Loading...

Follow CSO Online Salted Hash-Top security news on Feedspot

Continue with Google
Continue with Facebook
or

Valid

After being contacted by Salted Hash about a possible data breach, Gwinnett Medical Center(GMC), a not-for-profit network of healthcare providers in Gwinnett County, Georgia, has confirmed they're investigating what they're calling an IT incident.

Salted Hash first became aware of a possible data breach at GMC late last week, but the exact details surrounding the incident were not immediately available.

What we learned was that on Saturday (Sept. 29), IT staff at GMC Lawrenceville became aware of an incident involving several hundred patient records at the least. Immediately following the discovery, the alleged attackers sent threats.

Sometime later, an agent from the local FBI field office arrived and offered to assist, but it isn't clear if the FBI knew something was wrong, or if the law enforcement agency was called in after the threats were made.

To read this article in full, please click here

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

On Friday, Facebook’s VP of product management Guy Rosen, coordinating with a Facebook post by founder Mark Zuckerberg, said the company discovered someone had abused access tokens for 50 million users on Tuesday afternoon.

[Note: This story was updated on October 12, with new information concerning the number of accounts impacted]

While the impacted accounts only represent a small fraction of the billions of monthly active users worldwide, the incident is still significant, as the abused tokens enable full access to a person's account.

To read this article in full, please click here

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Here's an interesting, if not outright comical, story for those of you just coming back to work after a long Labor Day weekend. Scammers are pretending to be a well-known CNN anchor and offering serious cash to anyone looking to be a security commentator on air.

Earlier this afternoon, Salted Hash was contacted by a trusted source who shared a screenshot of a recent text conversation a friend and fellow security professional had.

The potential victim in this story did not want their name or organization referenced on the record.

The person responsible for the text messages pretends to be CNN's Wolf Blitzer, and offers security professionals $300,000 yearly to come on to "The Situation Room with Wolf Blitzer" and act as security commentators. All the victim needs to do is pay $3,000 via Western Union to get security clearance and approval.

To read this article in full, please click here

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

On Monday, the Energy and Commerce Committee sent letters to MITRE Corporation and the Department of Homeland Security (DHS), recommending some needed changes to the troubled CVE program.

Bottlenecks, coverage gaps, and frustration:

In 1999, MITRE created the CVE database as a means of standardizing the naming convention of disclosed vulnerabilities. However, as Salted Hash reported in 2016, the program has faced several problems, including coverage gaps and bottlenecks.

To read this article in full, please click here

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

The Mirai botnet hasn't gone away, you don't hear about it much, but the code has been constantly updated and maintained. Recently, Symantec's Dinesh Venkatesan discovered a command and control (C&C) server hosting various types of malware, each one targeted for a specific platform.

In October of 2016, the Mirai botnet was used in attacks against Dyn Inc., knocking out internet service to most of the east coast in the United States, but it was later determined to be a variant of Mirai in the Dyn Inc. attack, it wasn't the same set of Mirai bots used to target OVH and Brian Krebs the month prior.

To read this article in full, please click here

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

This week on Salted Hash we’re joined by Lookout’s Jeremy Richards, who manages the @PhishingAI account on Twitter, as well as a good friend and fellow reporter from Ars Technica.

All this week, while we’re on location in Las Vegas, Salted Hash has been discussing phishing and the impact it has had on the public. Today, we’re getting an insider view on how @PhishingAI operates, and learning about a recent phishing campaign targeting Apple users.

To read this article in full, please click here

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Today on Salted Hash, we're going to look at a phishing attack that targeted me directly. It's got a few interesting elements, including a weak attempt to spoof an HTTPS connection, and a sort of hybrid lure, which starts as Dropbox but ends at Microsoft Office.

Top targets

Microsoft is a popular target with criminals, especially when it comes to phishing. If a criminal can compromise your Microsoft Office account, they have a good deal of leverage over your professional life, and it gets worse if your Microsoft Office password is used on other services (it happens, and criminals do check for this).

Email security vendor Vade Secure recently published a list of the top brands spoofed by phishing attacks, and Microsoft topped the list. This is notable because PayPal is usually in the top spot. According to Vade Secure's list, Microsoft held the number one position by more than 40 percent. PayPal drops to second, followed by Facebook, Netflix, Wells Fargo, Bank of America, DocuSign, Dropbox, DHL, and Apple to round out the top ten.

To read this article in full, please click here

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Today's post is a bit different, personal really. Over the last few months, I've attempted to learn something new, and I selected Python to be that thing. It's a slow process.

So, what's my point? Well, here lately I've released a number of videos where I show phishing kits from the victim's, as well as the administrator's perspective.

They're a useful awareness guide, and for some administrators, an interesting look into the kit's operation. I've gotten some really solid feedback on them, and I plan to keep doing them.

However, something was missing. In each video, I've stated how important it is for administrators to detect these kits as quickly as possible.

To read this article in full, please click here

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Reddit, one of the largest websites on the internet, announced on Wednesday that someone was able to compromise staff accounts at their cloud and source code hosting providers, leaving backups, source code, and various logs exposed.

As a result, they are notifying some users who maintained accounts on the website prior to 2007, as their accounts were impacted.

In a post on the website, one of Reddit's founding engineers said the incident was discovered on June 19.

Sometime between June 14th and 18th, the attackers were able to compromise staffer accounts on unnamed cloud and source code hosting providers, bypassing what was assumed to be solid defenses using multi-factor authentication (2FA).

To read this article in full, please click here

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

LabCorp, one of the largest clinical labs in the U.S., said the Samsam ransomware attack that forced their systems offline was contained quickly and didn't result in a data breach.

However, in the brief time between detection and mitigation, the ransomware was able to encrypt thousands of systems and several hundred production servers.

The wider public first learned about the LabCorp incident on Monday, when the company disclosed it via an 8-K filing with the SEC. Since then, as recovery efforts continue, the company said they're at about 90-percent operational capacity.

To read this article in full, please click here

Read for later

Articles marked as Favorite are saved for later viewing.
close
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Separate tags by commas
To access this feature, please upgrade your account.
Start your free month
Free Preview