Skip to content
DIA uses purchased phone location data without warrantsThe Defense Intelligence Agency has been using smartphone location data purchased from commercially available databases, according to an intelligence memo obtained by CyberScoop. The DIA, which primarily provides intelligence to support U.S. military operations, has been gathering the location data on both Americans and non-U.S. citizens dating back two-and-a-half years, according to the memo, which…
Russian man tied to illicit hosting service Deer.io pleads guiltyA Russian computer security researcher has pleaded guilty to hacking-related charges in connection with U.S. law enforcement action against an internet marketplace where buyers purchased access to stolen personal data. Kirill Firsov, a Russian national, acknowledged his involvement with Deer.io, an illicit web hosting service that enabled scammers to operate independent web stores where they…
Home security technician pleads guilty to spying on women, couplesA former ADT home security technician pleaded guilty on Thursday to logging into customers’ video feeds to watch naked women and couples having sex. Telesfloro Aviles faces up to five years in prison. Aviles’ Dallas-area snooping stretched over nearly five years and involved him accessing approximately 200 customer accounts more than 9,600 times, he admitted.…
White House plans to select Rob Silvers, a Mayorkas ally, to lead DHS's cyber outfitThe Biden administration plans to select Rob Silvers, a lawyer and former Department of Homeland Security official, to run the federal agency in charge of election security and stopping hacking threats to government networks, according to two people familiar with the matter. The choice of Silvers, who is close with Homeland Security secretary nominee Alejandro…
Intel says financial graphic was 'hacked,' forcing early release of 2020 reportEven the leak of a single infographic can be a big deal for a major corporation. Intel Corp. had to act fast Thursday afternoon when it discovered that an infographic from its unpublished quarterly report had been circulating outside the company. As a result, the chipmaker posted those fourth quarter 2020 financial results a few…
Rep. Maloney seeks FBI probe of Parler's role in Capitol attackThe House Oversight and Reform Committee on Thursday asked the FBI to investigate Parler’s role in the storming of the Capitol earlier this month, and its possible ties to Russia. The committee chair, Rep. Carolyn Maloney, D-NY, also requested that FBI Director Christopher Wray order an investigation into the social media application’s financing, according to…
Biden orders US intelligence review of SolarWinds hackPresident Joe Biden is ordering U.S. intelligence agencies to provide him with an assessment of a suspected Russian hacking operation that breached multiple U.S. federal agencies and exposed glaring weaknesses in U.S. cyber-defenses, the White House said Thursday. The move highlights how responding to the sophisticated spying operation, which has exploited software made by federal…
A phishing campaign's collateral damage: Stolen passwords were publicly searchableA phishing campaign that targeted multiple industrial sectors in 2020 was messier than the average cybercrime operation. The perpetrators stole more than a thousand sets of credentials from corporate employees and then accidentally exposed that data on the public internet, according to a blog post from cybersecurity firm Check Point. The attackers made a “simple…
Social engineering gains momentum with cyber criminalsPublic healthcare organizations are increasingly targeted by cyberattacks, prompting security strategies that focus more on people, says IT security expert. The post Social engineering gains momentum with cyber criminals appeared first on CyberScoop.
Microsoft details how SolarWinds hackers hid their espionageAttackers behind an espionage campaign that exploited software built by the federal contractor SolarWinds separated their most prized hacking tool from other malicious code on victim networks to avoid detection, Microsoft said Wednesday. The findings make clear that, while the hackers have relied on a variety of tools in their spying, the tampered SolarWinds software…
CreativeMinds WordPress Plugin Curated RSS Aggregator
Microsoft Edge, Google Chrome Roll Out Password Protection ToolsThe new tools on Chrome and Edge will make it easier for browser users to discover - and change - compromised passwords.
Amazon Kindle RCE Attack Starts with an EmailThe "KindleDrip" attack would have allowed attackers to siphon money from unsuspecting victims.
ADT Tech Hacks Home-Security Cameras to Spy on WomenA former ADT employee pleads guilty of accessing customers’ cameras so he could spy on them.
Discord-Stealing Malware Invades npm PackagesThe CursedGrabber malware has infiltrated the open-source software code repository.
Ransomware Attackers Publish 4K Private Scottish Gov Agency FilesUp to 4,000 stolen files have been released by hackers who launched a ransomware attack against the Scottish Environmental Protection Agency on Christmas Eve.
Threat Actors Can Exploit Windows RDP Servers to Amplify DDoS AttacksNetscout researchers identify more than 14,000 existing servers that can be abused by ‘the general attack population’ to flood organizations’ networks with traffic.
Einstein Healthcare Network Announces August BreachEinstein is in violation of the the HHS 60-day breach notification rule, but unlikely to face penalty.
SQL Server Malware Tied to Iranian Software Firm, Researchers AllegeResearchers have traced the origins of a campaign - infecting SQL servers to mine cryptocurrency - back to an Iranian software firm.
Google Forms Set Baseline For Widespread BEC AttacksResearchers warn that attackers are collecting reconnaissance for future business email compromise attacks using Google Forms.
Google Searches Expose Stolen Corporate CredentialsA phishing campaign spoofs Xerox notifications to lure victims into clicking on malicious HTML attachments.
Critical Cisco SD-WAN Bugs Allow RCE AttacksCisco is stoppering critical holes in its SD-WAN solutions and its smart software manager satellite.
NVIDIA Gamers Face DoS, Data Loss from Shield TV BugsThe company also issued patches for Tesla-based GPUs as part of an updated, separate security advisory.
Malwarebytes Hit by SolarWinds AttackersThe attack vector was not the Orion platform but rather an email-protection application for Microsoft 365.
Investment Scammers Prey on Dating App Users, Interpol WarnsUsers of dating apps - like Tinder, Match and Bumble - should be on the lookout for investment-fraud scammers.
Google Research Pinpoints Security Soft Spot in Multiple Chat PlatformsMystery of spying using popular chat apps uncovered by Google Project Zero researcher.