | Comments:0 | Tags:Data Breaches The Coming Storm APT29 Cybersecurity and Infra

Ransomware Group Turns to Facebook Ads

It’s bad enough that many ransomware gangs now have blogs where they publish data stolen from companies that refuse to make an extortion payment. Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up. On the evening of Monday, Nov. 9, an ad campaign apparently taken out b
Publish At:2020-11-10 14:17 | Read:643 | Comments:0 | Tags:Ransomware The Coming Storm Chris Hodson Emsisoft Fabian Wos

FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals

On Monday, Oct. 27, KrebsOnSecurity began following up on a tip from a reliable source that an aggressive Russian cybercriminal gang known for deploying ransomware was preparing to disrupt information technology systems at hundreds of hospitals, clinics and medical care facilities across the United States. Today, officials from the FBI and the U.S. Departmen
Publish At:2020-10-28 22:05 | Read:595 | Comments:0 | Tags:Latest Warnings Ransomware The Coming Storm alex holden Char

The Now-Defunct Firms Behind 8chan, QAnon

Some of the world’s largest Internet firms have taken steps to crack down on disinformation spread by QAnon conspiracy theorists and the hate-filled anonymous message board 8chan. But according to a California-based security researcher, those seeking to de-platform these communities may have overlooked a simple legal solution to that end: Both the Neva
Publish At:2020-10-22 20:20 | Read:737 | Comments:0 | Tags:A Little Sunshine Ne'er-Do-Well News The Coming Storm 8chan