Gwinnett Medical Center investigating possible data breach
CSO Online
by Steve Ragan
2y ago
After being contacted by Salted Hash about a possible data breach, Gwinnett Medical Center(GMC), a not-for-profit network of healthcare providers in Gwinnett County, Georgia, has confirmed they're investigating what they're calling an IT incident. Salted Hash first became aware of a possible data breach at GMC late last week, but the exact details surrounding the incident were not immediately available. What we learned was that on Saturday (Sept. 29), IT staff at GMC Lawrenceville became aware of an incident involving several hundred patient records at the least. Immediately following the disc ..read more
Visit website
Facebook: 30 million accounts impacted by security flaw (updated)
CSO Online
by Steve Ragan
2y ago
On Friday, Facebook’s VP of product management Guy Rosen, coordinating with a Facebook post by founder Mark Zuckerberg, said the company discovered someone had abused access tokens for 50 million users on Tuesday afternoon. [Note: This story was updated on October 12, with new information concerning the number of accounts impacted] While the impacted accounts only represent a small fraction of the billions of monthly active users worldwide, the incident is still significant, as the abused tokens enable full access to a person's account. To read this article in full, please click here ..read more
Visit website
Scammers pose as CNN's Wolf Blitzer, target security professionals
CSO Online
by Steve Ragan
2y ago
Here's an interesting, if not outright comical, story for those of you just coming back to work after a long Labor Day weekend. Scammers are pretending to be a well-known CNN anchor and offering serious cash to anyone looking to be a security commentator on air. Earlier this afternoon, Salted Hash was contacted by a trusted source who shared a screenshot of a recent text conversation a friend and fellow security professional had. The potential victim in this story did not want their name or organization referenced on the record. The person responsible for the text messages pretends to be CNN's ..read more
Visit website
Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding
CSO Online
by Steve Ragan
2y ago
On Monday, the Energy and Commerce Committee sent letters to MITRE Corporation and the Department of Homeland Security (DHS), recommending some needed changes to the troubled CVE program. Bottlenecks, coverage gaps, and frustration: In 1999, MITRE created the CVE database as a means of standardizing the naming convention of disclosed vulnerabilities. However, as Salted Hash reported in 2016, the program has faced several problems, including coverage gaps and bottlenecks. To read this article in full, please click here ..read more
Visit website
Mirai leveraging Aboriginal Linux to target multiple platforms
CSO Online
by Steve Ragan
2y ago
The Mirai botnet hasn't gone away, you don't hear about it much, but the code has been constantly updated and maintained. Recently, Symantec's Dinesh Venkatesan discovered a command and control (C&C) server hosting various types of malware, each one targeted for a specific platform. In October of 2016, the Mirai botnet was used in attacks against Dyn Inc., knocking out internet service to most of the east coast in the United States, but it was later determined to be a variant of Mirai in the Dyn Inc. attack, it wasn't the same set of Mirai bots used to target OVH and Brian Krebs the month ..read more
Visit website
Talking phishing campaigns with @PhishingAI's Jeremy Richards | Salted Hash, Ep. 42
CSO Online
by Steve Ragan
2y ago
This week on Salted Hash we’re joined by Lookout’s Jeremy Richards, who manages the @PhishingAI account on Twitter, as well as a good friend and fellow reporter from Ars Technica. All this week, while we’re on location in Las Vegas, Salted Hash has been discussing phishing and the impact it has had on the public. Today, we’re getting an insider view on how @PhishingAI operates, and learning about a recent phishing campaign targeting Apple users. To read this article in full, please click here ..read more
Visit website
Inside Dropbox and Microsoft Office phishing attacks | Salted Hash, Ep. SC03
CSO Online
by Steve Ragan
2y ago
Today on Salted Hash, we're going to look at a phishing attack that targeted me directly. It's got a few interesting elements, including a weak attempt to spoof an HTTPS connection, and a sort of hybrid lure, which starts as Dropbox but ends at Microsoft Office. Top targets Microsoft is a popular target with criminals, especially when it comes to phishing. If a criminal can compromise your Microsoft Office account, they have a good deal of leverage over your professional life, and it gets worse if your Microsoft Office password is used on other services (it happens, and criminals do check for ..read more
Visit website
Introducing Kit Hunter, a phishing kit detection script | Salted Hash, Ep. 40
CSO Online
by Steve Ragan
2y ago
Today's post is a bit different, personal really. Over the last few months, I've attempted to learn something new, and I selected Python to be that thing. It's a slow process. So, what's my point? Well, here lately I've released a number of videos where I show phishing kits from the victim's, as well as the administrator's perspective. They're a useful awareness guide, and for some administrators, an interesting look into the kit's operation. I've gotten some really solid feedback on them, and I plan to keep doing them. However, something was missing. In each video, I've stated how important i ..read more
Visit website
Reddit discloses hack, says SMS intercept allowed attackers to skirt 2FA protections
CSO Online
by Steve Ragan
2y ago
Reddit, one of the largest websites on the internet, announced on Wednesday that someone was able to compromise staff accounts at their cloud and source code hosting providers, leaving backups, source code, and various logs exposed. As a result, they are notifying some users who maintained accounts on the website prior to 2007, as their accounts were impacted. In a post on the website, one of Reddit's founding engineers said the incident was discovered on June 19. Sometime between June 14th and 18th, the attackers were able to compromise staffer accounts on unnamed cloud and source code hostin ..read more
Visit website
Samsam infected thousands of LabCorp systems via brute force RDP
CSO Online
by Steve Ragan
2y ago
LabCorp, one of the largest clinical labs in the U.S., said the Samsam ransomware attack that forced their systems offline was contained quickly and didn't result in a data breach. However, in the brief time between detection and mitigation, the ransomware was able to encrypt thousands of systems and several hundred production servers. The wider public first learned about the LabCorp incident on Monday, when the company disclosed it via an 8-K filing with the SEC. Since then, as recovery efforts continue, the company said they're at about 90-percent operational capacity. To read this article i ..read more
Visit website

Follow CSO Online on Feedspot

Continue with Google
OR