Cyber Security

Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic. ') } else document.write(' ') Image Source: CDC Newsroom Image library 7/21/2020US Indicts 2 Chinese Nationals for Stealing IP & Business Secrets, Including COVID-19 ResearchPair working on behalf of themselves and China's Ministry of State Security, Justice Department says. 7/20/2020Number of Reported Breaches Decrease In First Half of 2020With the pandemic as a backdrop, publicly reported US data breaches dropped as more employees and suppliers stayed home. UK Data Privacy Legislation Cannot Be Bypassed to Limit Spread of COVID-19The UK faces GDPR data privacy challenges regarding its COVID-19 "Test and Trace" program. Despite th...

  The cloud space has been evolving for almost a decade. As a company we’re a major cloud user ourselves. That means we’ve built up a huge amount of in-house expertise over the years around cloud migration — including common challenges and perspectives on how organizations can best approach projects to improve success rates. As part of our #LetsTalkCloud series, we’ve focused on sharing some of this expertise through conversations with our own experts and folks from the industry. To kick off the series, we discussed some of the security challenges solution architects and security engineers face with customers when discussing cloud migrations. Spoiler…these challenges may not be what you expect.   Drag and drop   This lack of strategy and planning from the start is ...

It started with one weird tweet. Then another. Quickly, some of the most prominent accounts on Twitter were all sending out the same message; I am giving back to the community. All Bitcoin sent to the address below will be sent back double! If you send $1,000, I will send back $2,000. Only doing this for 30 minutes. [- BITCOIN WALLET ADDRESS -] Are Apple, Elon Musk, Barrack Obama, Uber, Joe Biden, and a host of others participating in a very transparent bitcoin scheme? No. Of course, not. The question was whether or not individual accounts were compromised or if something deeper was going on. User Account Protection These high profile accounts are prime targets for cybercriminals. They have a broad reach, and even a brief compromise of one of these accounts would...

US DoJ charged two Chinese hackers working with China’s Ministry of State Security with hacking into computer systems of government organizations and companies worldwide. US DoJ charged two Chinese hackers working with China’s Ministry of State Security with hacking into computer systems of government organizations and companies worldwide. According to the Department of Justice’s Office of Public Affairs, the Chinese nationals and residents LI Xiaoyu (李啸宇 aka Oro0lxy), 34, and DONG Jiazhi (董家志), 33, were allegedly involved in a cyber espionage campaign that is lasting more than ten years (from September 1, 2009, and continuing through on or about July 7, 2020). “A federal grand jury in Spokane, Washington, returned an indictment earlier this month ...

Maybe Coinbase should send Twitter an invoice, because it certainly sounds like their quick thinking helped prevent last week’s hack from leaving a lot more Twitter users with empty wallets. As we reported at the time, cybercriminals successfully managed to seize control of a number of high profile Twitter accounts last week, using them to tweet out messages designed to trick unsuspecting followers into handing over their Bitcoins. The messages, which were posted from the genuine Twitter accounts of the likes of Joe Biden, Bill Gates, Elon Musk, Barack Obama, Kanye West, Apple, Uber, and others invited users to send their money to a Bitcoin wallet under criminal control, with the promise that they would double their money. Twitter subsequentl...

We’ve seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Such coverage is potentially quite harmful and plays deftly into the hands of organized crime. Often the rationale behind couching these events as newsworthy is that the attacks involve publicly traded companies or recognizable brands, and that investors and the public have a right to know. But absent any additional information from the victim company or their partners who may be affected by the attack, these kinds of stories and blog posts look a great deal like ambulance chasing and sensationalism. Currently, more than a dozen ransomware ...

One of the most-read advice columns on this site is a 2018 piece called “Plant Your Flag, Mark Your Territory,” which tried to impress upon readers the importance of creating accounts at websites like those at the Social Security Administration, the IRS and others before crooks do it for you. A key concept here is that these services only allow one account per Social Security number — which for better or worse is the de facto national identifier in the United States. But KrebsOnSecurity recently discovered that this is not the case with all federal government sites built to help you manage your identity online. A reader who was recently the victim of unemployment insurance fraud said he was told he should create an account at the Department of Homeland Security‘s myE-Verify...

Data Viper, a security startup that provides access to some 15 billion usernames, passwords and other information exposed in more than 8,000 website breaches, has itself been hacked and its user database posted online. The hackers also claim they are selling on the dark web roughly 2 billion records Data Viper collated from numerous breaches and data leaks, including data from several companies that likely either do not know they have been hacked or have not yet publicly disclosed an intrusion. The apparent breach at St. Louis, Mo. based Data Viper offers a cautionary and twisted tale of what can happen when security researchers seeking to gather intelligence about illegal activity online get too close to their prey or lose sight of their purported mission. The incident als...

Microsoft today released updates to plug a whopping 123 security holes in Windows and related software, including fixes for a critical, “wormable” flaw in Windows Server versions that Microsoft says is likely to be exploited soon. While this particular weakness mainly affects enterprises, July’s care package from Redmond has a little something for everyone. So if you’re a Windows (ab)user, it’s time once again to back up and patch up (preferably in that order). Top of the heap this month in terms of outright scariness is CVE-2020-1350, which concerns a remotely exploitable bug in more or less all versions of Windows Server that attackers could use to install malicious software simply by sending a specially crafted DNS request. Microsoft said it is not aware of reports tha...

Twitter was thrown into chaos on Wednesday after accounts for some of the world’s most recognizable public figures, executives and celebrities starting tweeting out links to bitcoin scams. Twitter says the attack happened because someone tricked or coerced an employee into providing access to internal Twitter administrative tools. This post is an attempt to lay out some of the timeline of the attack, and point to clues about who may have been behind it. The first public signs of the intrusion came around 3 PM EDT, when the Twitter account for the cryptocurrency exchange Binance tweeted a message saying it had partnered with “CryptoForHealth” to give back 5000 bitcoin to the community, with a link where people could donate or send money. Minutes after that, similar tweets ...